6d0b485ee20f5d335231f4c37f9e08b97ba0c77dd4a3487f8368a58b84901c8aN

Sharing

Copy URL

Twitter E-mail

General

Target

6d0b485ee20f5d335231f4c37f9e08b97ba0c77dd4a3487f8368a58b84901c8aN
Size

218KB
MD5

b26f0c9c3fb192c44ce402b5d4d32f60
SHA1

7c23828249164acf8500911ffd899b05f1164d36
SHA256

6d0b485ee20f5d335231f4c37f9e08b97ba0c77dd4a3487f8368a58b84901c8a
SHA512

24c016f4203f986b8543aff540043c1b9433ca8d1153199347a99ec808f6bc8726ed9b57a66ec8bf0861174d2d80dc6a7d9eacd0d90dd6e64b848d634778fe19
SSDEEP

6144:LEQBDdO1z7L/EIhZDE9oLfFWlMZT7+DGaMwIC:LEGDdQNHEwWlMxYG/wI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6d0b485ee20f5d335231f4c37f9e08b97ba0c77dd4a3487f8368a58b84901c8aN

Files

6d0b485ee20f5d335231f4c37f9e08b97ba0c77dd4a3487f8368a58b84901c8aN
.exe windows:4 windows x86 arch:x86

2e5df9fb7e893bd2efa286b6326edce6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStartupInfoA
EnumCalendarInfoA
DisconnectNamedPipe
MoveFileA
lstrcpyn
GetCommandLineA
GetSystemDirectoryW
GetEnvironmentVariableA
IsBadStringPtrA
FindAtomW
ReadDirectoryChangesW
GetFullPathNameW
GetFileAttributesA
ExitThread
LoadLibraryA
lstrlenA
lstrlen
FindResourceA
FindResourceW
GetTempPathW
GetFullPathNameA
OpenMutexW
SearchPathW
GetProcAddress
EnumTimeFormatsW
GetLocaleInfoW
EnumTimeFormatsA
GetCPInfo
OpenMutexA
GetThreadPriority
LoadResource
CreateFileMappingA
GetNamedPipeInfo
lstrcpynW
CompareStringW
OpenFile
IsBadCodePtr
GetDiskFreeSpaceA
GetTimeFormatW
FindAtomA
GlobalGetAtomNameW
MultiByteToWideChar
CreateMailslotW

user32

LoadMenuIndirectW
GetDC
SetCursorPos
OpenClipboard
CreateAcceleratorTableA
OffsetRect
IsDlgButtonChecked
LoadMenuIndirectA
GetMessageW
WinHelpA
UpdateWindow
IsMenu
GetKeyState
UnregisterClassA
DestroyIcon
ShowWindow
SetFocus
TrackPopupMenuEx

gdi32

GetLogColorSpaceW
EnumFontFamiliesW
CreateICW
OffsetClipRgn
SetRectRgn
SetTextColor
PlayEnhMetaFile
CreateFontIndirectExW
GetOutlineTextMetricsW
GetBrushOrgEx
SetEnhMetaFileBits
StartDocW
GetObjectA

advapi32

RegQueryInfoKeyW
RegOpenKeyExA
RegQueryValueW
RegReplaceKeyW
RegOpenKeyExA
RegQueryInfoKeyA
RegDeleteKeyA
RegQueryValueA
RegDeleteValueA
RegOpenKeyExW
RegReplaceKeyA
RegRestoreKeyW

shell32

SHGetDataFromIDListA
SHGetFileInfoA

shlwapi

StrStrW
SHOpenRegStream2A
StrToIntA
PathParseIconLocationA
PathSkipRootW
StrToIntExA
PathCreateFromUrlA
StrCmpNIW
StrChrNIW
UrlIsOpaqueA

ole32

CoGetCurrentProcess
CLSIDFromString

winmm

midiOutSetVolume
mxd32Message
mmioClose
mciSendStringW
mmioSendMessage
mixerGetLineControlsW
mmTaskBlock

Sections

.ma
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.obptK
Size: 5KB - Virtual size: 197KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Wv
Size: 2KB - Virtual size: 341KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UeARA
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rddrej
Size: 3KB - Virtual size: 396KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.roXfGq
Size: 3KB - Virtual size: 458KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.BOJdrg
Size: 3KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.IU
Size: 3KB - Virtual size: 473KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.y
Size: 512B - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 109KB - Virtual size: 332KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.kzG
Size: 1KB - Virtual size: 205KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.cMrd
Size: 512B - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 634B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2e5df9fb7e893bd2efa286b6326edce6

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

ole32

winmm

Sections

.ma Size: 6KB - Virtual size: 6KB

.obptK Size: 5KB - Virtual size: 197KB

.Wv Size: 2KB - Virtual size: 341KB

.UeARA Size: 9KB - Virtual size: 9KB

.rddrej Size: 3KB - Virtual size: 396KB

.roXfGq Size: 3KB - Virtual size: 458KB

.BOJdrg Size: 3KB - Virtual size: 37KB

.IU Size: 3KB - Virtual size: 473KB

.y Size: 512B - Virtual size: 148KB

.data Size: 109KB - Virtual size: 332KB

.kzG Size: 1KB - Virtual size: 205KB

.cMrd Size: 512B - Virtual size: 162KB

.rsrc Size: 68KB - Virtual size: 68KB

.reloc Size: 1024B - Virtual size: 634B

.ma
Size: 6KB - Virtual size: 6KB

.obptK
Size: 5KB - Virtual size: 197KB

.Wv
Size: 2KB - Virtual size: 341KB

.UeARA
Size: 9KB - Virtual size: 9KB

.rddrej
Size: 3KB - Virtual size: 396KB

.roXfGq
Size: 3KB - Virtual size: 458KB

.BOJdrg
Size: 3KB - Virtual size: 37KB

.IU
Size: 3KB - Virtual size: 473KB

.y
Size: 512B - Virtual size: 148KB

.data
Size: 109KB - Virtual size: 332KB

.kzG
Size: 1KB - Virtual size: 205KB

.cMrd
Size: 512B - Virtual size: 162KB

.rsrc
Size: 68KB - Virtual size: 68KB

.reloc
Size: 1024B - Virtual size: 634B