6e9c9b72d1bdb993184c7aa05d961e706a57b3becf151ca4f883a80a07fdd955 - Copy

Sharing

Copy URL

Twitter E-mail

General

Target

6e9c9b72d1bdb993184c7aa05d961e706a57b3becf151ca4f883a80a07fdd955 - Copy
Size

1.1MB
MD5

1a38216cf1bdf152d20172b91613a68b
SHA1

59c49124a13a1bd0d6df0d870d400bf887f59a10
SHA256

05f2409c26496e37a1dc127969da7855f1720f27aec24a035e38b59038a7ca82
SHA512

502c6156a859e85be73bc7af318135a3af9885044d74ade58c1702364f888a946582aaa74a0166c92e319136fe20cf80bfc66d7aca4ce5d398bf694ceb63c296
SSDEEP

6144:Q2VgVp1BDwmFEVdbu2+dHHbt/khGVGYpBf3tAqqtf07rl0Ea4JfTpKiUWk41o1xE:Q2ubbHOcXd30tcp0Ea4dpKJWxm1iTH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6e9c9b72d1bdb993184c7aa05d961e706a57b3becf151ca4f883a80a07fdd955 - Copy

Files

6e9c9b72d1bdb993184c7aa05d961e706a57b3becf151ca4f883a80a07fdd955 - Copy
.exe windows:4 windows x86 arch:x86

406d0d4d7c9e5b6d932437ccb6ea6ae0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetVersion
LoadLibraryA
VirtualAlloc
VirtualFree
VirtualProtect
GetModuleHandleA
GetTickCount
GetBinaryTypeA
SetFileAttributesA
ReadDirectoryChangesW
SetCommBreak
lstrcpynA
IsDebuggerPresent
GetPrivateProfileIntA
AssignProcessToJobObject
GetProfileSectionW
OpenSemaphoreA
GlobalFindAtomW
MultiByteToWideChar
GetBinaryTypeW
SetProcessPriorityBoost
GetConsoleFontSize
VDMConsoleOperation
EnumCalendarInfoA
MapViewOfFile

user32

GetAsyncKeyState
ScrollDC
DdeCreateStringHandleW
UserHandleGrantAccess
ShowCaret
NotifyWinEvent
WCSToMBEx
SetScrollPos
RegisterTasklist
MessageBoxA
RegisterDeviceNotificationA
DrawCaption
SetMenuDefaultItem
WaitForInputIdle
SetWindowsHookExA
GetDC
SetThreadDesktop
GetWindowThreadProcessId
RealGetWindowClassA
SetWindowLongA
DispatchMessageW
CharLowerA
CreateWindowExW
RegisterMessagePumpHook
CopyImage
IMPQueryIMEA
MapWindowPoints
SetProgmanWindow
SetWindowsHookExW
IsIconic

comctl32

ImageList_Duplicate
PropertySheetA
DefSubclassProc
ImageList_SetBkColor
DSA_GetItemPtr
ImageList_AddMasked
ImageList_DrawIndirect
PropertySheetW
CreateStatusWindow
DPA_DeletePtr
ImageList_Read
DrawStatusText
ImageList_DragEnter
FlatSB_ShowScrollBar
CreateUpDownControl
DPA_GetPtr
MenuHelp
ImageList_SetDragCursorImage
DSA_DeleteAllItems
DPA_Create
AddMRUStringW
InitializeFlatSB
CreateStatusWindowA
ImageList_SetFlags

oleaut32

VarTokenizeFormatString
VarUI1FromI1
VarUI2FromStr
VarUI4FromDate
VarR4FromUI4
VarCmp
VarDecFromUI2
VarCyMul
VarI1FromUI4
VarUI4FromI1
LHashValOfNameSys
VarUI2FromCy
UnRegisterTypeLib
VarI2FromBool
SysFreeString
VarCyCmpR8
VarI4FromDec
SafeArrayPtrOfIndex
VarDateFromCy
VarI4FromR4
GetAltMonthNames
VarI4FromUI1
VarI4FromI8
VarUI4FromR4
VarUI4FromDec
VarUI8FromR4
VarR8Round
VarCyFix
DllGetClassObject
VarDateFromDisp
VarUI1FromI4
VarDecInt
VarBoolFromI4
VarR8Pow
SafeArrayGetLBound

winspool.drv

DeletePrinterDriverExW
GetPrinterDataExW
EnumFormsW
DocumentEvent
DeletePrinterKeyA
EnumPrintProcessorsA
PerfCollect
DeletePrinterConnectionW
PrinterMessageBoxA
DeviceCapabilities
PrinterMessageBoxW
GetPrinterDataW
AdvancedDocumentPropertiesW
AddPrinterDriverW
FindFirstPrinterChangeNotification
AddPrinterConnectionA
StartDocDlgA
AddPortA
FindClosePrinterChangeNotification
EnumJobsW
StartDocDlgW
EnumPrinterKeyA
AddPortW
AddPortExA
EnumPrinterDataA
PrinterProperties
EnumJobsA
EnumPrintProcessorDatatypesA
DevQueryPrintEx
GetPrinterDriverW

advapi32

SetSecurityInfoExA
ElfClearEventLogFileA
GetSidIdentifierAuthority
EqualSid
AccessCheckByTypeResultListAndAuditAlarmW
SaferiChangeRegistryScope
LsaSetDomainInformationPolicy
RegSaveKeyA
RegConnectRegistryW
SystemFunction015
LsaQueryDomainInformationPolicy
BuildImpersonateTrusteeW
ElfOpenEventLogW
SaferSetPolicyInformation
BuildTrusteeWithSidA
RegConnectRegistryA
LsaLookupPrivilegeValue
LsaEnumeratePrivileges
LogonUserExA
GetTrusteeNameA
RegQueryMultipleValuesA
CryptDuplicateKey
BackupEventLogW
UpdateTraceW
RegUnLoadKeyA
IsTextUnicode
A_SHAUpdate
IsWellKnownSid
AddAccessAllowedObjectAce
BuildTrusteeWithNameW
AbortSystemShutdownW
LsaSetQuotasForAccount
InstallApplication
RegReplaceKeyW
LookupAccountNameW

imagehlp

RemovePrivateCvSymbolic
ImageGetCertificateData
StackWalk
SymGetLinePrev
ImageUnload
UnDecorateSymbolName
CheckSumMappedFile
ImageRvaToVa
SymFunctionTableAccess
GetImageUnusedHeaderBytes
UpdateDebugInfoFile
ReBaseImage
GetImageConfigInformation
ReBaseImage64
SymEnumSymbols
SymGetModuleInfo
SymLoadModule64
SymGetSymFromName
EnumerateLoadedModules
SymFindFileInPath
ImageDirectoryEntryToDataEx
ImageGetCertificateHeader
SymLoadModule
SymRegisterCallback64
ImageAddCertificate

winmm

midiOutOpen
mmioClose
sndPlaySoundW
midiInGetID
waveOutWrite
mmTaskBlock
joyGetNumDevs
mmioFlush
waveOutPrepareHeader
timeGetSystemTime
midiInOpen
mixerGetControlDetailsA
waveInGetPosition
waveOutGetDevCapsA
mmioSetInfo
mmioSetBuffer
mixerMessage
waveOutGetID
midiInUnprepareHeader
midiOutUnprepareHeader
midiInMessage
mixerGetLineInfoA
mciSendStringA
waveInAddBuffer
mmioSendMessage
joyGetPosEx
mciExecute

shell32

DragQueryFileAorW
SHGetDiskFreeSpaceExA
OpenRegStream
ILCreateFromPathA
SHGetNewLinkInfo
SHGetDesktopFolder
OpenAs_RunDLLW
StrStrA
SHCreateDirectoryExW
Control_RunDLLW
SHAlloc
ShellExecuteW
SHGetSetSettings
PathIsExe
PrintersGetCommand_RunDLLW
SHGetIconOverlayIndexW
SHGetFileInfo
SHBindToParent
DriveType
SHPathPrepareForWriteW
SHCreateDirectoryExA
SHDefExtractIconW
SHChangeNotifyDeregister
IsLFNDriveA
SHCreateQueryCancelAutoPlayMoniker
StrChrA
SHChangeNotifyRegister
ShellAboutA
SHInvokePrinterCommandW
PifMgr_GetProperties

Sections

.text
Size: 979KB - Virtual size: 979KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

406d0d4d7c9e5b6d932437ccb6ea6ae0

Headers

File Characteristics

Imports

kernel32

user32

comctl32

oleaut32

winspool.drv

advapi32

imagehlp

winmm

shell32

Sections

.text Size: 979KB - Virtual size: 979KB

.rdata Size: 512B - Virtual size: 4KB

.data Size: 44KB - Virtual size: 43KB

.rdata Size: 8KB - Virtual size: 8KB

.rsrc Size: 67KB - Virtual size: 66KB

.text
Size: 979KB - Virtual size: 979KB

.rdata
Size: 512B - Virtual size: 4KB

.data
Size: 44KB - Virtual size: 43KB

.rdata
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 67KB - Virtual size: 66KB