d6aecf3c47febe77d956c42bf102d56237538806f961324df15973175584bcb2

Sharing

Copy URL

Twitter E-mail

General

Target

d6aecf3c47febe77d956c42bf102d56237538806f961324df15973175584bcb2
Size

3.9MB
MD5

cd6901e634b1cebe5aaee164ad4a1f99
SHA1

bcd9241bde4ad8630c2bb1b8e0a36ab38bf40c05
SHA256

d6aecf3c47febe77d956c42bf102d56237538806f961324df15973175584bcb2
SHA512

f924fc11e9c94a9bc3f6f23bc8424b83d6fc3f60333e3053e7fe75752abf6edabd7ac3a12da41fa5db24378e8d3dfad03a10aae236a0eb0434f8ff9466895529
SSDEEP

98304:WDYicyM5q2CXWczphtgqBTbvwyCt0aHs3EyypMT23HcB:9iRr2ahzphD5bLaH6ypMSMB

Score

N/A

Malware Config

Signatures

Files

d6aecf3c47febe77d956c42bf102d56237538806f961324df15973175584bcb2
.exe windows x86

b5c485d0798ffcb9649021bf76bf5178

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalAlloc
LoadLibraryW
FatalAppExitW
SetConsoleCursorPosition
SetSystemPowerState
GetAtomNameW
GetLastError
GetProcAddress
ProcessIdToSessionId
IsWow64Process
FindFirstVolumeMountPointW
SetConsoleOutputCP
OpenProcess
SetNamedPipeHandleState
CreatePipe
SetEnvironmentVariableA
WTSGetActiveConsoleSessionId
OpenFileMappingW
CreateMailslotA
GetConsoleCursorInfo
_lopen
SetStdHandle
SetFilePointer
WriteConsoleW
GetPriorityClass
SetConsoleTextAttribute
RtlCaptureContext
GetNumaProcessorNode
GetConsoleAliasesLengthW
AddAtomW
HeapReAlloc
CloseHandle
ReadFile
FlushFileBuffers
GetConsoleMode
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
EncodePointer
DecodePointer
GetCommandLineW
HeapSetInformation
GetStartupInfoW
HeapFree
RtlUnwind
HeapAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetStringTypeW
MultiByteToWideChar
WideCharToMultiByte
LCMapStringW
GetConsoleCP
CreateFileW

user32

GetCursorInfo
GetCaretPos

advapi32

EnumServicesStatusW
BackupEventLogA
InitializeAcl
GetNumberOfEventLogRecords
SetAclInformation
RevertToSelf

winhttp

WinHttpCloseHandle

msimg32

TransparentBlt

Exports

Exports

@shutting@0

Sections

.text
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 446KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 132KB - Virtual size: 2.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b5c485d0798ffcb9649021bf76bf5178

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

winhttp

msimg32

Exports

Exports

Sections

.text Size: 73KB - Virtual size: 73KB

.rdata Size: 3.7MB - Virtual size: 3.7MB

.data Size: 25KB - Virtual size: 446KB

.rsrc Size: 132KB - Virtual size: 2.9MB

.text
Size: 73KB - Virtual size: 73KB

.rdata
Size: 3.7MB - Virtual size: 3.7MB

.data
Size: 25KB - Virtual size: 446KB

.rsrc
Size: 132KB - Virtual size: 2.9MB