6f51bb183643e1f1880a4a18d841358e32a850c0bd73a4b7e94b8059dd45792d

Sharing

Copy URL Twitter E-mail

General

Target

6f51bb183643e1f1880a4a18d841358e32a850c0bd73a4b7e94b8059dd45792d
Size

3.0MB
MD5

5eb402190eef8890d9ffefb95a882504
SHA1

62e8bb87f66e15584fc23593045fd5124168ed33
SHA256

6f51bb183643e1f1880a4a18d841358e32a850c0bd73a4b7e94b8059dd45792d
SHA512

92e49d3b2fc2391c612f35e245c2d3a23b1d8bbca958aa55a2552c97ac5795a39051d2b8b603f6644cb0caa02103251abe6a6b433e2f5f96a6b3e8f2a9145978
SSDEEP

49152:Cz2OXalf2lWaiGE1UYjfD2I1OvsEZjRbwdalrGlVNuN89:C6bdHfX1bda4v9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6f51bb183643e1f1880a4a18d841358e32a850c0bd73a4b7e94b8059dd45792d

Files

6f51bb183643e1f1880a4a18d841358e32a850c0bd73a4b7e94b8059dd45792d
.exe windows:6 windows x86 arch:x86

c30cde30fec253cc0a148d694e88f09a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Program Files\Illustrate\dBpoweramp\Asset-UPnP.pdb

Imports

ws2_32

shutdown
WSASetLastError
setsockopt
ioctlsocket
freeaddrinfo
htons
htonl
getsockopt
recv
connect
ntohs
socket
send
gethostbyaddr
getsockname
inet_addr
getpeername
WSAIoctl
WSAStartup
recvfrom
sendto
WSACleanup
__WSAFDIsSet
accept
bind
WSAGetLastError
closesocket
gethostbyname
select
ntohl
listen
WSASocketW
getaddrinfo

msacm32

acmStreamUnprepareHeader
acmStreamConvert
acmStreamSize
acmStreamClose
acmStreamPrepareHeader
acmStreamOpen

comctl32

ord15
InitCommonControlsEx
ord14

kernel32

DeleteFileW
MoveFileExW
GetTickCount
GetDriveTypeW
FindFirstFileW
FindNextFileW
FindClose
OutputDebugStringW
InitializeCriticalSectionAndSpinCount
InitializeCriticalSection
CreateMutexW
ReleaseMutex
MultiByteToWideChar
WideCharToMultiByte
GetModuleHandleExW
GetProcAddress
GetCommandLineW
GetModuleFileNameW
GlobalAlloc
GlobalFree
GetModuleHandleW
CompareFileTime
FileTimeToSystemTime
GetLocalTime
GetTimeFormatW
SystemTimeToFileTime
GetSystemTime
GetDateFormatW
GetLocaleInfoW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
QueryPerformanceCounter
TerminateProcess
GetTempPathW
InitializeCriticalSectionEx
GetSystemDirectoryW
RaiseException
DecodePointer
GetWindowsDirectoryW
CreateProcessW
GetFileSizeEx
GetStdHandle
SetThreadPriority
GetCurrentThreadId
ResumeThread
GetFileInformationByHandle
FormatMessageW
GetTickCount64
GetFileAttributesExW
GetCurrentThread
CreateDirectoryW
SetFilePointerEx
GetSystemTimeAsFileTime
IsDebuggerPresent
MapViewOfFile
SuspendThread
ExitProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
LoadLibraryW
FreeLibrary
GetComputerNameW
SizeofResource
FreeResource
LockResource
LoadResource
FindResourceW
SetPriorityClass
SetThreadExecutionState
AreFileApisANSI
TryEnterCriticalSection
HeapCreate
HeapFree
GetFullPathNameW
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
GetFullPathNameA
UnlockFileEx
HeapValidate
HeapSize
GetTempPathA
GetDiskFreeSpaceA
GetFileAttributesA
FlushViewOfFile
CreateFileA
LoadLibraryA
WaitForSingleObjectEx
DeleteFileA
HeapReAlloc
GetSystemInfo
HeapAlloc
HeapCompact
HeapDestroy
UnlockFile
LocalFree
LockFileEx
GetProcessHeap
FormatMessageA
lstrlenW
TlsAlloc
GetExitCodeThread
SwitchToThread
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
CreateThread
ExitThread
GetThreadPriority
LoadLibraryExW
CreateFileMappingW
GetCurrentProcessId
GetFileSize
Sleep
SetFileAttributesW
UnmapViewOfFile
GetFileAttributesW
CreateFileW
SetEndOfFile
SetFilePointer
WriteFile
ReadFile
ResetEvent
FreeLibraryAndExitThread
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
WriteConsoleW
CompareStringW
LCMapStringW
GetConsoleMode
ReadConsoleW
GetConsoleOutputCP
GetCurrentDirectoryW
SetStdHandle
CloseHandle
SetEvent
GetLastError
CreateEventW
DuplicateHandle
WaitForSingleObject
WaitForMultipleObjects
GetCurrentProcess
SetLastError
TlsGetValue
TlsSetValue
TlsFree
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
EncodePointer
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetStringTypeW
CreateTimerQueue
SignalObjectAndWait
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
GetModuleHandleA
GetVersionExW
VirtualAlloc
VirtualProtect
VirtualFree
ReleaseSemaphore
InterlockedPopEntrySList
QueryDepthSList
UnregisterWaitEx
FlushFileBuffers
VirtualQuery

user32

SetWindowPos
CreateWindowExW
ScreenToClient
SetWindowTextW
MessageBeep
WindowFromPoint
VkKeyScanW
DestroyWindow
GetWindowRect
GetWindow
PostMessageW
GetWindowLongW
DestroyCursor
RegisterClassExW
IsChild
SetFocus
SetWindowLongW
GetClientRect
GetParent
InvalidateRect
GetCursorPos
GetWindowTextLengthW
GetDesktopWindow
GetWindowTextW
SendMessageW
UnregisterClassW
GetIconInfo
DestroyIcon
DrawIconEx
FrameRect
DrawFocusRect
TabbedTextOutW
DrawTextW
KillTimer
LoadIconW
SetClassLongW
ShowWindow
GetDC
FillRect
LoadImageW
ReleaseDC
GetMessageW
IsWindow
DispatchMessageW
PeekMessageW
TranslateMessage
MessageBoxW
CallWindowProcW
DefWindowProcW
GetSysColor

gdi32

GetEnhMetaFileHeader
SetEnhMetaFileBits
DeleteEnhMetaFile
RealizePalette
SetWinMetaFileBits
GetEnhMetaFilePaletteEntries
SelectPalette
CreatePalette
SetBkColor
LineTo
Rectangle
MoveToEx
RoundRect
DeleteObject
GetObjectW
DeleteDC
GetDeviceCaps
GetDIBits
CreateCompatibleDC
SelectObject
CreateCompatibleBitmap
BitBlt
ExtTextOutW
CreateFontIndirectW
GetTextColor
CreatePen
SetBkMode
SetTextColor
GetTextExtentPoint32W
GetStockObject
PlayEnhMetaFile
GetBkMode
CreateBrushIndirect

advapi32

RegCreateKeyExW
RegQueryValueExW
RegCloseKey
RegSetValueExW
RegDeleteValueW

shell32

ShellExecuteW
SHGetSpecialFolderLocation
SHGetMalloc
SHGetPathFromIDListW
DuplicateIcon
ExtractIconW

ole32

CoCreateGuid

msimg32

GradientFill

gdiplus

GdiplusStartup
GdiplusShutdown
GdipCloneImage
GdipCreateBitmapFromStream
GdipFree
GdipCreateHBITMAPFromBitmap
GdipAlloc
GdipDisposeImage

shlwapi

ord12

crypt32

CertGetCertificateChain
CertFreeCertificateContext
CertVerifyTimeValidity
CertVerifyRevocation
CertCloseStore
CertFreeCertificateChain
CertVerifyCertificateChainPolicy

secur32

FreeContextBuffer
EncryptMessage
AcceptSecurityContext
DeleteSecurityContext
QueryContextAttributesW
AcquireCredentialsHandleW
FreeCredentialsHandle
DecryptMessage
InitializeSecurityContextW

dbghelp

MiniDumpWriteDump

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 508KB - Virtual size: 507KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 87KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c30cde30fec253cc0a148d694e88f09a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

msacm32

comctl32

kernel32

user32

gdi32

advapi32

shell32

ole32

msimg32

gdiplus

shlwapi

crypt32

secur32

dbghelp

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 508KB - Virtual size: 507KB

.data Size: 87KB - Virtual size: 102KB

_RDATA Size: 512B - Virtual size: 32B

.rsrc Size: 13KB - Virtual size: 13KB

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 508KB - Virtual size: 507KB

.data
Size: 87KB - Virtual size: 102KB

_RDATA
Size: 512B - Virtual size: 32B

.rsrc
Size: 13KB - Virtual size: 13KB