d062e72c4a693d8a3a19570a10e0951eeed2040a2d8019b116269c348db78a90

Sharing

Copy URL

Twitter E-mail

General

Target

d062e72c4a693d8a3a19570a10e0951eeed2040a2d8019b116269c348db78a90
Size

3.9MB
MD5

de7029a8adb05fd10cafd0ef1df1fb90
SHA1

32d1100326f06828b50b9f58b42a3dbc5adad91b
SHA256

d062e72c4a693d8a3a19570a10e0951eeed2040a2d8019b116269c348db78a90
SHA512

5866ab74a59c60495d9b72ac9e121a7353729f7ed86842c741b457fe8a86280f05a174e32a12999da823a1535a2101a537aec96bf64bfbba078d407a8e1d8ce7
SSDEEP

98304:j+FETkrhNjU/TLcWOh70f5RFTui1gWbNJ4jsFcB:yEcDjOU0RRFTrnJ4jsOB

Score

N/A

Malware Config

Signatures

Files

d062e72c4a693d8a3a19570a10e0951eeed2040a2d8019b116269c348db78a90
.exe windows x86

17ea3830e572db020ba385bdc51716d4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleAliasesLengthW
SetNamedPipeHandleState
CreatePipe
OpenProcess
HeapReAlloc
SetConsoleTextAttribute
RtlCaptureContext
GlobalAlloc
GetProcAddress
WTSGetActiveConsoleSessionId
LoadLibraryW
ProcessIdToSessionId
GetConsoleCursorInfo
IsWow64Process
SetConsoleCursorPosition
SetEnvironmentVariableA
GetAtomNameW
GetPriorityClass
FindFirstVolumeMountPointW
CreateMailslotA
GetLastError
OpenFileMappingW
FatalAppExitW
SetSystemPowerState
AddAtomW
_lopen
GetNumaProcessorNode
SetConsoleOutputCP
SetStdHandle
SetFilePointer
WriteConsoleW
GetCommandLineW
HeapSetInformation
GetStartupInfoW
IsProcessorFeaturePresent
HeapFree
EnterCriticalSection
LeaveCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
DecodePointer
TerminateProcess
GetCurrentProcess
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
Sleep
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
MultiByteToWideChar
HeapAlloc
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
LCMapStringW
GetStringTypeW
ReadFile
HeapSize
CloseHandle
CreateFileW

user32

GetCaretPos
GetCursorInfo

advapi32

BackupEventLogA
EnumServicesStatusW
RevertToSelf
InitializeAcl
SetAclInformation
GetNumberOfEventLogRecords

winhttp

WinHttpCloseHandle

msimg32

TransparentBlt

Exports

Exports

@shutting@0

Sections

.text
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3.7MB - Virtual size: 43.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 137KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

17ea3830e572db020ba385bdc51716d4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

winhttp

msimg32

Exports

Exports

Sections

.text Size: 47KB - Virtual size: 46KB

.rdata Size: 10KB - Virtual size: 9KB

.data Size: 3.7MB - Virtual size: 43.6MB

.rsrc Size: 137KB - Virtual size: 137KB

.text
Size: 47KB - Virtual size: 46KB

.rdata
Size: 10KB - Virtual size: 9KB

.data
Size: 3.7MB - Virtual size: 43.6MB

.rsrc
Size: 137KB - Virtual size: 137KB