b6c6171b30153d337727d990758f795efa080afa32439c57d07acdcde57255ae

Sharing

Copy URL Twitter E-mail

General

Target

b6c6171b30153d337727d990758f795efa080afa32439c57d07acdcde57255ae
Size

1.1MB
MD5

8f76c14cf1bf830af88f143994781f33
SHA1

5059dcf32c9468dd1381472b4132ba460be44562
SHA256

b6c6171b30153d337727d990758f795efa080afa32439c57d07acdcde57255ae
SHA512

c36fba10d1e672b684c4726757190056cc06ae4fb87a22983f427f9d0310e3f35bc7573a25c90efe9eb53efc59063f512b3e1f9e36f9999dc9544c56db6af7f0
SSDEEP

24576:0FA6uBe00LnqWahVEa5O4DuqTlASDdd+VaE:cuBsLOHb54qTBDdogE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b6c6171b30153d337727d990758f795efa080afa32439c57d07acdcde57255ae

Files

b6c6171b30153d337727d990758f795efa080afa32439c57d07acdcde57255ae
.exe windows:5 windows x64 arch:x64

e53a617b15bfbf1fdb948df66c1d2ad0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

e:\po\trunk\modules\pohost\Release\pobus64.pdb

Imports

kernel32

GetFileAttributesExW
ResetEvent
GetTickCount
LocalFree
SetProcessShutdownParameters
FlushFileBuffers
GetConsoleMode
GetConsoleCP
ResumeThread
ExitThread
LocalAlloc
GetFileInformationByHandle
SetStdHandle
OutputDebugStringW
MoveFileExW
lstrcpynA
GetTempPathW
GetModuleFileNameW
CreateEventA
CopyFileW
lstrcmpA
ExitProcess
lstrcpyA
GetVolumeInformationW
SetFileAttributesW
GetWindowsDirectoryW
GetProcAddress
GetLastError
CreateFileW
ReadFile
GetFileAttributesW
LoadLibraryW
WriteFile
GetModuleHandleW
SetLastError
lstrcpyW
lstrcatW
GetProcessId
EnterCriticalSection
lstrcpynW
LeaveCriticalSection
GetVersionExW
OpenProcess
DeleteFileW
CloseHandle
lstrcmpiW
CreateEventW
PostQueuedCompletionStatus
CreateSemaphoreA
CreateIoCompletionPort
GetQueuedCompletionStatus
ReleaseSemaphore
QueryPerformanceFrequency
GetSystemDirectoryA
GetSystemInfo
CreateFileMappingA
FormatMessageA
SetFilePointer
GetFileSize
GetDiskFreeSpaceExW
GetDriveTypeW
FileTimeToLocalFileTime
Module32NextW
OpenEventW
OutputDebugStringA
CreateThread
WriteConsoleW
GetConsoleOutputCP
lstrlenA
WriteConsoleA
CreateToolhelp32Snapshot
FindNextFileW
MoveFileW
lstrcmpiA
Sleep
InitializeCriticalSection
SetEvent
PeekNamedPipe
WaitForSingleObject
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetStartupInfoW
RaiseException
RtlPcToFileHeader
RtlUnwindEx
HeapAlloc
HeapFree
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
FlsFree
GetCurrentThreadId
FlsAlloc
GetStdHandle
GetModuleFileNameA
HeapSize
DeleteCriticalSection
SetConsoleCtrlHandler
FreeLibrary
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapSetInformation
HeapCreate
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetLocaleInfoW
GetLocaleInfoA
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetTimeZoneInformation
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetTempFileNameW
CreateFileA
FindFirstFileW
MapViewOfFile
UnmapViewOfFile
VirtualQuery
SetEndOfFile
CreateProcessW
GlobalSize
GlobalLock
GetLogicalDrives
GetProcessHeap
IsBadReadPtr
GetDriveTypeA
FileTimeToSystemTime
lstrcmpW
lstrlenW
GetFileSizeEx
GetCurrentDirectoryW
FindClose
GetLocalTime
Process32FirstW
ProcessIdToSessionId
CreateFileMappingW
RemoveDirectoryW
QueryDosDeviceW
DeviceIoControl
Module32FirstW
Process32NextW
GetModuleHandleA

user32

wsprintfW
wsprintfA
GetSystemMetrics

advapi32

RegSetKeySecurity
CreateServiceW
GetTokenInformation
OpenProcessToken
OpenSCManagerW
StartServiceCtrlDispatcherW
OpenServiceW
RegisterServiceCtrlHandlerExW
QueryServiceConfig2W
DeleteService
RegSetValueExA
RegCreateKeyExW
CreateProcessAsUserW
InitializeSecurityDescriptor
SetTokenInformation
SetSecurityDescriptorDacl
RegCreateKeyExA
LookupPrivilegeValueW
StartServiceW
DuplicateTokenEx
QueryServiceStatus
SetFileSecurityW
AllocateAndInitializeSid
SetEntriesInAclW
RegEnumValueW
FreeSid
CloseServiceHandle
ControlService
AdjustTokenPrivileges
RegSetValueExW
GetUserNameW
CryptGenRandom
CryptAcquireContextA
ChangeServiceConfig2W
RegCloseKey
QueryServiceConfigW
RegNotifyChangeKeyValue
RegOpenKeyExW
SetServiceStatus
ChangeServiceConfigW

shell32

ord165
SHGetSpecialFolderPathW

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory

shlwapi

wnsprintfW
StrStrIA
SHSetValueW
StrStrIW
PathFileExistsW
StrNCatW
SHDeleteValueW
SHDeleteKeyW
PathQuoteSpacesW
PathFindFileNameW
PathAppendW
PathFindExtensionW
PathMatchSpecW
PathRemoveExtensionW
wvnsprintfW
PathIsDirectoryW
SHGetValueA
PathRemoveFileSpecW
SHSetValueA
StrChrW
SHGetValueW
StrCmpNIW
StrCatBuffW
StrChrA
wnsprintfA
wvnsprintfA
SHDeleteValueA
PathFileExistsA
SHCreateStreamOnFileW
StrRChrW
StrNCatA

version

GetFileVersionInfoW
VerQueryValueW

ws2_32

setsockopt
htons
bind
WSAGetOverlappedResult
closesocket
select
getpeername
WSAGetLastError
connect
WSAIoctl
socket
WSAStartup
recvfrom
shutdown
getnameinfo
WSASetLastError
getsockopt
listen
send
recv
ioctlsocket
WSASend
WSARecv
ntohl
ntohs
getservbyname
getprotobynumber
freeaddrinfo
getaddrinfo
accept
getsockname
htonl

psapi

GetProcessImageFileNameW

imagehlp

ImageGetCertificateData
ImageEnumerateCertificates

crypt32

CertEnumCertificatesInStore
CryptMsgClose
CryptQueryObject
CertGetNameStringW
CryptDecodeObjectEx
CertCloseStore

ole32

CreateStreamOnHGlobal
GetHGlobalFromStream
CoInitializeEx
CoCreateGuid
CoCreateInstance

oleaut32

VariantInit
VariantClear
VariantChangeType
SysFreeString
SysAllocString

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

Exports

Exports

A0746EA1
A0746EA2
A0746EA3
A0E6108C
A0bE45C8
A24F1852
A86B40F2
AF30E1CF
B30715A7
B30715A8
B30715A9
BAC55B0A
C1FB4838
C3206E88
CA68EAC2
CC35024C
D1B7856C
E1034A78
E2FE52CB
E43697C5
E7248970
E7248971
E7248972
E7248973
E7248974
E7248975
E7248976
E7248977
F247DB7F
F3814E8B
FB7C34E6

Sections

.text
Size: 752KB - Virtual size: 752KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 188KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 84KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e53a617b15bfbf1fdb948df66c1d2ad0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

wtsapi32

shlwapi

version

ws2_32

psapi

imagehlp

crypt32

ole32

oleaut32

userenv

Exports

Exports

Sections

.text Size: 752KB - Virtual size: 752KB

.rdata Size: 188KB - Virtual size: 188KB

.data Size: 84KB - Virtual size: 106KB

.pdata Size: 50KB - Virtual size: 50KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 752KB - Virtual size: 752KB

.rdata
Size: 188KB - Virtual size: 188KB

.data
Size: 84KB - Virtual size: 106KB

.pdata
Size: 50KB - Virtual size: 50KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 4KB