6fb925d56bc87df71c35753705f1bea948c956c649254948d8106140eb2b3694

Sharing

Copy URL Twitter E-mail

General

Target

6fb925d56bc87df71c35753705f1bea948c956c649254948d8106140eb2b3694
Size

8.6MB
MD5

8e1fe9f7a98d76a2ffd02554418a5e09
SHA1

f426121770df64c5767288b70aa2de51fe0aec34
SHA256

6fb925d56bc87df71c35753705f1bea948c956c649254948d8106140eb2b3694
SHA512

cc57187a2102a704011dd5c76d934a671a562e9d00fc8f7cb23ed3111232591894b4d47d57f215545529e2fdceeda7eefaa17a6ec3ae24768ad3539a7477cad8
SSDEEP

196608:F2FGw+hGxTzhEkUD24LUvKY+QvqzzUhpsXpA0bnGC14hCa:F2ow+hGpikpAUKavqchV0bGCOC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6fb925d56bc87df71c35753705f1bea948c956c649254948d8106140eb2b3694

Files

6fb925d56bc87df71c35753705f1bea948c956c649254948d8106140eb2b3694
.exe windows:6 windows x86 arch:x86

e928504fd3fcb2ab3a1670cca0409906

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\xiaoxiong\code\xiaoxiong\work\Project1.pdb

Imports

user32

MessageBoxW
GetDC
GetAsyncKeyState
MessageBoxA
GetDesktopWindow

gdi32

DeleteDC
DeleteObject
SetStretchBltMode
CreateCompatibleBitmap
GetDeviceCaps
GetDIBits
StretchBlt
CreateCompatibleDC
SelectObject

kernel32

MultiByteToWideChar
Sleep
ExitProcess
GetPrivateProfileStringA
GetTempPathA
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
QueryPerformanceCounter
QueryPerformanceFrequency
GetCurrentProcess
GetExitCodeProcess
CreateFileA
GetFileAttributesExA
LockFileEx
UnlockFileEx
CloseHandle
GetLastError
FreeLibrary
GetProcAddress
LoadLibraryW
FindClose
FindFirstFileExA
FindNextFileA
GetModuleHandleA
LoadLibraryA
GetSystemInfo
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleExA
lstrcmpA
GetEnvironmentVariableA
WriteConsoleW
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
SetEndOfFile
SetStdHandle
RemoveDirectoryW
CreateDirectoryW
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
WideCharToMultiByte
RaiseException
WaitForSingleObjectEx
SwitchToThread
EncodePointer
DecodePointer
LCMapStringEx
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
CreateEventExW
CreateSemaphoreExW
FlushProcessWriteBuffers
GetCurrentProcessorNumber
GetSystemTimeAsFileTime
GetTickCount64
FreeLibraryWhenCallbackReturns
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolWait
CloseThreadpoolWait
GetModuleHandleW
GetStringTypeW
GetCPInfo
InitializeCriticalSection
VirtualAlloc
VirtualFree
GetComputerNameA
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
GetCurrentThread
GetThreadTimes
FreeLibraryAndExitThread
LoadLibraryExW
DuplicateHandle
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
RegisterWaitForSingleObject
SetLastError
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
UnregisterWait
GetVersionExW
VirtualProtect
CreateTimerQueue
RtlUnwind
GetModuleHandleExW
ReadFile
CreateFileW
GetFileType
SetFilePointerEx
GetStdHandle
WriteFile
GetCommandLineA
GetCommandLineW
GetConsoleOutputCP
GetConsoleMode
ReadConsoleW
GetFileSizeEx
FlushFileBuffers
HeapFree
HeapAlloc
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapReAlloc
HeapSize
DeleteFileW
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

ws2_32

closesocket
send
inet_addr
connect
WSAGetLastError
htons
setsockopt
socket
inet_ntoa
recv
gethostbyname
WSAStartup
WSASetLastError

advapi32

RegQueryValueExA
RegOpenKeyA
RegCloseKey

Sections

.text
Size: - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 935KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text0
Size: - Virtual size: 5.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text1
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text2
Size: 8.6MB - Virtual size: 8.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e928504fd3fcb2ab3a1670cca0409906

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

user32

gdi32

kernel32

ws2_32

advapi32

Sections

.text Size: - Virtual size: 2.2MB

.rdata Size: - Virtual size: 935KB

.data Size: - Virtual size: 158KB

.text0 Size: - Virtual size: 5.5MB

.text1 Size: 1KB - Virtual size: 1KB

.text2 Size: 8.6MB - Virtual size: 8.6MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 480B

.text
Size: - Virtual size: 2.2MB

.rdata
Size: - Virtual size: 935KB

.data
Size: - Virtual size: 158KB

.text0
Size: - Virtual size: 5.5MB

.text1
Size: 1KB - Virtual size: 1KB

.text2
Size: 8.6MB - Virtual size: 8.6MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 480B