e6106e435442f42691b859f8322b98b5b290055607486c1831131bafa17401f9N

Sharing

Copy URL Twitter E-mail

General

Target

e6106e435442f42691b859f8322b98b5b290055607486c1831131bafa17401f9N
Size

3.7MB
MD5

412f1cd81eba6ab44193acbccbfd6830
SHA1

e6243a6804bf9b7fb7a7fcd154bbc0851e54539c
SHA256

e6106e435442f42691b859f8322b98b5b290055607486c1831131bafa17401f9
SHA512

b235c1d4256e37ccd2b2e1a7c39f7d89631172597f8bdb19e0cf1fa3c31eeb7df5ba0b4a55893b80ee691842d0e83f6a19f9ee1956c0d3574cd35441a5823cb2
SSDEEP

98304:jgT7Y6+6gJf6PD3Nmn7AJEgLYXMKUCCCNYzQEr0WO0Yk84VIBCGe:i+NJiPD3Nm7AJEgLYX8CNYzQEr0WO0Y6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e6106e435442f42691b859f8322b98b5b290055607486c1831131bafa17401f9N

Files

e6106e435442f42691b859f8322b98b5b290055607486c1831131bafa17401f9N
.exe windows:4 windows x86 arch:x86

c262cca8cb48e361ab5fd72bd6698ef6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcatA
lstrlenA
Sleep
GetFileSize
lstrcmpA
ReadFile
SetFilePointer
GetModuleHandleA
MultiByteToWideChar
CopyFileA
GetSystemTime
FindClose
FindNextFileA
FindFirstFileA
EndUpdateResourceA
UpdateResourceA
BeginUpdateResourceA
GetSystemDefaultLangID
lstrcpyW
lstrlenW
CreateProcessA
MoveFileA
ExpandEnvironmentStringsA
GetWindowsDirectoryW
InitializeCriticalSection
SetEnvironmentVariableA
CompareStringW
CompareStringA
FlushFileBuffers
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
SetStdHandle
GetOEMCP
GetCPInfo
IsBadCodePtr
IsBadReadPtr
InterlockedIncrement
InterlockedDecrement
SetUnhandledExceptionFilter
LeaveCriticalSection
EnterCriticalSection
IsBadWritePtr
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
DeleteCriticalSection
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
HeapSize
HeapReAlloc
UnhandledExceptionFilter
HeapAlloc
SetLastError
TlsAlloc
LoadLibraryA
GetProcAddress
CreateFileA
WriteFile
GetCurrentDirectoryA
OpenFileMappingA
GetCurrentProcessId
GetSystemDirectoryA
SetFileAttributesA
UnmapViewOfFile
GetModuleFileNameA
VirtualProtect
VirtualAlloc
WinExec
CreateToolhelp32Snapshot
Process32First
Process32Next
Module32First
Module32Next
CloseHandle
GetCurrentProcess
TerminateProcess
DeleteFileA
GetCurrentThreadId
RaiseException
HeapFree
ExitProcess
GetVersion
GetCommandLineA
GetStartupInfoA
RtlUnwind
GetLocalTime
GetTimeZoneInformation
ExitThread
TlsGetValue
TlsSetValue
CreateThread
ResumeThread
GetLastError
VirtualFree
lstrcpyA
CreateFileMappingA
MapViewOfFile
GetACP

user32

EndDialog
SetTimer
MessageBoxA
SystemParametersInfoA
IsDlgButtonChecked
CheckDlgButton
GetClassNameA
IsWindow
GetTopWindow
IsWindowVisible
FindWindowA
wsprintfA
KillTimer
LoadIconA
GetDlgItem
EnableWindow
SetDlgItemTextA
GetDlgItemTextA
GetWindow
GetClassNameW
GetWindowThreadProcessId
GetKeyboardLayoutNameA
GetKeyboardLayoutList
UnloadKeyboardLayout
ReleaseCapture
ClientToScreen
SetCursor
SetCapture
LoadBitmapA
LoadCursorA
WindowFromPoint
GetParent
PtInRect
GetWindowDC
GetWindowRect
OffsetRect
IsRectEmpty
ReleaseDC
DialogBoxParamA
GetClassInfoExA
RegisterClassExA
WaitForInputIdle
SendMessageA
PeekMessageA
TranslateMessage
DispatchMessageA
PostMessageA

gdi32

PatBlt

advapi32

RegCloseKey
RegEnumKeyExA
RegCreateKeyA
RegSetValueExA
RegQueryValueExA
RegDeleteKeyA
RegOpenKeyA
RegOpenKeyExA
RegEnumValueA

shell32

ShellExecuteExA
ShellExecuteA

ws2_32

WSAStartup
inet_ntoa
__WSAFDIsSet
inet_addr
gethostbyname
socket
htons
connect
recv
closesocket
select
send

imm32

ImmGetDescriptionA
ImmIsIME

shlwapi

StrCatW
PathRenameExtensionA
PathFileExistsA
PathIsFileSpecA
PathFindExtensionA
PathRemoveFileSpecA
PathFindFileNameA

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

Sections

.text
Size: 132KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.TEX0
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.TEX1
Size: 856KB - Virtual size: 853KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.rsrc
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c262cca8cb48e361ab5fd72bd6698ef6

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ws2_32

imm32

shlwapi

version

Sections

.text Size: 132KB - Virtual size: 128KB

.rdata Size: 2.6MB - Virtual size: 2.6MB

.data Size: 16KB - Virtual size: 45KB

.TEX0 Size: 68KB - Virtual size: 64KB

.TEX1 Size: 856KB - Virtual size: 853KB

.rsrc Size: 68KB - Virtual size: 64KB

.text
Size: 132KB - Virtual size: 128KB

.rdata
Size: 2.6MB - Virtual size: 2.6MB

.data
Size: 16KB - Virtual size: 45KB

.TEX0
Size: 68KB - Virtual size: 64KB

.TEX1
Size: 856KB - Virtual size: 853KB

.rsrc
Size: 68KB - Virtual size: 64KB