6ad39ea1ee3e8c67ede7368a891b35c1289e37bebd8faa198e37d36b07739b8f

Sharing

Copy URL Twitter E-mail

General

Target

6ad39ea1ee3e8c67ede7368a891b35c1289e37bebd8faa198e37d36b07739b8f
Size

1.8MB
MD5

a2c0d7247d6815ff27c4ea38d63ac4f0
SHA1

a471f0a4eb9cb9378b748cf8c8808a35651a56b4
SHA256

6ad39ea1ee3e8c67ede7368a891b35c1289e37bebd8faa198e37d36b07739b8f
SHA512

0f224d8a8ecaaf200953d64d9f1777da0ce71206ad5091f5df6a4c855065c0a7d45444c7640bffc7cbf726d9de1123f4f7129889b0c9ef02fb3b463ea8083f82
SSDEEP

49152:ZrAF/VkhhBg835STDzsliT6xbXjzfhNU/8+defV:Z4Qht3u3skT6tPIOV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6ad39ea1ee3e8c67ede7368a891b35c1289e37bebd8faa198e37d36b07739b8f

Files

6ad39ea1ee3e8c67ede7368a891b35c1289e37bebd8faa198e37d36b07739b8f
.exe windows:4 windows x86 arch:x86

a3a930308fe5f399ec63b3a5b847e9e6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadProcessMemory
VirtualFree
VirtualQueryEx
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetCommandLineW
CopyFileW
SetFilePointerEx
SetEndOfFile
GetSystemTime
CreateFileW
MultiByteToWideChar
GetLastError
OutputDebugStringW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetSystemTimeAsFileTime
ReadFile
UnmapViewOfFile
CloseHandle
HeapAlloc
WideCharToMultiByte
DecodePointer
HeapSize
WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
FindFirstFileExW
VirtualAlloc
SetStdHandle
GetConsoleCP
FlushFileBuffers
LCMapStringW
CompareStringW
GetStringTypeW
GetACP
SetConsoleCtrlHandler
GetModuleHandleExW
GetCommandLineA
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
FormatMessageW
InitializeCriticalSectionAndSpinCount
EncodePointer
RaiseException
RtlUnwind
GetStartupInfoW
InitializeSListHead
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetConsoleMode
Sleep
TerminateProcess
GetLongPathNameW
GetVersionExA
ExpandEnvironmentStringsA
GetComputerNameA
GetCurrentThreadId
ExitProcess
IsDebuggerPresent
HeapReAlloc
GetSystemInfo
MoveFileExW
DeleteFileW
SetFileAttributesW
CreateProcessW
SizeofResource
LockResource
LoadResource
GetSystemDirectoryW
ExpandEnvironmentStringsW
GetTempPathW
WaitForSingleObject
GetFullPathNameW
GetCurrentThread
GetVersionExW
GetProcessHeap
GetCurrentProcessId
GetCurrentProcess
DuplicateHandle
OpenProcess
OpenFileMappingW
LeaveCriticalSection
EnterCriticalSection
GetComputerNameW
GetDriveTypeW
GetLogicalDrives
GetProcAddress
LoadLibraryW
GetTickCount
MapViewOfFile
CreateFileMappingW
SystemTimeToFileTime
GetFileSize
GetLocalTime
GetFileInformationByHandle
CompareFileTime
GetFileSizeEx
FindClose
FindNextFileW
FindFirstFileW
SetFilePointer
GetFileAttributesW
SetLastError
HeapFree
WriteFile
DeleteCriticalSection
ReadConsoleW
ReadConsoleA
GetConsoleMode
GetEnvironmentVariableW
ConvertFiberToThread
GlobalMemoryStatus
QueryPerformanceCounter
DeleteFiber
GetFileType
GetStdHandle
FindResourceW
GetDateFormatW
GetModuleHandleW
CreateEventW
InterlockedIncrement
WaitForMultipleObjects
CreateThread
ResetEvent
SetEvent
InitializeCriticalSection
TlsAlloc
GetExitCodeProcess
GetModuleFileNameW

user32

GetWindowTextW
GetWindowThreadProcessId
EnumWindows
CharUpperBuffW
CharUpperA
GetDesktopWindow
SendMessageW
GetDlgItem
GetClassNameW
CharLowerBuffW
MessageBoxW
GetProcessWindowStation
EndDialog
DialogBoxParamW
GetWindowRect
GetClientRect
LoadImageW
GetDC
SystemParametersInfoW
ReleaseDC
GetParent
SetWindowLongW
LoadIconW
SetClassLongW
GetUserObjectInformationW
SetWindowPos
GetWindowLongW
SetWindowTextW
KillTimer
PostMessageW
SetDlgItemTextW
CheckDlgButton
GetDlgItemTextW
IsWindowVisible
LoadStringW
DeferWindowPos
SetCursor
GetDlgCtrlID
DestroyIcon
MoveWindow
IsCharAlphaW
CreateCursor
LoadCursorW
FillRect
GetWindow
EndDeferWindowPos
FindWindowW
BeginDeferWindowPos
IsWindow
GetAsyncKeyState
GetSystemMetrics
ClientToScreen
EnableWindow
SetTimer
ShowWindow
SetFocus
GetWindowTextLengthW
IsDlgButtonChecked
InvalidateRect
CallWindowProcW

gdi32

TextOutW
GetTextExtentPoint32W
DeleteObject
GetStockObject
SetBkMode
SetTextColor
SelectObject
GetObjectW
CreateFontIndirectW
GetDeviceCaps

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

DuplicateToken
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CloseEventLog
ReadEventLogW
OpenEventLogW
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
GetCurrentHwProfileW
RegQueryValueExA
GetUserNameA
AdjustTokenPrivileges
LookupPrivilegeValueW
RegSetValueExW
RegDeleteValueW
GetTokenInformation
FreeSid
AccessCheck
IsValidSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
GetLengthSid
InitializeSecurityDescriptor
AllocateAndInitializeSid
CryptEnumProvidersW
OpenProcessToken
OpenThreadToken
RegQueryValueExW
RegQueryInfoKeyW
GetUserNameW
RegCloseKey
RegOpenKeyExW

shell32

SHGetPathFromIDListW
SHGetMalloc
DragAcceptFiles
SHGetFileInfoW
ShellExecuteExW
SHGetSpecialFolderPathW
SHGetFolderPathA
SHBrowseForFolderW
SHGetFolderPathW
ShellExecuteW
DragQueryFileW

ole32

CLSIDFromProgID
CoInitialize
CoCreateInstance
CoGetClassObject

oleaut32

SysAllocString
SysFreeString

ntdll

NtSetInformationFile
NtEnumerateValueKey

comctl32

ord17
PropertySheetW
CreatePropertySheetPageW

shlwapi

PathFileExistsW
PathFindFileNameW
StrStrIW

crypt32

CertEnumCertificatesInStore
CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertCloseStore
CertFreeCertificateContext
CertFindCertificateInStore
CertOpenStore

ws2_32

recv
WSAGetLastError
WSASetLastError
send
WSACleanup
closesocket

mpr

WNetEnumResourceW
WNetCloseEnum
WNetOpenEnumW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

psapi

GetProcessImageFileNameW

wininet

InternetCheckConnectionW
InternetReadFile
InternetOpenW
InternetOpenUrlW
InternetCloseHandle
InternetGetConnectedState

Sections

.text
Size: 954KB - Virtual size: 954KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.gcode
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 434KB - Virtual size: 433KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 159KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 286KB - Virtual size: 286KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a3a930308fe5f399ec63b3a5b847e9e6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

ntdll

comctl32

shlwapi

crypt32

ws2_32

mpr

version

psapi

wininet

Sections

.text Size: 954KB - Virtual size: 954KB

.gcode Size: 5KB - Virtual size: 4KB

.rdata Size: 434KB - Virtual size: 433KB

.data Size: 159KB - Virtual size: 171KB

.gdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 286KB - Virtual size: 286KB

.text
Size: 954KB - Virtual size: 954KB

.gcode
Size: 5KB - Virtual size: 4KB

.rdata
Size: 434KB - Virtual size: 433KB

.data
Size: 159KB - Virtual size: 171KB

.gdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 286KB - Virtual size: 286KB