6fea406665cef20f27da3e7dc4f9f9272450056e8e001e488e308698be96c808

Sharing

Copy URL

Twitter E-mail

General

Target

6fea406665cef20f27da3e7dc4f9f9272450056e8e001e488e308698be96c808
Size

408KB
MD5

7d2114e2af7971429bbe9868c574935e
SHA1

0ab846343f5e4e42a64f4dfbe5537b8b8a81afba
SHA256

6fea406665cef20f27da3e7dc4f9f9272450056e8e001e488e308698be96c808
SHA512

daf8a2f1308f0684c7356d4844ae55675c5f247a05e952c38a9b44c17c6f4a2dea1337ce93d92cebff9bde4175d5fa9ba764854ceeaa0f6494f7e347cfd1a04b
SSDEEP

6144:8W+RubsNfKyxpOhToKr1xTtos+1AMhVpVQQmTtgC1Cv:84b6yyxp6pGJXpGQmM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6fea406665cef20f27da3e7dc4f9f9272450056e8e001e488e308698be96c808

Files

6fea406665cef20f27da3e7dc4f9f9272450056e8e001e488e308698be96c808
.exe windows:4 windows x86 arch:x86

0e248a06fc4c55815bc5c9cc169c2db0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\jk_9\workspace\GSP_ERR240415162-TASK1_release-20240428-m-4x-EI-II-20240220_windows\code_path\NPAPI__9cdbe2\Bin\Win32\Win_x86_32\pdb\WebActiveX.pdb

Imports

winmm

PlaySoundW

kernel32

lstrcmpiW
SizeofResource
LoadResource
FindResourceA
GetModuleHandleA
EnterCriticalSection
LeaveCriticalSection
FlushInstructionCache
GetCurrentProcess
MulDiv
GlobalUnlock
GlobalLock
GlobalAlloc
SetLastError
SetEvent
CloseHandle
WaitForSingleObject
CreateThread
CreateEventA
Sleep
GetCommandLineA
HeapFree
GetProcessHeap
InterlockedExchange
CreateMutexA
ReleaseMutex
CreateFileW
GlobalFree
CreateFileA
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
IsValidCodePage
GetOEMCP
GetACP
SetFilePointer
ReadFile
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetFileType
SetHandleCount
HeapSize
GetStdHandle
WriteFile
HeapCreate
HeapDestroy
VirtualFree
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
ExitProcess
GetCPInfo
LCMapStringW
LCMapStringA
DeleteFileW
IsDBCSLeadByte
OutputDebugStringA
InterlockedDecrement
InterlockedIncrement
GetCurrentThreadId
GetCurrentProcessId
CreateToolhelp32Snapshot
Thread32First
Thread32Next
lstrcmpiA
lstrlenA
GetLastError
DeleteCriticalSection
InitializeCriticalSection
RaiseException
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
InterlockedCompareExchange
GetThreadLocale
FindFirstFileA
LoadLibraryExA
FindNextFileA
FreeLibrary
GetProcAddress
GetModuleFileNameA
VirtualQuery
IsProcessorFeaturePresent
CreateDirectoryW
GetFileAttributesW
GetLocaleInfoA
SetFileAttributesW
SetEndOfFile
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
LoadLibraryA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetStartupInfoA
GetVersionExA
GetFileAttributesA
HeapReAlloc
GetSystemInfo
VirtualAlloc
VirtualProtect
HeapAlloc
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess

user32

UnregisterClassA
DispatchMessageA
PostThreadMessageA
CreateWindowExA
GetMessageA
GetKeyState
InvalidateRect
IsWindow
GetFocus
IsChild
SetFocus
UnionRect
PtInRect
CallWindowProcA
BeginPaint
EndPaint
IntersectRect
EqualRect
OffsetRect
SetWindowRgn
SetWindowPos
GetDC
ReleaseDC
LoadCursorA
GetClassInfoExA
ShowWindow
GetClientRect
DefWindowProcA
DestroyWindow
PostMessageA
GetWindowLongA
SetWindowLongA
CharNextA
RegisterClassExA

gdi32

LPtoDP
SetMapMode
SetViewportOrgEx
DeleteDC
CreateDCA
Rectangle
SetTextAlign
TextOutA
CreateMetaFileA
SaveDC
SetWindowOrgEx
SetWindowExtEx
RestoreDC
CloseMetaFile
DeleteMetaFile
CreateRectRgnIndirect
GetDeviceCaps

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA

shell32

SHBrowseForFolderW
SHGetPathFromIDListW

ole32

CoRegisterClassObject
CoRevokeClassObject
OleSaveToStream
WriteClassStm
CreateDataAdviseHolder
OleRegGetMiscStatus
CoCreateInstance
OleRegEnumVerbs
CreateOleAdviseHolder
OleLoadFromStream
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
StringFromGUID2
CoInitialize
CoUninitialize
OleRegGetUserType

oleaut32

UnRegisterTypeLi
RegisterTypeLi
SysAllocStringLen
VarUI4FromStr
SysAllocStringByteLen
SysFreeString
OleCreatePropertyFrame
LoadTypeLi
LoadRegTypeLi
SysStringLen
VariantChangeType
VariantClear
VariantInit
SysStringByteLen
SysAllocString

shlwapi

PathAddBackslashA
PathAppendA
PathRemoveFileSpecA

Sections

.text
Size: 328KB - Virtual size: 325KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0e248a06fc4c55815bc5c9cc169c2db0

Headers

File Characteristics

PDB Paths

Imports

winmm

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

Sections

.text Size: 328KB - Virtual size: 325KB

.rdata Size: 56KB - Virtual size: 52KB

.data Size: 12KB - Virtual size: 19KB

.rsrc Size: 8KB - Virtual size: 5KB

.text
Size: 328KB - Virtual size: 325KB

.rdata
Size: 56KB - Virtual size: 52KB

.data
Size: 12KB - Virtual size: 19KB

.rsrc
Size: 8KB - Virtual size: 5KB