6b58df26be204068ae7fbb078fcae0e0N

Sharing

Copy URL Twitter E-mail

General

Target

6b58df26be204068ae7fbb078fcae0e0N
Size

3.7MB
MD5

6b58df26be204068ae7fbb078fcae0e0
SHA1

5b7cdc8955e480331906d613ed9869807b5df86e
SHA256

23757b5208ff8a512969126ef5f46208c20752be7379573f74a8bb8fffd1b479
SHA512

25290123abe094a16b299f9b19bba08124a084d213252b4cd2241a366e1bc208b7f761bcddef128916aee64569abdd6ea589a8ac97413f21a0694988681b1d44
SSDEEP

6144:fmndLuD4oHvLkSS2pkj58KOTkNiEkGkf2h9XXG3EPKVyVW/ACeU00wednjFg1:SdSMJn8Hf2h9XXG3EPKEW/vn8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6b58df26be204068ae7fbb078fcae0e0N

Files

6b58df26be204068ae7fbb078fcae0e0N
.exe windows:5 windows x64 arch:x64

739c844c9db04b65dba054fbfb341508

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

shlwapi

PathFindExtensionW
PathRemoveFileSpecW
PathFindFileNameW
PathIsFileSpecW

psapi

GetModuleFileNameExW
EnumProcesses
EnumProcessModules
GetModuleBaseNameW

kernel32

SearchPathW
FormatMessageW
LocalFree
CreateMutexW
WaitForSingleObject
CreateFileMappingW
MapViewOfFile
ReleaseMutex
UnmapViewOfFile
LoadLibraryW
GetProcAddress
FreeLibrary
QueryPerformanceFrequency
GetLocaleInfoW
GetUserDefaultUILanguage
CreateDirectoryW
GetFileAttributesW
FindFirstFileW
FindNextFileW
FindClose
GetEnvironmentVariableW
GetCurrentProcess
GetPrivateProfileStringW
GetPrivateProfileStringA
WritePrivateProfileStringW
WritePrivateProfileStringA
WideCharToMultiByte
GetStringTypeW
EncodePointer
DecodePointer
GetStartupInfoW
HeapFree
GetSystemTimeAsFileTime
GetDateFormatW
GetTimeFormatW
RaiseException
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
HeapAlloc
LCMapStringW
GetCPInfo
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
HeapSize
GetModuleHandleW
ExitProcess
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
HeapSetInformation
GetVersion
HeapCreate
GetTimeZoneInformation
GetACP
GetOEMCP
GetLongPathNameW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
HeapReAlloc
GetConsoleCP
GetConsoleMode
FlushFileBuffers
ReadFile
WriteConsoleW
SetStdHandle
CompareStringW
SetEnvironmentVariableA
GetTempFileNameW
GetCommandLineW
GetFileAttributesExW
OpenProcess
GetLastError
GetCurrentThreadId
OutputDebugStringW
CloseHandle
SetLastError
QueryPerformanceCounter
GetModuleFileNameW
WriteFile
SetFilePointer
Sleep
CreateFileW
GetTickCount
ExpandEnvironmentStringsW
ExitThread
SetFileAttributesW
CopyFileW
MoveFileExW
GetSystemDirectoryW
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
MultiByteToWideChar
GetCurrentProcessId
InitializeCriticalSection
GetVersionExW
CreateProcessW
GetTempPathW
GetDiskFreeSpaceExW
CreateThread
GetExitCodeThread
GetExitCodeProcess
TerminateThread
CreateEventW
OpenEventW
ResetEvent
SetEvent
GetLocalTime
GetSystemTime
OpenMutexW
GetShortPathNameW
GetFileSizeEx
PeekNamedPipe
TryEnterCriticalSection
WaitForMultipleObjects
CreatePipe
GlobalMemoryStatusEx
OpenFileMappingW
FlushViewOfFile
GetSystemDefaultLCID
GetSystemDefaultUILanguage
DeleteFileW
GetComputerNameExW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetUserDefaultLangID
LocalAlloc
GlobalAlloc
ProcessIdToSessionId
GlobalLock
GlobalUnlock
GlobalFree
FindResourceW
LoadResource
LockResource
SizeofResource
GetFileTime
DeviceIoControl
VirtualAlloc

user32

DestroyIcon
RegisterWindowMessageW
SetTimer
GetMessageW
SendMessageCallbackW
GetKeyState
CloseDesktop
OpenDesktopW
LoadIconW
GetThreadDesktop
SetProcessWindowStation
GetProcessWindowStation
CloseWindowStation
OpenWindowStationW
GetAsyncKeyState
WaitForInputIdle
MsgWaitForMultipleObjectsEx
GetSystemMetrics
SystemParametersInfoW
MsgWaitForMultipleObjects
PeekMessageW
AllowSetForegroundWindow
SetThreadDesktop
ExitWindowsEx

advapi32

RegCloseKey
CheckTokenMembership
OpenSCManagerW
OpenServiceW
GetUserNameW
CloseServiceHandle
QueryServiceStatus
StartServiceW
ControlService
QueryServiceConfigW
ChangeServiceConfigW
CreateProcessAsUserW
AllocateAndInitializeSid
FreeSid
OpenEventLogW
CloseEventLog
BackupEventLogW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclW
RegDeleteKeyW
RegSetValueExW
RegDeleteValueW
RegQueryValueExW
RegCreateKeyExW
RegOpenKeyExW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
OpenProcessToken

shell32

CommandLineToArgvW
ShellExecuteExW
ShellExecuteW
SHGetSpecialFolderPathW
SHGetFolderPathW
ExtractIconW

ole32

CoUninitialize
CoCreateInstance
CLSIDFromString
CoInitialize

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

secur32

GetUserNameExW

Sections

.text
Size: 190KB - Virtual size: 190KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 173KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

739c844c9db04b65dba054fbfb341508

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

psapi

kernel32

user32

advapi32

shell32

ole32

version

secur32

Sections

.text Size: 190KB - Virtual size: 190KB

.rdata Size: 64KB - Virtual size: 63KB

.data Size: 72KB - Virtual size: 87KB

.pdata Size: 10KB - Virtual size: 9KB

.rsrc Size: 173KB - Virtual size: 173KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 190KB - Virtual size: 190KB

.rdata
Size: 64KB - Virtual size: 63KB

.data
Size: 72KB - Virtual size: 87KB

.pdata
Size: 10KB - Virtual size: 9KB

.rsrc
Size: 173KB - Virtual size: 173KB

.reloc
Size: 3KB - Virtual size: 3KB