6bc1dbc9306890a15a828e26c708ddf0N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

6bc1dbc9306890a15a828e26c708ddf0N.exe
Size

1.0MB
MD5

6bc1dbc9306890a15a828e26c708ddf0
SHA1

7a4cee01c68ccdebae2796cfbee68c1fea200818
SHA256

2636171224527d4c118b1f6dc5a5ab1a1207add035e1f19861c58bcb5cf0643c
SHA512

aa064c8cd860c4d363c550e8afc17ee00fbe60eec68f83b8713247a4fa4570c5592ff8962c24da4c0b748bf7321d54965b9bad9c6f97f84cc6d52bfb246dd877
SSDEEP

24576:FcPIzwFP0KRG21hri1e2pfBi5zznwGtN+StcW/YMJ1+lf:FwiKRrhrgXi5zNz7j/YMJ1+lf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6bc1dbc9306890a15a828e26c708ddf0N.exe

Files

6bc1dbc9306890a15a828e26c708ddf0N.exe
.exe windows:5 windows x86 arch:x86

f4fdc4ba6b5dcd89991eba43efda41e5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\ryanch\MyBranches\DEV-MIP-Geocomply\src\MicrogamingInstall\Release\MicrogamingInstall.pdb

Imports

kernel32

FormatMessageA
WriteFile
GetVolumePathNameW
CopyFileW
FormatMessageW
ReadFile
GetModuleFileNameW
FindFirstFileA
GetProcAddress
FindClose
RemoveDirectoryW
FindNextFileA
GetModuleHandleA
ReleaseMutex
GetVersionExA
DeleteFileW
FreeLibrary
SetEvent
GetPrivateProfileStringW
CreateEventA
CreateDirectoryA
LoadLibraryA
CreateMutexA
LocalFree
lstrcpynA
GetDriveTypeA
GetVolumeInformationA
DeviceIoControl
InterlockedDecrement
MoveFileExA
Process32First
GetFileAttributesA
TerminateProcess
GetSystemDirectoryA
GetLastError
GetLocalTime
Process32Next
CreateToolhelp32Snapshot
lstrlenA
lstrcpynW
GetFileAttributesW
lstrlenW
lstrcpyA
InterlockedIncrement
GetPrivateProfileIntA
InterlockedExchange
GetExitCodeThread
WaitForMultipleObjects
GetCurrentThreadId
CreateThread
SetEndOfFile
LeaveCriticalSection
EnterCriticalSection
SetLastError
CreateSemaphoreA
ReleaseSemaphore
GetLogicalDriveStringsA
GlobalMemoryStatusEx
GetSystemInfo
GetDiskFreeSpaceExA
CreateDirectoryW
SetThreadPriority
GetCurrentThread
GetThreadTimes
ResumeThread
CompareStringW
WriteConsoleW
GetTimeZoneInformation
GetProcessHeap
SetStdHandle
GetStringTypeW
HeapSize
FlushFileBuffers
GetConsoleMode
GetConsoleCP
IsProcessorFeaturePresent
GetCurrentDirectoryW
PeekNamedPipe
GetFileInformationByHandle
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetFileType
SetHandleCount
LCMapStringW
HeapCreate
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetCurrentProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetStdHandle
MoveFileA
RaiseException
RtlUnwind
GetFullPathNameA
GetDriveTypeW
SetCurrentDirectoryA
GetCurrentDirectoryA
SetEnvironmentVariableA
FindFirstFileExA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetStartupInfoW
HeapSetInformation
GetCommandLineA
SetFilePointer
GetFileSize
GetComputerNameA
DeleteFileA
GetTempPathA
GetCurrentProcessId
GetTempFileNameA
GetModuleFileNameA
CopyFileA
RemoveDirectoryA
lstrcmpiA
CreateProcessA
Sleep
OpenProcess
MapViewOfFile
WaitForSingleObject
CreateProcessW
CreateFileA
OutputDebugStringA
WideCharToMultiByte
CloseHandle
CreateFileMappingA
MultiByteToWideChar
CreateFileW
GetEnvironmentVariableA
HeapReAlloc
HeapFree
ExitThread
GetSystemTimeAsFileTime
HeapAlloc
ExitProcess
GetModuleHandleW
EncodePointer
DecodePointer
SetFileAttributesA

user32

LoadCursorA
AdjustWindowRect
EnableWindow
UpdateWindow
MapWindowPoints
LoadImageA
IsWindowVisible
GetSystemMetrics
RegisterClassW
MessageBoxW
DispatchMessageA
RegisterClassA
CreatePopupMenu
SetLayeredWindowAttributes
GetCursorPos
GetDlgCtrlID
SetWindowLongW
ReleaseDC
PeekMessageA
AppendMenuW
GetWindowLongW
SetWindowLongA
OffsetRect
ChildWindowFromPoint
TranslateMessage
IsDialogMessageA
SendMessageA
GetClientRect
IsWindowEnabled
LoadIconA
DefWindowProcW
MoveWindow
FlashWindowEx
CreateWindowExA
DefWindowProcA
SetWindowPos
ShowWindow
DestroyWindow
SendMessageTimeoutA
wvsprintfA
SetForegroundWindow
GetWindowDC
TrackPopupMenu
GetWindowRect
PostMessageA
SetWindowTextA
MessageBoxA
SetFocus
CopyRect
wsprintfW
InvalidateRect
wsprintfA
CreateWindowExW
PostThreadMessageA
GetActiveWindow
GetMessageA

gdi32

DeleteDC
CreateDIBSection
GetDIBits
DeleteObject
SelectObject
CreateCompatibleDC
GetStockObject
BitBlt

advapi32

RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
RegEnumKeyW
OpenSCManagerA
CloseServiceHandle
OpenServiceA
RegSetValueExW
RegQueryValueExW
RegSetValueW
RegSetValueA
FreeSid
GetUserNameA
RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExA
RegSetValueExA
RegQueryValueW

shell32

SHGetFolderPathW
SHGetPathFromIDListW
SHGetMalloc
SHGetSpecialFolderLocation
Shell_NotifyIconA
SHGetSpecialFolderPathA
SHChangeNotify
ShellExecuteA

ole32

StringFromIID
CoInitialize
CoUninitialize
CoSetProxyBlanket
CoTaskMemAlloc
CoCreateGuid
CoCreateInstance
OleUninitialize
OleInitialize
OleCreate
OleSetContainedObject
CLSIDFromProgID
CoTaskMemFree

oleaut32

VariantTimeToSystemTime
VariantCopy
VariantChangeType
SysStringLen
SafeArrayUnaccessData
VariantInit
SafeArrayAccessData
SafeArrayCreateVector
VariantClear
SysFreeString
SysAllocString
SysAllocStringLen

wsock32

WSAStartup
gethostbyname
inet_addr
ioctlsocket
htonl
WSAGetLastError
htons
ntohs
getservbyport
getservbyname
WSASetLastError
gethostbyaddr
WSACleanup

wininet

InternetConnectA
InternetOpenUrlA
InternetCrackUrlA
InternetOpenA
InternetQueryOptionA
HttpSendRequestA
HttpOpenRequestA
InternetSetOptionA
InternetGetLastResponseInfoA
HttpQueryInfoA
InternetReadFile
InternetOpenUrlW
InternetOpenW
InternetCreateUrlA
InternetCrackUrlW
InternetCloseHandle

shlwapi

PathAppendA
SHDeleteKeyA
PathCanonicalizeW
PathAppendW
StrStrA
PathCanonicalizeA

psapi

GetModuleFileNameExA

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

ws2_32

WSAAddressToStringA

urlmon

CoInternetGetSession

Exports

Exports

?CreateDefaultBrowserInfo@@YGPAVIDefaultBrowserInfo@@XZ
?CreateDirectXVersionInfo@@YGPAVIDirectXVersionInfo@@XZ
?CreateDisplaysDeviceInfo@@YGPAVIDisplayDevicesInfo@@XZ
?CreateFixedDriveInfo@@YGPAVIFixedDriveInfo@@XZ
?CreateFixedDrivesInfo@@YGPAVIFixedDrivesInfo@@XZ
?CreateFlashInfo@@YGPAVIFlashInfo@@XZ
?CreateIEVersionInfo@@YGPAVIIEVersionInfo@@XZ
?CreateMacAddress@@YGPAVIMacAddress@@XZ
?CreateMachineInfo@@YGPAVIMachineInfo@@XZ
?CreateMachineInfoXML@@YGPAVIMachineInfoXML@@XZ
?CreateOSInfo@@YGPAVIOSInfo@@XZ
?CreateProcessorsInfo@@YGPAVIProcessorsInfo@@XZ
?CreateRamInfo@@YGPAVIRamInfo@@XZ
?CreateSoundDevicesInfo@@YGPAVISoundDevicesInfo@@XZ
?CreateUserExperience@@YGPAVIUserExperience@@XZ
?CreateVMInfo@@YGPAVIVMInfo@@XZ

Sections

.text
Size: 406KB - Virtual size: 406KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 67KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f4fdc4ba6b5dcd89991eba43efda41e5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

wsock32

wininet

shlwapi

psapi

version

ws2_32

urlmon

Exports

Exports

Sections

.text Size: 406KB - Virtual size: 406KB

.rdata Size: 60KB - Virtual size: 60KB

.data Size: 67KB - Virtual size: 85KB

.rsrc Size: 4KB - Virtual size: 3KB

.text
Size: 406KB - Virtual size: 406KB

.rdata
Size: 60KB - Virtual size: 60KB

.data
Size: 67KB - Virtual size: 85KB

.rsrc
Size: 4KB - Virtual size: 3KB