6PHM9GG3zOACOOY[.]exe

General

Target

6PHM9GG3zOACOOY.exe
Size

27.6MB
MD5

a33095599002454302e82bec53b03f04
SHA1

3aee0a64ea637db37e52557bd86f33b0fef68efd
SHA256

d3b4c0c8f1d789421b892379f412079350aa98bc90997e9582c409344800e2c2
SHA512

33b6a32c951b92e98191a6757dc71e28e3eda8120402b284f4afc8fb7904b0dd19ba6362a6229e5990377ab848b3ab5f5849186482cf6b6b4c67306ce3c3fdae
SSDEEP

786432:YJsgCzfhpWTbaXwEDq8obtiqbKYceeolFDWy8W:YJ7CbnWKq8opiqbKYyc8W

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6PHM9GG3zOACOOY.exe

Files

6PHM9GG3zOACOOY.exe
.exe windows:6 windows x86 arch:x86

ad2b2010283416fd9c7cc88577ee6d83

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SizeofResource
VirtualFree
GetCurrentProcess
VirtualAlloc
FindResourceA
LoadLibraryA
LockResource
LoadResource
GetProcAddress
IsDebuggerPresent
InitializeSListHead
GetCurrentThreadId
GetCurrentProcessId
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleHandleW
GetSystemTimeAsFileTime
Sleep
GetStartupInfoW
QueryPerformanceFrequency
QueryPerformanceCounter

ucrtbase

terminate
_controlfp_s
_register_onexit_function
_initialize_onexit_table
__p__commode
_set_new_mode
_configthreadlocale
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
_set_fmode
_exit
exit
_initterm_e
_initterm
_get_narrow_winmain_command_line
_initialize_narrow_environment
_configure_narrow_argv
__setusermatherr
_set_app_type
_seh_filter_exe
rand_s
_libm_sse2_sin_precise
_except_handler4_common
memset
__current_exception_context
__current_exception
_CxxThrowException
__std_exception_destroy
__std_exception_copy
free
_crt_atexit
memcpy
_libm_sse2_cos_precise
_libm_sse2_sqrt_precise

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 634KB - Virtual size: 634KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ad2b2010283416fd9c7cc88577ee6d83

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ucrtbase

Sections

.text Size: 14KB - Virtual size: 13KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 634KB - Virtual size: 634KB

.text
Size: 14KB - Virtual size: 13KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 634KB - Virtual size: 634KB