6ea6ac95178c1ade7659b969722f3410da9105a8b9a43c45905415c292d32925

Sharing

Copy URL Twitter E-mail

General

Target

6ea6ac95178c1ade7659b969722f3410da9105a8b9a43c45905415c292d32925
Size

280KB
MD5

153b8894e185641e9b37dab3419fc817
SHA1

a69d0c565a60360f874fa0baa9d49d347e39d0b8
SHA256

6ea6ac95178c1ade7659b969722f3410da9105a8b9a43c45905415c292d32925
SHA512

340bfcb08e927191513b54b6405597f906b8fb6a15abfba9707f4271c78628f2d5312f82597335bfff41b0911cfd751d912b7aab3e5087cdf0587e27bc45d24f
SSDEEP

3072:Z8iR6Y8mPrjYEt1mrpl5Enkj63yf5PNKC2b6rhc79cVnPoxOOAs/pYvOocxY5HKq:ZVFYy1mrp7QAZCxjmv7WYIvCrp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6ea6ac95178c1ade7659b969722f3410da9105a8b9a43c45905415c292d32925

Files

6ea6ac95178c1ade7659b969722f3410da9105a8b9a43c45905415c292d32925
.exe windows:4 windows x86 arch:x86

4d3159874e340d710a937748d2f34a92

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord2645
ord2818
ord939
ord941
ord4274
ord2554
ord2512
ord5731
ord6375
ord1089
ord4486
ord3922
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5199
ord5714
ord4622
ord3738
ord561
ord2396
ord5289
ord1134
ord3522
ord6117
ord2370
ord3573
ord809
ord818
ord3521
ord556
ord2135
ord6402
ord924
ord6197
ord6380
ord2086
ord535
ord815
ord858
ord4278
ord5683
ord4284
ord1233
ord1087
ord2122
ord2863
ord2527
ord2621
ord6403
ord2860
ord5953
ord4123
ord3499
ord2515
ord355
ord940
ord922
ord3337
ord3811
ord665
ord1979
ord6385
ord5186
ord354
ord923
ord3318
ord5442
ord6199
ord795
ord6378
ord3797
ord3870
ord6195
ord3571
ord2821
ord1641
ord2859
ord5811
ord5482
ord2032
ord4447
ord4335
ord4160
ord4975
ord967
ord3717
ord3721
ord2358
ord2298
ord3097
ord2513
ord293
ord2289
ord609
ord692
ord783
ord3597
ord4425
ord4627
ord4080
ord482
ord2714
ord823
ord3078
ord1640
ord6021
ord5981
ord2817
ord4476
ord2753
ord2754
ord6453
ord860
ord540
ord6157
ord6170
ord4299
ord5787
ord800
ord5875
ord537
ord4297
ord3663
ord5788
ord3693
ord4133
ord3626
ord6880
ord283
ord4779
ord3574
ord1576
ord4424
ord3402
ord4441
ord5290
ord4396
ord3079
ord1776
ord6055
ord2575
ord3639
ord4401
ord2581
ord4219
ord2024
ord2413
ord6366
ord1771
ord3825
ord3831
ord3830
ord3711
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4837
ord3798
ord5280
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord2514
ord4998
ord4853
ord5308
ord5785
ord1792
ord4022
ord3874
ord6241
ord4275
ord1795
ord2864
ord1200
ord5710
ord4129
ord2763
ord6877
ord6929
ord6663
ord4202
ord2764
ord1638
ord523
ord791
ord1639
ord1995
ord4411
ord5797
ord5479
ord1247
ord2449
ord1768
ord656
ord926
ord1949
ord6094
ord4034
ord3742
ord3054
ord3425
ord3880
ord3810
ord613
ord289
ord3873
ord5789
ord6172
ord2614
ord6282
ord3610
ord1199
ord5873
ord3706
ord2405
ord2414
ord470
ord2379
ord755
ord6334
ord4710
ord3092
ord6605
ord2642
ord1175
ord6215
ord4234
ord2302
ord2362
ord2294
ord2301
ord825
ord324
ord323
ord567
ord1168
ord1146
ord641
ord640
ord5265
ord4376
ord4863
ord3619

msvcrt

_stricmp
_ftol
_strnicmp
_strlwr
_ultoa
isxdigit
isdigit
strstr
strchr
atoi
atol
realloc
_adjust_fdiv
_controlfp
__set_app_type
__p__fmode
__p__commode
_setmbcp
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
?terminate@@YAXXZ
_except_handler3
_onexit
__dllonexit
sscanf
malloc
localtime
asctime
memmove
sprintf
__p___argc
__p___argv
_itoa
__CxxFrameHandler
time
atof
_strdup
free

kernel32

_lread
FindResourceA
LoadResource
LockResource
CreateFileA
GetFileSize
ReadFile
CloseHandle
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
_llseek
_lopen
SizeofResource
GetPrivateProfileStringA
GetVersionExA
LoadLibraryA
FreeLibrary
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
GetProcAddress
GetFileAttributesA
GetStartupInfoA
GetModuleHandleA
Sleep
GetTickCount
lstrcpynA
GetPrivateProfileIntA
IsBadWritePtr
TerminateThread
CreateThread
IsBadReadPtr
IsDBCSLeadByte
ExitProcess
_lclose

user32

DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
GetIconInfo
PtInRect
EnumChildWindows
DestroyCursor
CreateCursor
LoadImageA
IsZoomed
SetActiveWindow
GetActiveWindow
SetWindowRgn
UnionRect
SetRect
GetKeyState
GetCapture
DrawIconEx
GetDesktopWindow
GetFocus
SetCapture
ReleaseCapture
GetParent
ChildWindowFromPointEx
InflateRect
WindowFromDC
LoadBitmapA
SetFocus
ScreenToClient
wsprintfA
SystemParametersInfoA
IsWindowVisible
KillTimer
PostMessageA
UpdateWindow
OffsetRect
SetWindowLongA
IsIconic
DrawIcon
GetUpdateRect
DrawEdge
GetWindowRect
GetSystemMenu
AppendMenuA
SetTimer
RegisterWindowMessageA
EnableWindow
SetCursor
ClientToScreen
GetSysColor
IsWindow
InvalidateRect
GetDC
SetScrollPos
SetScrollRange
LoadCursorA
CopyRect
GetCursorPos
GetClientRect
SendMessageA
LoadIconA
ReleaseDC
GetSystemMetrics
FillRect

gdi32

SelectObject
RealizePalette
SelectPalette
OffsetRgn
RectVisible
TextOutA
DeleteObject
GetObjectA
Rectangle
CreateSolidBrush
StartDocA
GetDeviceCaps
StartPage
EndPage
EndDoc
AbortDoc
GetStockObject
CreateFontA
Ellipse
GetTextMetricsA
CreatePen
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
StretchBlt
CombineRgn
CreateRectRgn
CreateFontIndirectA
SetStretchBltMode
ExtCreateRegion
GetRgnBox
PathToRegion
EndPath
BeginPath
DeleteDC
GetTextExtentPoint32A
CreateDIBSection
CreateBitmap
CreatePalette
CreateDIBitmap

shell32

ShellExecuteA

advapi32

RegSetValueA
RegCloseKey
RegQueryValueExA
RegOpenKeyA
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
GetUserNameA

ole32

CreateStreamOnHGlobal

olepro32

ord251

wsock32

inet_ntoa
getsockname
bind
socket
WSASetLastError
setsockopt
ioctlsocket
htonl
htons
gethostbyname
WSAGetLastError
closesocket
connect

winmm

mciSendStringA
PlaySoundA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 204KB - Virtual size: 204KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4d3159874e340d710a937748d2f34a92

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

shell32

advapi32

ole32

olepro32

wsock32

winmm

version

Sections

.text Size: 204KB - Virtual size: 204KB

.rdata Size: 36KB - Virtual size: 32KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 32KB - Virtual size: 32KB

.text
Size: 204KB - Virtual size: 204KB

.rdata
Size: 36KB - Virtual size: 32KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 32KB - Virtual size: 32KB