fb71aec6a1d828942868ed5156781bb207dd93fc3d2a688d5db0207907cf2646

Sharing

Copy URL Twitter E-mail

General

Target

fb71aec6a1d828942868ed5156781bb207dd93fc3d2a688d5db0207907cf2646
Size

628KB
MD5

83d310a60002e454d24a3ec6b8d87d00
SHA1

22254541cd62e9b7a656322f06479825e232b1b8
SHA256

fb71aec6a1d828942868ed5156781bb207dd93fc3d2a688d5db0207907cf2646
SHA512

685775885008071363ca4578886c3899bea2d8add12bc651739bf81d2c1114e1566980a293ce63775eff6d70acd78d3707e997d5130ca9641be4d66c6cb06569
SSDEEP

12288:0AA767QP2N6WHl69ugJC40tNEyEjB6MR9Vt:rIqQvNn+tNE7jB6M5t

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fb71aec6a1d828942868ed5156781bb207dd93fc3d2a688d5db0207907cf2646

Files

fb71aec6a1d828942868ed5156781bb207dd93fc3d2a688d5db0207907cf2646
.exe windows:5 windows x86 arch:x86

6170db845a7347035e264cc3f102fc84

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalCompact
CreateHardLinkA
GetModuleHandleW
GetTickCount
CreateNamedPipeW
GetProcessHeap
GetConsoleAliasesA
GetConsoleCP
GlobalAlloc
GetSystemDirectoryW
SetFileShortNameW
LoadLibraryW
IsProcessInJob
FatalAppExitW
AssignProcessToJobObject
IsBadCodePtr
GetModuleFileNameW
CreateJobObjectA
GetLastError
GetProcAddress
PeekConsoleInputW
EnumDateFormatsExA
SetEndOfFile
LoadLibraryA
FindFirstVolumeMountPointW
SetConsoleCtrlHandler
AddAtomW
HeapWalk
GlobalHandle
EnumResourceTypesW
SetEnvironmentVariableA
GetOEMCP
GetModuleHandleA
EnumResourceNamesA
GetFileTime
SetProcessShutdownParameters
GetDiskFreeSpaceExW
LCMapStringW
CloseHandle
HeapSize
GetStringTypeW
WriteConsoleInputW
VerLanguageNameW
CreateFileA
WriteConsoleW
FlushFileBuffers
HeapFree
GetCommandLineA
HeapSetInformation
GetStartupInfoW
HeapAlloc
HeapCreate
EnterCriticalSection
LeaveCriticalSection
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
DecodePointer
TerminateProcess
GetCurrentProcess
ReadFile
MultiByteToWideChar
ExitProcess
SetFilePointer
WriteFile
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
Sleep
GetConsoleMode
RtlUnwind
GetCPInfo
GetACP
IsValidCodePage
SetStdHandle
IsProcessorFeaturePresent
HeapReAlloc
CreateFileW

user32

SetCaretPos
CharUpperBuffW
GetMessageExtraInfo
GetMenu
DrawStateW
GetSysColorBrush

gdi32

GetCharWidthI
GetCharABCWidthsI

winhttp

WinHttpOpen

Sections

.text
Size: 512KB - Virtual size: 511KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 45KB - Virtual size: 32.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6170db845a7347035e264cc3f102fc84

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winhttp

Sections

.text Size: 512KB - Virtual size: 511KB

.rdata Size: 12KB - Virtual size: 12KB

.data Size: 45KB - Virtual size: 32.1MB

.rsrc Size: 57KB - Virtual size: 56KB

.text
Size: 512KB - Virtual size: 511KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 45KB - Virtual size: 32.1MB

.rsrc
Size: 57KB - Virtual size: 56KB