6f9af64fdb5a303a64218642bcf1c9b44c064de63688fcb7c4d32dcc2ce0ba88

Sharing

Copy URL Twitter E-mail

General

Target

6f9af64fdb5a303a64218642bcf1c9b44c064de63688fcb7c4d32dcc2ce0ba88
Size

2.2MB
MD5

70a51d4fe95dd27b234b4307d64233ba
SHA1

d84f17c7f3826e1d92f7fbf2b98b366a1841a667
SHA256

6f9af64fdb5a303a64218642bcf1c9b44c064de63688fcb7c4d32dcc2ce0ba88
SHA512

c3ca20ebdd04e8a09769227eadfaa527053587bf535310073bedb7163a8ff5ded6c0e8f644378abe55c0566bb377cfa46f32d71e7822037536b59635c1ff5755
SSDEEP

49152:JAtWgLeXaq5wUQO59kC4M8Z6qlNq+rxIoHM7+PfSBP:mLeXt5wy5+TM8nlNVIoswSBP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6f9af64fdb5a303a64218642bcf1c9b44c064de63688fcb7c4d32dcc2ce0ba88

Files

6f9af64fdb5a303a64218642bcf1c9b44c064de63688fcb7c4d32dcc2ce0ba88
.exe windows:6 windows x86 arch:x86

3e61b0665aa8bea7c12d3b0a266983dd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MulDiv
SizeofResource
InitializeCriticalSection
GetCurrentThreadId
FreeResource
LockResource
LoadResource
FindResourceW
DeleteCriticalSection
GetCurrentProcess
GlobalFlags
GetSystemInfo
GlobalLock
SetCurrentDirectoryW
GetModuleHandleW
VirtualQuery
HeapFree
HeapReAlloc
HeapAlloc
GetProcessHeap
CreateEventW
SetEvent
ResetEvent
GetSystemTimeAsFileTime
GlobalFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
GlobalAlloc
QueryPerformanceCounter
InitializeSListHead
WaitForSingleObjectEx
LeaveCriticalSection
EnterCriticalSection
MultiByteToWideChar
LocalFree
FormatMessageW
WideCharToMultiByte
WriteFile
IsDebuggerPresent
GetModuleFileNameW
CreateFileW
GlobalUnlock
ExpandEnvironmentStringsW
ExitProcess
FreeLibrary
GetProcAddress
LoadLibraryW
SetWaitableTimer
CreateWaitableTimerW
TerminateProcess
OpenProcess
GetCurrentProcessId
GetTempPathW
CreateDirectoryW
DeleteFileW
CloseHandle
SetEndOfFile
SetFilePointer
GetLastError
GetFileAttributesW
GetCurrentDirectoryW
InitializeCriticalSectionAndSpinCount

user32

LoadImageW
GetDC
ReleaseDC
GetMessageW
GetParent
LoadIconW
EnumWindows
GetDesktopWindow
MessageBoxW
LoadCursorW
GetClassNameW
GetWindowThreadProcessId
GetWindowTextW
GetWindowTextLengthW
DispatchMessageW
TranslateMessage
PeekMessageW
MsgWaitForMultipleObjects
LoadStringW
SendMessageW
GetWindowLongW
MonitorFromWindow
wsprintfW

gdi32

SetDIBColorTable
CreateDIBSection
SelectObject
GetDeviceCaps
DeleteDC
GetObjectW
CreateCompatibleDC
DeleteObject

advapi32

RegQueryValueExW
RegCloseKey
RegOpenKeyExW

ole32

CreateStreamOnHGlobal
CoInitializeEx
CoUninitialize

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime

comctl32

ImageList_Create
ImageList_Destroy
ImageList_AddMasked

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

winhttp

WinHttpCrackUrl
WinHttpQueryHeaders
WinHttpOpen
WinHttpSetTimeouts
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpQueryDataAvailable
WinHttpAddRequestHeaders
WinHttpSetStatusCallback
WinHttpConnect
WinHttpCloseHandle
WinHttpSetOption
WinHttpOpenRequest
WinHttpReadData

ws2_32

WSACleanup

msvcp140

?_Xlength_error@std@@YAXPBD@Z

gdiplus

GdipDrawImageRectI
GdipBitmapUnlockBits
GdipFree
GdipCloneImage
GdipGetImageGraphicsContext
GdipBitmapLockBits
GdipGetImageHeight
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipDisposeImage
GdiplusShutdown
GdipDeleteGraphics
GdipGetImagePalette
GdipAlloc
GdiplusStartup
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipSetCompositingMode
GdipGetImageWidth
GdipCreateBitmapFromScan0

vcruntime140

memcpy
__CxxFrameHandler3
wcsrchr
__std_exception_copy
__std_exception_destroy
wcschr
wcsstr
_purecall
__current_exception
_except_handler4_common
__current_exception_context
memset
memmove
_CxxThrowException

api-ms-win-crt-string-l1-1-0

iswprint
strncmp
isprint
_wcsnicmp

api-ms-win-crt-runtime-l1-1-0

_controlfp_s
_invalid_parameter_noinfo_noreturn
terminate
_register_thread_local_exe_atexit_callback
exit
__p___wargv
__p___argc
_c_exit
_initialize_onexit_table
_exit
_initterm_e
_initterm
_invalid_parameter_noinfo
_errno
_get_wide_winmain_command_line
_initialize_wide_environment
_configure_wide_argv
_set_app_type
_register_onexit_function
_seh_filter_exe
_cexit
_crt_atexit

api-ms-win-crt-heap-l1-1-0

free
malloc
_set_new_mode
_callnewh
calloc

api-ms-win-crt-convert-l1-1-0

atoi
_wtoi

api-ms-win-crt-time-l1-1-0

wcsftime
_localtime64

api-ms-win-crt-math-l1-1-0

floor
ceil
__setusermatherr

api-ms-win-crt-stdio-l1-1-0

_wfopen
fseek
fread
ftell
_set_fmode
ferror
__p__commode
__stdio_common_vswprintf
fclose

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Exports

Exports

?get_active_implementation@simdutf@@YAAAV?$atomic_ptr@$$CBVimplementation@simdutf@@@internal@1@XZ
?get_available_implementations@simdutf@@YAABVavailable_implementation_list@internal@1@XZ

Sections

.text
Size: 205KB - Virtual size: 204KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.white0
Size: 686KB - Virtual size: 686KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3e61b0665aa8bea7c12d3b0a266983dd

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

comctl32

version

winhttp

ws2_32

msvcp140

gdiplus

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-locale-l1-1-0

Exports

Exports

Sections

.text Size: 205KB - Virtual size: 204KB

.rdata Size: 59KB - Virtual size: 59KB

.data Size: 2KB - Virtual size: 4KB

.white0 Size: 686KB - Virtual size: 686KB

.reloc Size: 15KB - Virtual size: 15KB

.rsrc Size: 69KB - Virtual size: 68KB

.text
Size: 205KB - Virtual size: 204KB

.rdata
Size: 59KB - Virtual size: 59KB

.data
Size: 2KB - Virtual size: 4KB

.white0
Size: 686KB - Virtual size: 686KB

.reloc
Size: 15KB - Virtual size: 15KB

.rsrc
Size: 69KB - Virtual size: 68KB