61e6d9606123422584674d2b008aa06cf5ee1c7157167ceb2f17a798f23f3d0e

Sharing

Copy URL

Twitter E-mail

General

Target

61e6d9606123422584674d2b008aa06cf5ee1c7157167ceb2f17a798f23f3d0e
Size

170KB
MD5

e5e1b3df953f6395e2f2bf007ef56ae1
SHA1

aef5d4b1014fb4c5c9129e3ce356632d993d3e5b
SHA256

61e6d9606123422584674d2b008aa06cf5ee1c7157167ceb2f17a798f23f3d0e
SHA512

a1614492c74d32c75351471afa1ba4b71058f5eb6ebdbe5303e9bbedd1da54ad4c36083a03b2a395ce6f8cb51dc3da1d34d246d7b5df3d412fb94373f361f5a7
SSDEEP

3072:FJpOm5axh63laEo+pXX1pQD2UCohD8mxLCj+5cmeDye42L712xrpdJ8xLeb7UL:bAm5oh63laEo+pXX1pkF8mxeq5+4m71f

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
61e6d9606123422584674d2b008aa06cf5ee1c7157167ceb2f17a798f23f3d0e

Files

61e6d9606123422584674d2b008aa06cf5ee1c7157167ceb2f17a798f23f3d0e
.exe windows:5 windows x86 arch:x86

ad8cfaedfc9fbc8b4528ded802c9cbd0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteFile
ReadFile
CreateMailslotA
SetEvent
CreateEventA
GetCurrentProcessId
GlobalLock
GlobalUnlock
LoadLibraryA
GetLogicalDrives
GetDiskFreeSpaceExA
CompareStringW
GetStringTypeW
HeapSize
GetTimeZoneInformation
GetProcessHeap
SetEndOfFile
FlushFileBuffers
WriteConsoleW
IsProcessorFeaturePresent
SetStdHandle
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
CreatePipe
GetFileAttributesA
LCMapStringW
CreateFileA
GetOEMCP
GetACP
GetComputerNameA
GetFileTime
GetDriveTypeA
SetFileTime
GetTickCount
OpenFile
IsDebuggerPresent
GetSystemTime
GetLocalTime
LocalFree
GetVersionExA
GetModuleHandleA
GlobalMemoryStatusEx
GlobalFree
GetProcAddress
GetLastError
GlobalAlloc
GetCurrentProcess
CreateThread
CreateToolhelp32Snapshot
GetModuleFileNameA
Process32Next
TerminateProcess
CreateProcessA
TerminateThread
OpenProcess
WaitForSingleObject
Process32First
SetErrorMode
EndUpdateResourceA
EnumResourceNamesA
LoadLibraryExA
BeginUpdateResourceA
LockResource
GetBinaryTypeA
UpdateResourceA
LoadResource
FreeLibrary
FreeResource
FindResourceA
OpenFileMappingA
CloseHandle
UnmapViewOfFile
MapViewOfFile
GetCPInfo
LoadLibraryW
CreateFileW
InterlockedDecrement
GetCurrentThreadId
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetModuleFileNameW
HeapCreate
GetCurrentDirectoryW
PeekNamedPipe
GetFileInformationByHandle
SetFilePointer
DeleteCriticalSection
GetFileType
GetStdHandle
SetHandleCount
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
IsValidCodePage
SetFileAttributesA
RtlUnwind
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
EncodePointer
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
HeapSetInformation
GetCommandLineA
DuplicateHandle
GetFullPathNameA
GetDriveTypeW
SetCurrentDirectoryA
GetCurrentDirectoryA
SetEnvironmentVariableA
CreateDirectoryA
GetSystemTimeAsFileTime
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileExA
HeapFree
HeapAlloc
HeapReAlloc
DeleteFileA
GetModuleHandleW
ExitProcess
DecodePointer
Sleep
MultiByteToWideChar
FindNextFileA

user32

GetWindowThreadProcessId
GetKeyboardLayout
GetWindowTextA
GetForegroundWindow
CallNextHookEx
GetKeyState
UnhookWindowsHookEx
DispatchMessageA
SetWindowsHookExA
EmptyClipboard
CloseClipboard
ReleaseDC
GetDC
MessageBoxA
IsWindowVisible
TranslateMessage
GetDesktopWindow
EnumWindows
GetWindowRect
SetClipboardData
OpenClipboard
GetMessageA
GetClipboardData

gdi32

CreateCompatibleBitmap
CreateDIBSection
BitBlt
DeleteDC
DeleteObject
SelectObject
CreateCompatibleDC

advapi32

FreeSid
RegEnumKeyA
RegOpenKeyA
LookupAccountSidW
ConvertStringSidToSidA
OpenSCManagerA
StartServiceA
CreateServiceA
ChangeServiceConfig2A
DeleteService
CloseServiceHandle
OpenServiceA
SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
CryptHashData
CryptDestroyHash
CryptCreateHash
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CheckTokenMembership
SetSecurityDescriptorDacl
AllocateAndInitializeSid
GetTokenInformation
ConvertSidToStringSidA
OpenProcessToken
RegCloseKey
RegDeleteValueA
RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExA
RegSetValueExA
ConvertStringSecurityDescriptorToSecurityDescriptorA
SetKernelObjectSecurity
InitializeSecurityDescriptor

shell32

ShellExecuteA

ole32

CoTaskMemFree
CoUninitialize
CoCreateInstance
CoInitializeEx

oleaut32

VariantClear
VariantInit

shlwapi

SHDeleteKeyA

wininet

InternetReadFile
HttpOpenRequestA
InternetGetConnectedState
HttpSendRequestA
InternetOpenA
InternetCloseHandle
InternetConnectA

winmm

mciSendStringA

wsock32

recv
htons
WSAStartup
connect
send
gethostbyname
closesocket
socket

iphlpapi

GetAdaptersInfo

gdiplus

GdiplusStartup
GdipSaveImageToFile
GdiplusShutdown
GdipGetImageEncodersSize
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdipGetImageEncoders

mpr

WNetCloseEnum
WNetOpenEnumA
WNetEnumResourceA

netapi32

NetUserAdd
NetLocalGroupAddMembers

Sections

.text
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ad8cfaedfc9fbc8b4528ded802c9cbd0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

wininet

winmm

wsock32

iphlpapi

gdiplus

mpr

netapi32

Sections

.text Size: 127KB - Virtual size: 126KB

.rdata Size: 27KB - Virtual size: 26KB

.data Size: 4KB - Virtual size: 14KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 10KB - Virtual size: 10KB

.text
Size: 127KB - Virtual size: 126KB

.rdata
Size: 27KB - Virtual size: 26KB

.data
Size: 4KB - Virtual size: 14KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 10KB - Virtual size: 10KB