6ad1fa659db01a4985dae4be70262cf9c458f0c3e4a3437333d71112eba81e80[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

6ad1fa659db01a4985dae4be70262cf9c458f0c3e4a3437333d71112eba81e80.exe
Size

572KB
MD5

4731ca22c3107b5ec08fb49ee58e39f7
SHA1

cdfe60c5a09834f98dca5ba1fba3d6e23ca21552
SHA256

6ad1fa659db01a4985dae4be70262cf9c458f0c3e4a3437333d71112eba81e80
SHA512

e7831827e1c92d8f0ec207adbf4bdbb93b76bc631642063b4f7ee32a1cc3e0ea4e97c5e53e0cbb401fd970330db741df356cfbce7e1fa6c95d9a4823c43ed39b
SSDEEP

6144:VJVAfqX+2Rr+nxQDBO03fHEera3bpt5eH50:VvAfLfaEkAz5e0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
6ad1fa659db01a4985dae4be70262cf9c458f0c3e4a3437333d71112eba81e80.exe

Files

6ad1fa659db01a4985dae4be70262cf9c458f0c3e4a3437333d71112eba81e80.exe
.dll windows:4 windows x86 arch:x86

9a30e75c82eff20dfe0e0897d34cb07c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
VirtualAlloc
VirtualProtect
GetProcAddress
lstrcmpA
InitializeCriticalSectionAndSpinCount
CompareFileTime
VerLanguageNameW
VerLanguageNameA

ole32

OleUninitialize
OleInitialize
OleFlushClipboard
HICON_UserUnmarshal
CreateStdProgressIndicator
ReadClassStm
OleCreateFromFile
OleCreateEx
HICON_UserMarshal

oleacc

CreateStdAccessibleProxyW
AccessibleObjectFromPoint
WindowFromAccessibleObject
AccessibleObjectFromEvent
AccessibleChildren
LresultFromObject
GetRoleTextW
LIBID_Accessibility
DllCanUnloadNow

shlwapi

IsCharSpaceA
StrFormatByteSizeA
StrCmpLogicalW
SHRegCloseUSKey
SHRegGetPathW

user32

GetDlgCtrlID
GetClientRect
SetWindowRgn
GetClipboardSequenceNumber
EnumDisplaySettingsExA
CreateAcceleratorTableA
DdeCreateDataHandle
CreateDesktopA
MB_GetString

winmm

midiInUnprepareHeader
waveOutClose
midiInGetDevCapsW
mmGetCurrentTask
mciGetErrorStringA
WOWAppExit
joyGetDevCapsA
midiOutGetNumDevs
mixerGetLineInfoW

shell32

IsLFNDrive
DAD_DragEnterEx2
IsLFNDriveW
ExtractIconExW
SHSimpleIDListFromPath
Shell_NotifyIconA
SHShellFolderView_Message

gdiplus

GdipCreateFromHWND
GdipGetLineBlend
GdipSetAdjustableArrowCapFillState
GdipSetPathGradientTransform
GdipDrawClosedCurve2I
GdipDrawRectangleI
GdipGetPenUnit
GdipGetDpiY

msimg32

vSetDdrawflag
AlphaBlend
TransparentBlt

winspool.drv

AddFormA
DeletePrintProvidorW
FindClosePrinterChangeNotification
GetPrinterDataA
QuerySpoolMode
GetPrinterDriverDirectoryA
AdvancedDocumentPropertiesW
DeletePortA
DeletePrinterKeyW
AddPrinterDriverExA
DeletePrintProcessorA
WritePrinter
AddPrintProcessorA
AddPrintProvidorW

comdlg32

PrintDlgExA
ChooseFontA
dwOKSubclass
FindTextW
GetFileTitleW
GetSaveFileNameA
LoadAlterBitmap

oledlg

OleUIBusyW
OleUICanConvertOrActivateAs
OleUIUpdateLinksW
OleUIConvertW
OleUIChangeIconW
OleUIInsertObjectA

gdi32

ExtSelectClipRgn
STROBJ_bEnum
GetCharABCWidthsI
DdEntry32
RealizePalette
SetRectRgn
GetCharacterPlacementW
EngComputeGlyphSet
GetTextAlign

imagehlp

RemoveRelocations
SymFromAddr
SymUnloadModule64
SymGetModuleBase64
SymLoadModule
SymFindFileInPath
SymLoadModule64
SymGetSymPrev
ImageEnumerateCertificates

oleaut32

VarCyNeg
VarUI2FromR8
CreateDispTypeInfo
VariantCopyInd
VarI1FromUI1
GetRecordInfoFromGuids
VarTokenizeFormatString
VarBstrFromCy
LPSAFEARRAY_Size
OleLoadPictureFileEx

comctl32

ImageList_SetIconSize
DrawStatusTextW
ImageList_GetImageInfo
FlatSB_SetScrollProp
CreateToolbarEx
FlatSB_EnableScrollBar
DPA_DestroyCallback
ShowHideMenuCtl

version

GetFileVersionInfoA
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW
VerFindFileW
GetFileVersionInfoSizeA
VerQueryValueA

advapi32

WmiQueryAllDataMultipleA
SetEntriesInAuditListA
AccessCheckByTypeResultList
FlushTraceA
OpenEncryptedFileRawA
LsaICLookupNames
ReportEventW
MD5Init
LsaSetSystemAccessAccount

Exports

Exports

CreatePaint

Sections

.text
Size: 188KB - Virtual size: 187KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 647B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eebc
Size: 296KB - Virtual size: 296KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.jgmo
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9a30e75c82eff20dfe0e0897d34cb07c

Headers

File Characteristics

Imports

kernel32

ole32

oleacc

shlwapi

user32

winmm

shell32

gdiplus

msimg32

winspool.drv

comdlg32

oledlg

gdi32

imagehlp

oleaut32

comctl32

version

advapi32

Exports

Exports

Sections

.text Size: 188KB - Virtual size: 187KB

.data Size: 512B - Virtual size: 112B

.data Size: 512B - Virtual size: 4KB

.data Size: 1024B - Virtual size: 647B

.rdata Size: 5KB - Virtual size: 4KB

.rsrc Size: 72KB - Virtual size: 71KB

.eebc Size: 296KB - Virtual size: 296KB

.jgmo Size: 8KB - Virtual size: 8KB

.text
Size: 188KB - Virtual size: 187KB

.data
Size: 512B - Virtual size: 112B

.data
Size: 512B - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 647B

.rdata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 72KB - Virtual size: 71KB

.eebc
Size: 296KB - Virtual size: 296KB

.jgmo
Size: 8KB - Virtual size: 8KB