6e20f9687cd7e6e2e7cc956a4f834e079b9cfb53d7db3776f99b0fd4b3fcb196

Sharing

Copy URL

Twitter E-mail

General

Target

6e20f9687cd7e6e2e7cc956a4f834e079b9cfb53d7db3776f99b0fd4b3fcb196
Size

272KB
MD5

0dafdcef4ed05d008c7fde7bc21daf75
SHA1

18ae591bd31256514b073a22be27c91d0532547b
SHA256

6e20f9687cd7e6e2e7cc956a4f834e079b9cfb53d7db3776f99b0fd4b3fcb196
SHA512

01cf7cedd294e605bc687947f9aea1335addf5593c055d1ee82a7f754fce7280848d5de0862fdde226f6fa83e605571d12686d47bd7fa89c68bcb753f5f6f60a
SSDEEP

3072:YNZEITsAQlhWCcC6uYnF9uAzX/0faAbPy8psrs1BN2JZBS7BtRJQZfwM+ZgAqrPW:0bsAKDSruAj0fasyM34BSvG+Zgfb2CE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6e20f9687cd7e6e2e7cc956a4f834e079b9cfb53d7db3776f99b0fd4b3fcb196

Files

6e20f9687cd7e6e2e7cc956a4f834e079b9cfb53d7db3776f99b0fd4b3fcb196
.exe windows:4 windows x86 arch:x86

3e8967defaae8d49c698494d12d28553

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

lz32

LZCopy
LZOpenFileA
LZClose

kernel32

CreateProcessA
GetConsoleMode
GetConsoleCP
SetStdHandle
InitializeCriticalSection
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapSize
LCMapStringW
WideCharToMultiByte
LCMapStringA
WriteFile
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetFileType
GetStdHandle
SetHandleCount
GetStringTypeW
WaitForSingleObject
GetStringTypeA
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
ExitProcess
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetOEMCP
GetACP
GetCPInfo
GetStartupInfoA
RtlUnwind
RaiseException
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedDecrement
InterlockedIncrement
OutputDebugStringA
GetCommandLineA
LoadLibraryA
FreeLibrary
Sleep
RemoveDirectoryA
GetShortPathNameA
GetFileAttributesA
WritePrivateProfileStringA
lstrcmpA
MulDiv
GetModuleFileNameA
UnmapViewOfFile
CreateFileMappingA
MapViewOfFile
ReadFile
GetVersionExA
GetCurrentProcess
GetProcessHeap
HeapAlloc
HeapFree
GetSystemDirectoryA
GetTempPathA
GetTempFileNameA
CreateDirectoryA
SetFileAttributesA
DeleteFileA
FindNextFileA
MoveFileExA
FindFirstFileA
FindClose
CreateFileA
GetLastError
CloseHandle
GetPrivateProfileIntA
GetPrivateProfileStringA
lstrcatA
GetWindowsDirectoryA
SetThreadLocale
lstrcpynA
lstrcpyA
lstrcmpiA
GetSystemDefaultLCID
lstrlenA
GetLocaleInfoA
GetModuleHandleA
GetProcAddress
FlushFileBuffers
SetFilePointer
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
MultiByteToWideChar

user32

IsDialogMessageA
TranslateMessage
DispatchMessageA
CreateWindowExA
LoadIconA
FindWindowA
PostQuitMessage
DefWindowProcA
GetSystemMenu
EnableMenuItem
PostMessageA
MessageBoxA
BeginPaint
EndPaint
GetUpdateRect
SetDlgItemTextA
DestroyWindow
CreateDialogParamA
ShowWindow
OffsetRect
DrawTextA
IsWindow
CopyRect
UpdateWindow
GetWindowDC
SystemParametersInfoA
LoadCursorA
RegisterClassA
GetSystemMetrics
FindWindowExA
SetWindowTextA
SetWindowPos
CharNextA
GetDC
GetClientRect
ReleaseDC
InvalidateRect
GetWindowLongA
GetWindowRect
SendMessageA
SetWindowLongA
wsprintfA
GetMessageA
GetSysColor

gdi32

CreateDIBitmap
CreateDIBSection
CreatePalette
SetBkMode
GetTextColor
CreateRectRgn
Polygon
ExtSelectClipRgn
RealizePalette
CreatePatternBrush
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
SetStretchBltMode
StretchBlt
SetBkColor
SetTextColor
BitBlt
CreateSolidBrush
GetDeviceCaps
GetObjectA
GetStockObject
DeleteObject
SelectPalette
CreateFontA
SetBrushOrgEx
SelectObject

advapi32

GetLengthSid
InitializeAcl
AddAccessAllowedAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegSetKeySecurity
RegCloseKey
FreeSid
RegEnumKeyExA
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegOpenKeyExA
AllocateAndInitializeSid

shell32

FindExecutableA

shlwapi

SHDeleteKeyA

Sections

.text
Size: 128KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3e8967defaae8d49c698494d12d28553

Headers

File Characteristics

Imports

version

lz32

kernel32

user32

gdi32

advapi32

shell32

shlwapi

Sections

.text Size: 128KB - Virtual size: 124KB

.rdata Size: 36KB - Virtual size: 35KB

.data Size: 16KB - Virtual size: 29KB

.rsrc Size: 16KB - Virtual size: 12KB

.text Size: 72KB - Virtual size: 72KB

.text
Size: 128KB - Virtual size: 124KB

.rdata
Size: 36KB - Virtual size: 35KB

.data
Size: 16KB - Virtual size: 29KB

.rsrc
Size: 16KB - Virtual size: 12KB

.text
Size: 72KB - Virtual size: 72KB