6a7c6aad7b391cd371535dd4f92c883308c6e383dacae2f24e975977bf53759f

Sharing

Copy URL

Twitter E-mail

General

Target

6a7c6aad7b391cd371535dd4f92c883308c6e383dacae2f24e975977bf53759f
Size

176KB
MD5

154d32194d1279080fe392766684a9b9
SHA1

c6b1d243142e3f78c103b90a6786d02781550494
SHA256

6a7c6aad7b391cd371535dd4f92c883308c6e383dacae2f24e975977bf53759f
SHA512

41542a632cf7eeadb0ad55e31d567be4b0d56a48db1c616102a740af3cf0820b920641e1e11e3dd48c17dfe302f11c78118feab41883b0a4670411dff40c84f9
SSDEEP

3072:3117viGsihGJh1ftYN9Yh9wypeTMnLmytzq6lF8YkOLJak6bnP+YG73pYm/g52:3r7ajihG91YN9+peTMhnlSzC76bn03xt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
6a7c6aad7b391cd371535dd4f92c883308c6e383dacae2f24e975977bf53759f

Files

6a7c6aad7b391cd371535dd4f92c883308c6e383dacae2f24e975977bf53759f
.exe windows:4 windows x86 arch:x86

a9375d8fa0fa7dc224cf75ad7e340f2a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

timeGetTime
timeSetEvent

kernel32

GlobalFree
GetShortPathNameW
LocalAlloc
DisableThreadLibraryCalls
Sleep
WideCharToMultiByte
GlobalSize
GetProcessId
UnmapViewOfFile
GetFileSize
GetTickCount
SetFilePointer
ReadFile
EnumResourceTypesA
LocalFree
CreateFileA
CreateFileW
GetFileAttributesA
MapViewOfFile
CreateFileMappingA
WriteFile
GlobalAlloc
CloseHandle

wininet

InternetReadFile
InternetOpenA
InternetOpenUrlA
InternetCloseHandle

shell32

SHGetSpecialFolderPathA
SHGetSpecialFolderPathW

user32

EndPaint
DestroyWindow
PostThreadMessageA
GetDesktopWindow
RegisterClassExA
PeekMessageA
GetClassInfoExA
GetWindowLongA
CreateAcceleratorTableA
SetWindowLongA
InvalidateRgn
FillRect
wsprintfA
DrawTextA
UnregisterClassA
SendNotifyMessageA
PostMessageA
IsChild
BeginPaint
SendMessageA
DispatchMessageA
CallWindowProcA
GetActiveWindow
LoadCursorA
CreateDialogParamA
EnumDisplayDevicesA
CharNextA
GetClientRect
GetWindowTextA
ShowWindow
GetWindowRect
ReleaseCapture
SetCapture
EqualRect
SetRect
GetSysColor
MsgWaitForMultipleObjects
ReleaseDC
GetClassNameA
DestroyAcceleratorTable
KillTimer
GetDC
MoveWindow
FindWindowA
wvsprintfA
SetWindowTextA
GetParent
RegisterWindowMessageA
CopyRect
GetWindow
SetTimer
DefWindowProcA
GetDlgItem
InvalidateRect
GetFocus
CreateWindowExA
SendMessageTimeoutA
IsWindow
RedrawWindow
SetFocus
GetQueueStatus
GetWindowTextLengthA
SetParent
SetWindowPos

setupapi

SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA

gdi32

RealizePalette
ExtEscape
SelectObject
GetDIBits
StretchDIBits
BitBlt
DeleteObject
GetObjectA
CreateSolidBrush
GetStockObject
SelectPalette
GetDeviceCaps
CreateCompatibleDC
CreateCompatibleBitmap
SetStretchBltMode
CreateFontA
DeleteDC
CreateDIBSection
CreateDIBitmap
SetBkMode

shlwapi

PathFileExistsW
PathCombineW

version

GetFileVersionInfoA
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeW
VerQueryValueA

gdiplus

GdipAlloc
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipGetImagePixelFormat
GdipDisposeImage
GdipFree
GdipCloneImage

advapi32

CryptDestroyHash
CryptCreateHash
CryptImportKey
RegCreateKeyExA
CryptEncrypt
RegQueryValueExA
CryptGetHashParam
RegEnumValueA
RegQueryInfoKeyA
CryptReleaseContext
RegDeleteValueA
CryptAcquireContextA
CryptHashData
RegCloseKey
CryptDestroyKey
RegSetValueExA
RegEnumKeyExA
RegOpenKeyExA
RegDeleteKeyA

ole32

GetRunningObjectTable
CLSIDFromProgID
StringFromGUID2
CoInitializeSecurity
CoInitialize
StgOpenStorage
CreateStreamOnHGlobal
OleUninitialize
CoSetProxyBlanket
CoUninitialize
CoGetClassObject
StgCreateDocfile
StgIsStorageFile
CoTaskMemAlloc
OleLockRunning
CoTaskMemRealloc
CoCreateInstance
OleInitialize
CoTaskMemFree
CreateItemMoniker
CreateBindCtx
BindMoniker
CLSIDFromString

Sections

.text
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a9375d8fa0fa7dc224cf75ad7e340f2a

Headers

File Characteristics

Imports

winmm

kernel32

wininet

shell32

user32

setupapi

gdi32

shlwapi

version

gdiplus

advapi32

ole32

Sections

.text Size: 97KB - Virtual size: 96KB

.rdata Size: 5KB - Virtual size: 4KB

.bss Size: 72KB - Virtual size: 72KB

.tls Size: 1024B - Virtual size: 88KB

.text
Size: 97KB - Virtual size: 96KB

.rdata
Size: 5KB - Virtual size: 4KB

.bss
Size: 72KB - Virtual size: 72KB

.tls
Size: 1024B - Virtual size: 88KB