ace16284c7f6e80393d3611775461f78a82a0d52d387dd886926be5483a8fe66

Sharing

Copy URL

Twitter E-mail

General

Target

ace16284c7f6e80393d3611775461f78a82a0d52d387dd886926be5483a8fe66
Size

424KB
MD5

33d0106c16240a9bab094fa7c6626395
SHA1

3f6cbd8fcdc5a7487433877b24e04acfbc1bd42a
SHA256

ace16284c7f6e80393d3611775461f78a82a0d52d387dd886926be5483a8fe66
SHA512

f4f3a30a7a24ad0c2e1e6d2e67f884b78bb12790acd2bd217cfddc9321a138c7e45c1944bd5a587e54d47052286b377f1bf619420f5b37bcb0cc80997ea91366
SSDEEP

12288:irW4aMYhfcOpiiurH9YRuy2Ib07BqhVSj+Aqju:iJQh1pTurH9YIU0tqhZA3

Score

N/A

Malware Config

Signatures

Files

ace16284c7f6e80393d3611775461f78a82a0d52d387dd886926be5483a8fe66
.exe windows x86

dc9db8230a217a80c8fb6c3f449eafff

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentThreadId
VirtualProtect
GetModuleFileNameA
GetEnvironmentVariableA
GetSystemDirectoryA
CreateProcessA
Sleep
GetWindowsDirectoryA
CreateFileA
ReadFile
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
LoadLibraryA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidCodePage
IsValidLocale
GetLocaleInfoA
CloseHandle
SetFilePointer
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetStringTypeW
GetStringTypeA
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
LoadLibraryW
OutputDebugStringW
GetFileType
WriteConsoleW
OutputDebugStringA
WriteFile
GetStdHandle
DebugBreak
GetOEMCP
GetACP
ExitProcess
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
HeapReAlloc
FatalAppExitA
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
GetProcAddress
LCMapStringW
GetLastError
LCMapStringA
RtlUnwind
RaiseException
GetCPInfo
GetStartupInfoA
GetProcessHeap
HeapAlloc
GetVersionExA
HeapFree
GetCommandLineA
GetModuleFileNameW
IsBadReadPtr
HeapValidate
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
MultiByteToWideChar
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent

user32

UnhookWinEvent

advapi32

SetEntriesInAclA
RegCloseKey
ControlService
FreeSid
OpenSCManagerA
SetServiceStatus
AllocateAndInitializeSid
QueryServiceStatus
RegOpenKeyExA
RegCreateKeyExA
LookupPrivilegeValueA
CreateServiceW
OpenServiceA
OpenProcessToken
StartServiceCtrlDispatcherA
OpenThreadToken
RegisterServiceCtrlHandlerA
RegQueryValueExA
RegDeleteKeyA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl

ole32

CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CoInitialize

oleaut32

OleCreatePictureIndirect
OleCreatePropertyFrame
OleIconToCursor
OleLoadPicture
OleTranslateColor
OleCreatePropertyFrameIndirect
OleCreateFontIndirect

oleacc

AccessibleObjectFromWindow
AccessibleObjectFromPoint
GetOleaccVersionInfo

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

winmm

timeEndPeriod
timeBeginPeriod
waveOutClose
waveOutOpen

uxtheme

CloseThemeData
GetThemeFont
DrawThemeText
DrawThemeBackground

pdh

PdhParseInstanceNameA
PdhGetFormattedCounterValue
PdhSelectDataSourceA
PdhExpandCounterPathA
PdhSetQueryTimeRange
PdhEnumObjectItemsA
PdhExpandWildCardPathHA
PdhCalculateCounterFromRawValue
PdhValidatePathA
PdhCloseLog
PdhGetLogSetGUID
PdhVerifySQLDBA
PdhGetDefaultPerfObjectA
PdhSetLogSetRunID
PdhReadRawLogRecord
PdhGetRawCounterArrayA
PdhEnumLogSetNamesA
PdhExpandWildCardPathA
PdhMakeCounterPathA
PdhUpdateLogA
PdhGetRawCounterValue
PdhParseCounterPathA
PdhSetDefaultRealTimeDataSource
PdhLookupPerfIndexByNameA
PdhCloseQuery
PdhEnumObjectsA
PdhGetFormattedCounterArrayA
PdhCollectQueryDataEx
PdhComputeCounterStatistics
PdhCreateSQLTablesA
PdhConnectMachineA
PdhSetCounterScaleFactor
PdhEnumMachinesA
PdhGetDllVersion
PdhGetLogFileSize
PdhEnumMachinesHA
PdhOpenQueryH
PdhEnumObjectsHA
PdhOpenLogA
PdhUpdateLogFileCatalog
PdhEnumObjectItemsHA
PdhOpenQueryA
PdhRemoveCounter
PdhLookupPerfNameByIndexA

Sections

.text
Size: 228KB - Virtual size: 224KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dc9db8230a217a80c8fb6c3f449eafff

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

oleacc

version

winmm

uxtheme

pdh

Sections

.text Size: 228KB - Virtual size: 224KB

.rdata Size: 64KB - Virtual size: 61KB

.data Size: 12KB - Virtual size: 1.0MB

.rsrc Size: 92KB - Virtual size: 90KB

.reloc Size: 24KB - Virtual size: 22KB

.text
Size: 228KB - Virtual size: 224KB

.rdata
Size: 64KB - Virtual size: 61KB

.data
Size: 12KB - Virtual size: 1.0MB

.rsrc
Size: 92KB - Virtual size: 90KB

.reloc
Size: 24KB - Virtual size: 22KB