654bb155b156016b8d93c02c6eae5252b495ee123de033fa43faf549f04a5a3d

Sharing

Copy URL

Twitter E-mail

General

Target

654bb155b156016b8d93c02c6eae5252b495ee123de033fa43faf549f04a5a3d
Size

3.9MB
MD5

d3b8410f12961fe31e3babc3f3c9cd91
SHA1

fb7af4fba0c0bd68ba59f7656b543737e7069b7a
SHA256

654bb155b156016b8d93c02c6eae5252b495ee123de033fa43faf549f04a5a3d
SHA512

70344439a6585b1f48f7736dcc68621d07cf92f9d663b8578457a2288ab72a2c14dcfa90e657ab38e1ff4d53de01d5380f8f48534384e10273e77015beaec948
SSDEEP

98304:ayqhCH4N2Khwd7/zqmPz9sMbbvPqdsOMVo:OD2KimBSbquOMe

Score

N/A

Malware Config

Signatures

Files

654bb155b156016b8d93c02c6eae5252b495ee123de033fa43faf549f04a5a3d
.exe windows x86

e486a4d5abf514c93e927f1aa9deed26

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GlobalAlloc
LocalAlloc
GetProcessHeap
HeapLock
SetEvent
WaitForSingleObject
SetFilePointer
SetFileShortNameW
WriteTapemark
GetTapeStatus
GetTickCount
lstrcpynW
lstrlenW
CreateMutexA
GetModuleFileNameA
GetModuleHandleW
GetPrivateProfileSectionA
GetWindowsDirectoryA
GetFileAttributesA
DeleteFileW
WaitNamedPipeW
BuildCommDCBAndTimeoutsA
SetDefaultCommConfigA
ZombifyActCtx
FindActCtxSectionStringA
LCMapStringA
AllocConsole
FreeConsole
GetConsoleTitleA
GetConsoleCP
EncodePointer
DecodePointer
RaiseException
RtlUnwind
GetCommandLineA
IsProcessorFeaturePresent
GetLastError
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
HeapSize
IsDebuggerPresent
SetLastError
GetCurrentThreadId
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
WriteFile
GetModuleFileNameW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LCMapStringW
EnterCriticalSection
LeaveCriticalSection
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
HeapReAlloc
GetConsoleMode
SetFilePointerEx
OutputDebugStringW
GetStringTypeW
SetStdHandle
WriteConsoleW
FlushFileBuffers
CreateFileW
CloseHandle

advapi32

DeregisterEventSource

Sections

.text
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 8.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rurozo
Size: 512B - Virtual size: 1B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.heri
Size: 512B - Virtual size: 1B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.jibuw
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e486a4d5abf514c93e927f1aa9deed26

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

Sections

.text Size: 3.7MB - Virtual size: 3.7MB

.data Size: 20KB - Virtual size: 8.3MB

.idata Size: 2KB - Virtual size: 2KB

.rurozo Size: 512B - Virtual size: 1B

.heri Size: 512B - Virtual size: 1B

.jibuw Size: 1024B - Virtual size: 4KB

.rsrc Size: 100KB - Virtual size: 99KB

.text
Size: 3.7MB - Virtual size: 3.7MB

.data
Size: 20KB - Virtual size: 8.3MB

.idata
Size: 2KB - Virtual size: 2KB

.rurozo
Size: 512B - Virtual size: 1B

.heri
Size: 512B - Virtual size: 1B

.jibuw
Size: 1024B - Virtual size: 4KB

.rsrc
Size: 100KB - Virtual size: 99KB