6ceeca70159d65d21e04abcade306b056de6362a1490096eb1e89ff80922318f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6ceeca70159d65d21e04abcade306b056de6362a1490096eb1e89ff80922318f
Size

440KB
MD5

e65369636622b4db1216ba51cb936bfe
SHA1

d0ff1143f2001b8b1dfc652e199bcd0f80658323
SHA256

6ceeca70159d65d21e04abcade306b056de6362a1490096eb1e89ff80922318f
SHA512

c8e7338370cdea7671f77dc9757e1ec260509922e54e59c85afd6deeab30f05dd9abd07712f05c20aacf12364a6bfe03e750bda8915760e858e72663f9552c20
SSDEEP

12288:ZY4+MoyDGzyHr7qnNlQIBx5yF5NTXSgkC8:2LMxGmiNlQiyhkC8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6ceeca70159d65d21e04abcade306b056de6362a1490096eb1e89ff80922318f

Files

6ceeca70159d65d21e04abcade306b056de6362a1490096eb1e89ff80922318f
.exe windows:4 windows x86 arch:x86

690b9635afecc9e02dd85ec6df30ef2a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
HeapDestroy
GetModuleFileNameA
WaitForSingleObject
DeleteCriticalSection
LCMapStringW
ResetEvent
HeapReAlloc
EnterCriticalSection
InterlockedExchangeAdd
LeaveCriticalSection
LoadLibraryA
GetProcAddress
GetVersionExA
GetCurrentThread
GetEnvironmentStrings
VirtualAlloc
HeapAlloc
GetModuleHandleW
GetStartupInfoW

advapi32

CryptHashData
RegEnumValueA
CryptReleaseContext
RegEnumKeyExA
RegQueryValueExA
RegQueryValueExW

shlwapi

SHCopyKeyW

msvcrt

__CxxFrameHandler
_exit
_XcptFilter
exit
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
__dllonexit
_onexit

Sections

.text
Size: 428KB - Virtual size: 425KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE