6d9f0787e80e506518289972eed60a272da5182aa148a2acc8c28a126ebf1002

Sharing

Copy URL Twitter E-mail

General

Target

6d9f0787e80e506518289972eed60a272da5182aa148a2acc8c28a126ebf1002
Size

455KB
MD5

371750b7abfafa7fb7155589b3945d92
SHA1

ec301eef1ffc4e107672dd25630f5967f46c6413
SHA256

6d9f0787e80e506518289972eed60a272da5182aa148a2acc8c28a126ebf1002
SHA512

c371bb947f6942c5269839a1372da95bbd7a9ca5f92f390f974cb0bdecf50618be21fdd13878fabd2a8bd53e5a767c4704064864fbfc16768f8942b845612df3
SSDEEP

12288:FZTIMil6a0heOyvPPVMW4RGV+1aeV5qgFW9hS0Faai:bTifKeOuP9wRGhejW/Ji

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6d9f0787e80e506518289972eed60a272da5182aa148a2acc8c28a126ebf1002

Files

6d9f0787e80e506518289972eed60a272da5182aa148a2acc8c28a126ebf1002
.exe windows:5 windows x86 arch:x86

3cc5bf061b73ae163a50da392f05c05e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStdHandle
GetCurrentProcess
SetEndOfFile
FreeEnvironmentStringsA
GetEnvironmentStringsW
TlsGetValue
SetThreadPriority
GetOEMCP
FormatMessageW
InterlockedIncrement
DuplicateHandle
GetFullPathNameW
GetAtomNameW
GetFileSize
GetModuleFileNameW
lstrcmpW
FatalAppExitA
UnhandledExceptionFilter
GetCurrentThread
VirtualAlloc
HeapSize
GetStartupInfoW
GlobalDeleteAtom
EnumResourceLanguagesW
CreateFileW
GetLastError
CompareStringA
lstrcmpA
SystemTimeToFileTime
GetACP
MoveFileW
SizeofResource
WriteFile
TlsAlloc
GlobalAddAtomW
GetSystemInfo
DeleteFileW
UnlockFile
GlobalFree
ConvertDefaultLocale
GetCurrentThreadId
LocalAlloc
FreeEnvironmentStringsW
RtlUnwind
GetCommandLineA
GlobalSize
GetModuleHandleA
CloseHandle
EnterCriticalSection
SetErrorMode
GetDriveTypeW
GetUserDefaultLCID
GetCurrentDirectoryA
lstrlenA
SetFileTime
CopyFileW
LCMapStringA
VirtualFree
HeapAlloc
GetCommandLineW
GetShortPathNameW
InterlockedDecrement
LoadResource
lstrcmpiW
HeapDestroy
LCMapStringW
InitializeCriticalSection
LockFile
FindResourceW
WideCharToMultiByte
lstrlenW
GlobalFlags
LocalReAlloc
lstrcpyA
DeleteCriticalSection
GetFileTime
CreateEventW
LeaveCriticalSection
GetPrivateProfileIntW
GetCurrentProcessId
FileTimeToSystemTime
GlobalReAlloc
GetThreadLocale
InterlockedExchange
ResetEvent
GetVolumeInformationW
GlobalLock
CreateThread
TerminateProcess
FindClose
HeapFree
GetFileAttributesA
IsDebuggerPresent
SuspendThread
GlobalGetAtomNameW
ExitProcess
ReadFile
GlobalFindAtomW
LockResource
RaiseException
FileTimeToLocalFileTime
GetPrivateProfileStringW
LocalFileTimeToFileTime
CreateProcessW
ExitThread
MulDiv
SetUnhandledExceptionFilter
WaitForSingleObject
Sleep
SetFilePointer
SetCurrentDirectoryA
GetVersionExW
GetVersionExA
HeapReAlloc
SetLastError
GetVersion
CompareStringW
GetCPInfo
GetProcessHeap
HeapCreate
GlobalUnlock
GlobalAlloc
FindFirstFileW
LoadLibraryA
GetFileAttributesW
GetLocaleInfoW
FindNextFileW
SetHandleCount
GetEnvironmentStrings
FlushFileBuffers
GlobalHandle
IsValidCodePage
SetEvent
FreeResource
WritePrivateProfileStringW
SetFileAttributesW
GetStringTypeExW
ResumeThread
TlsFree
TlsSetValue

wmi

WmiNotificationRegistrationW

shell32

Shell_NotifyIconW
SHGetFileInfoW

version

GetFileVersionInfoSizeA

rpcrt4

RpcBindingFromStringBindingW
RpcBindingFromStringBindingA

comctl32

CreatePropertySheetPageW
InitCommonControlsEx
CreateToolbarEx
ImageList_Destroy
ImageList_GetIconSize
PropertySheetW
ImageList_Draw

ws2_32

WSALookupServiceBeginW
getaddrinfo
WSAAddressToStringA
WSAStringToAddressA
WSAAddressToStringW
WSARecvFrom
WSAEventSelect
WSALookupServiceEnd
WSAIoctl
WSASocketW
freeaddrinfo
getnameinfo
WSALookupServiceNextW
WSASendTo

msvcrt

strncmp
_ultoa
__dllonexit
qsort
atol
memmove
_adjust_fdiv
wcslen
isxdigit
_wcsicmp
strncpy
malloc
_ltow
sprintf
_onexit
wcscpy
_ltoa
_wcsnicmp
wcscat
bsearch
_itow
_except_handler3
_initterm
strtoul
free
isupper
_snwprintf
wcscmp
wcschr
isdigit

comdlg32

GetOpenFileNameA
PrintDlgA

dnsapi

DnsApiFree
DnsValidateName_A
DnsReplaceRecordSetW

crypt32

CertFindCertificateInStore
CryptUnprotectData
CertFreeCertificateContext
CertCloseStore
CertOpenStore

advapi32

RegCreateKeyExA
CryptVerifySignatureA
CryptSignHashA
RegQueryInfoKeyA
RegDeleteKeyW
CryptSetProviderA
RegSetValueExW
RegEnumValueA
RegQueryInfoKeyW
RegEnumKeyExA
RegQueryValueExA
RegCloseKey
RegEnumValueW
CryptAcquireContextA
RegQueryValueExW
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyExW
RegSetValueExA
RegCreateKeyExW
RegDeleteValueW

Sections

.data
Size: 4KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 314KB - Virtual size: 314KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3cc5bf061b73ae163a50da392f05c05e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

wmi

shell32

version

rpcrt4

comctl32

ws2_32

msvcrt

comdlg32

dnsapi

crypt32

advapi32

Sections

.data Size: 4KB - Virtual size: 1.8MB

.rsrc Size: 107KB - Virtual size: 107KB

.rdata Size: 28KB - Virtual size: 27KB

.text Size: 314KB - Virtual size: 314KB

.data
Size: 4KB - Virtual size: 1.8MB

.rsrc
Size: 107KB - Virtual size: 107KB

.rdata
Size: 28KB - Virtual size: 27KB

.text
Size: 314KB - Virtual size: 314KB