6d697f26489263da9371f559fe960e5705f0577b5d242d89c5d2b4050646f494

Sharing

Copy URL Twitter E-mail

General

Target

6d697f26489263da9371f559fe960e5705f0577b5d242d89c5d2b4050646f494
Size

351KB
MD5

d16bb20789eb568e6501e40dfe1491f1
SHA1

dc71b05610d360f3e4d683052eb4d9e2c56b13b4
SHA256

6d697f26489263da9371f559fe960e5705f0577b5d242d89c5d2b4050646f494
SHA512

c69f1f7f0433ff2c996a5f9a65d371cb77ca394752a00c8cd7b45c6fc478a3f3932b5e07d9bf0e1e85dd26ebf47a775097ecc02f30d24a8c137f165441fad446
SSDEEP

768:kNFwyCgQ8XuZhD5Lbc/4GvtljzoR9J2RDBvK9on8pf:kNFwBR8+ZfcRuR9J2mon8t

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6d697f26489263da9371f559fe960e5705f0577b5d242d89c5d2b4050646f494

Files

6d697f26489263da9371f559fe960e5705f0577b5d242d89c5d2b4050646f494
.exe windows:4 windows x86 arch:x86

c7baaf7c36ee50fbac0c914ba497ac1d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
GetCurrentThread
GetTickCount
GetOEMCP
GetComputerNameW
Sleep
WaitForSingleObject
CreateThread
CloseHandle
Process32NextW
OpenProcess
Process32FirstW
CreateToolhelp32Snapshot
GetCurrentProcess
WriteFile
CreateFileW
CreatePipe
WideCharToMultiByte
ReadFile
CreateProcessW
GetSystemDirectoryW
GetStartupInfoW
MoveFileExW
GetModuleFileNameW
GetStringTypeW
GetStringTypeA
LCMapStringW
GetVersionExW
GetProcAddress
TerminateProcess
MultiByteToWideChar
LCMapStringA
SetStdHandle
LoadLibraryA
GetACP
GetCPInfo
FlushFileBuffers
SetFilePointer
VirtualAlloc
RtlUnwind
VirtualFree
HeapCreate
HeapDestroy
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
ExitProcess
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
HeapReAlloc
HeapAlloc
HeapSize
HeapFree
UnhandledExceptionFilter

user32

wsprintfW

advapi32

OpenProcessToken
GetTokenInformation
LookupAccountSidA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
OpenThreadToken

shell32

ShellExecuteW

ws2_32

inet_ntoa
gethostbyname
gethostname
WSACleanup
WSAStartup
inet_addr

wininet

HttpSendRequestA
InternetReadFile
HttpOpenRequestA
InternetOpenW
InternetSetOptionW
InternetCloseHandle
InternetConnectA

psapi

EnumProcessModules
GetModuleFileNameExW

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shell
Size: 320KB - Virtual size: 320KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c7baaf7c36ee50fbac0c914ba497ac1d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ws2_32

wininet

psapi

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 3KB - Virtual size: 12KB

.shell Size: 320KB - Virtual size: 320KB

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 3KB - Virtual size: 12KB

.shell
Size: 320KB - Virtual size: 320KB