6b697327474bc7975331c86fe22170805227988a17f0d2abfd6176958673570f

Sharing

Copy URL Twitter E-mail

General

Target

6b697327474bc7975331c86fe22170805227988a17f0d2abfd6176958673570f
Size

88KB
MD5

39d1cfd8cb736b1c1d5807632e7a8d2b
SHA1

0f5894278c2c5355866b89f8ebaefc1366e108de
SHA256

6b697327474bc7975331c86fe22170805227988a17f0d2abfd6176958673570f
SHA512

d64d777d8373437851728215007285d0defddec8b3710eb3e89cf681825fbb749c148ac2366a1d05d7ef17be09d7b43266b0043e2faaf25fd9aec8c4c5cb077e
SSDEEP

1536:Djv3y5UDuJsmniaLLQYSS7j7KmWHawp26h1BqoJUdFiePU4Nz7gVV:3v3yPi4LQpSeVaUEUoXgT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6b697327474bc7975331c86fe22170805227988a17f0d2abfd6176958673570f

Files

6b697327474bc7975331c86fe22170805227988a17f0d2abfd6176958673570f
.dll .js windows:4 windows x86 arch:x86 polyglot

7d13e98c28e01029eafee00c7faa8ad0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

RtlTimeToSecondsSince1970
NtQuerySystemTime
sscanf
_itoa
RtlImageDirectoryEntryToData
memmove
atol
RtlAdjustPrivilege
strchr
strncpy
tolower
_snwprintf
strcat
RtlComputeCrc32
memset
strncmp
vsprintf
strcmp
wcsstr
wcslen
_snprintf
atoi
_memicmp
memcpy
memcmp
strlen
_aullrem

kernel32

LoadLibraryA
InterlockedExchange
LocalAlloc
CreateMutexA
GlobalFree
GlobalAlloc
DeleteFileA
GetPrivateProfileSectionNamesA
WritePrivateProfileStringA
WritePrivateProfileSectionA
VirtualProtect
WideCharToMultiByte
GetPrivateProfileStructA
GetPrivateProfileStringA
WritePrivateProfileStructA
GetCommandLineA
ExitProcess
VirtualFree
VirtualAlloc
InterlockedDecrement
GetTickCount
Sleep
GetLastError
GetModuleHandleA
InterlockedIncrement
WaitForSingleObject
SetEvent
GetCurrentThread
CreateEventA
ResetEvent
CreateThread
TerminateThread
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
OpenProcess
lstrcmpiA
GetModuleFileNameA
DeleteCriticalSection
CloseHandle
FreeLibrary
FindFirstFileA
GetProcAddress
FindClose
RaiseException
FindNextFileA
CreateFileA
GetFileSize
VirtualQuery
GetCurrentProcess
Process32First
GetEnvironmentVariableA
MultiByteToWideChar
Process32Next
CreateToolhelp32Snapshot
GetVersionExA
GetCurrentProcessId
SetFilePointer
WriteFile
ReadFile

Exports

Exports

DownloadTo
DownloadToFS
ImpersonateAsInput
JsUpdate
ModuleAdd
ModuleDel
ModuleLoad
ModuleUpdate
SetInputDesktop

Sections

.text
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7d13e98c28e01029eafee00c7faa8ad0

Headers

File Characteristics

Imports

ntdll

kernel32

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 41KB

.rdata Size: 20KB - Virtual size: 18KB

.data Size: 4KB - Virtual size: 3KB

.CRT Size: 4KB - Virtual size: 4B

.rsrc Size: 4KB - Virtual size: 760B

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 44KB - Virtual size: 41KB

.rdata
Size: 20KB - Virtual size: 18KB

.data
Size: 4KB - Virtual size: 3KB

.CRT
Size: 4KB - Virtual size: 4B

.rsrc
Size: 4KB - Virtual size: 760B

.reloc
Size: 8KB - Virtual size: 4KB