4dabc301c10c5128376b0e5635178c461c03712be5795402104f74cbc377ec97

Sharing

Copy URL

Twitter E-mail

General

Target

4dabc301c10c5128376b0e5635178c461c03712be5795402104f74cbc377ec97
Size

207KB
MD5

384bad3767acf4f0584098f36f1fbcd5
SHA1

081bfe350e6da809c5cd12f5503f45a7c038f28b
SHA256

4dabc301c10c5128376b0e5635178c461c03712be5795402104f74cbc377ec97
SHA512

8a691036ce21cd8498ce0a992c736492f1a7bc6fc452f5747f5e8b9d1b14d4ad0e83622f2efbc9f98db177d36fb751d3b341ff32428b14f93348e50668b20a7e
SSDEEP

3072:L7hPUHOuc486Y9XON7yA+MLvl7lQJtuu8SasgH72gM2t+/EMD8qZJsbGDPKt:2TZ86UZA+UIMSAH7VtnMDbZL

Score

N/A

Malware Config

Signatures

Files

4dabc301c10c5128376b0e5635178c461c03712be5795402104f74cbc377ec97
.exe windows x86

ae2a50b2f575ee4584a960707a90f184

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetWindowsDirectoryA
IsDebuggerPresent
LCMapStringW
SetFileAttributesA
EnumResourceTypesA
FindNextChangeNotification
GetDriveTypeA
LockFile
DuplicateHandle
RaiseException
EnumResourceLanguagesA
FlushFileBuffers
LoadLibraryExA
LocalFree
FreeEnvironmentStringsW
GetUserDefaultUILanguage
SetUnhandledExceptionFilter
GetStringTypeExA
HeapSetInformation
GetVolumeInformationA
HeapCreate
MulDiv
FindFirstChangeNotificationA
GlobalAlloc
EnumResourceNamesA
SetThreadPriority
FreeLibrary
CreateFileA
WriteFile
SetCurrentDirectoryA
RtlUnwind
CopyFileA
Sleep
_lcreat
IsValidCodePage
UnhandledExceptionFilter
GetCurrentProcessId
HeapFree
MultiByteToWideChar
FileTimeToLocalFileTime
GetFileTime
SystemTimeToFileTime
GetStringTypeW
FindCloseChangeNotification
CreateProcessA
CreateDirectoryA
GetStdHandle
FileTimeToDosDateTime
FindResourceW
EnterCriticalSection
GetProfileIntA
GetFileInformationByHandle
lstrlenW
GetTimeZoneInformation
GetPrivateProfileIntA
GetConsoleCP
lstrcpynA
CompareStringA
GetDiskFreeSpaceA
GlobalReAlloc
GlobalUnlock
SetPriorityClass
GetCommandLineA
LocalAlloc
TlsFree
GetOEMCP
SetEndOfFile
lstrcatA
GetNumberFormatA
LocalUnlock
GlobalFlags
GetConsoleMode
GetSystemDirectoryW
GetFileSize
WritePrivateProfileStringA
GlobalFree
WriteConsoleW
GetSystemInfo
_lwrite
InitializeCriticalSectionAndSpinCount
CreateThread
SetHandleCount
FindClose
GetCurrentThreadId
SuspendThread
LockResource
HeapQueryInformation
GetUserDefaultLangID
WideCharToMultiByte
ExpandEnvironmentStringsA
GetSystemTimeAsFileTime
GetCurrentThread
FreeResource
QueryPerformanceCounter
IsProcessorFeaturePresent
HeapAlloc
CloseHandle
GetFullPathNameA
GlobalHandle
DeleteFileA
lstrcpyA
SizeofResource
ReplaceFileA
FindResourceExW
CompareStringW
DosDateTimeToFileTime
LocalReAlloc
GetTempFileNameA
GlobalFindAtomA
GetEnvironmentStringsW
GetFileAttributesExA
FormatMessageA
GetSystemDefaultUILanguage
InterlockedExchange
_lclose
CreateFileMappingA
DeleteCriticalSection
GetThreadLocale
lstrcmpA
GetModuleFileNameW
GetDriveTypeW
OpenFile
GetProcessHeap
SetEvent
QueryPerformanceFrequency
CreateFileW
CompareFileTime
TerminateProcess
CreateEventA
InterlockedDecrement
GlobalGetAtomNameA
LocalFileTimeToFileTime
GetLocaleInfoA
GetFileType
lstrlenA
lstrcmpiA
FindFirstFileA
SetErrorMode
TlsAlloc
GetCurrentDirectoryW
GetShortPathNameA
GetFileAttributesA
GlobalLock
LeaveCriticalSection
lstrcmpW
TlsSetValue
FileTimeToSystemTime
HeapSize
GetPrivateProfileStringA
ResetEvent
SearchPathA
FindFirstFileExA
_lread
FindNextFileA
WaitForMultipleObjects
WaitForSingleObject
LoadLibraryA
MapViewOfFile
SetStdHandle
RemoveDirectoryA
GetCurrentDirectoryA
GetFileSizeEx
GlobalDeleteAtom
InitializeCriticalSection
SetFileTime
GetModuleFileNameA
TlsGetValue
MoveFileA
ResumeThread
InterlockedIncrement
SetFilePointer
GetCPInfo
UnlockFile
GetModuleHandleA
ConvertDefaultLocale
GetVersionExA
FindResourceExA
LocalLock
GetStartupInfoW
FindResourceA
GetLocalTime
GlobalSize
SetLastError
GetTempPathA
GetLastError
LoadResource
AreFileApisANSI
GlobalAddAtomW
VirtualProtect
CancelIo
SetEnvironmentVariableA
AddAtomA
OpenWaitableTimerA
GetProcAddress
GetACP
LoadLibraryW
GetModuleHandleW
GetCurrentProcess
WinExec
GlobalAddAtomA

user32

EnumChildWindows
GetWindowTextW
PostQuitMessage
DestroyMenu
CharNextW
RemoveMenu
GetMonitorInfoW
GetClassNameW
ShowWindow
GetWindowLongW
MessageBeep
GetMenuItemCount
DestroyCursor
UnregisterClassA
UpdateLayeredWindow
TranslateAcceleratorW
ReleaseDC
GetWindowThreadProcessId
GetWindow
PtInRect
GetMessageW
LoadMenuW
KillTimer
TrackPopupMenuEx
GetClientRect
CreatePopupMenu
DefWindowProcW
LoadCursorW
DrawTextW
GetFocus
LoadStringW
GetWindowRect
SetFocus
GetParent
SendMessageW
MonitorFromWindow
SetWindowTextW
MonitorFromPoint
PostMessageW
ScreenToClient
GetMenuItemInfoW
SetWindowLongW
IsWindow
SetForegroundWindow
LoadStringA
LoadIconA
CharUpperA
GetKeyboardLayout
IsWindowUnicode
GetDesktopWindow
SetCursor
EnumWindows
GetCursorPos
InvalidateRect
DispatchMessageW
CallWindowProcW
PeekMessageW
SetWindowPos
GetWindowDC
AppendMenuW
LoadImageW
TrackMouseEvent
SetTimer
TranslateMessage
MapWindowPoints

advapi32

RegSetValueExW
RegOpenKeyW
RegisterServiceCtrlHandlerExW
DuplicateTokenEx
OpenServiceW
SetServiceStatus
DeregisterEventSource
SetEntriesInAclW
CreateServiceW
RegCloseKey
ControlService
StartServiceW
RegOpenKeyExW
RegEnumKeyW
RegCreateKeyW
OpenSCManagerW
SetTokenInformation
EnumDependentServicesW
RegQueryValueExW
ReportEventW
CloseServiceHandle
GetNamedSecurityInfoW
CreateProcessAsUserW
ChangeServiceConfigW
RevertToSelf
StartServiceCtrlDispatcherW
OpenProcessToken
QueryServiceStatusEx
GetTokenInformation
RegCreateKeyExW
DeleteService
BuildExplicitAccessWithNameW
RegisterEventSourceW
SetNamedSecurityInfoW

shell32

SHEmptyRecycleBinW
SHGetSpecialFolderPathW
SHGetMalloc

ole32

CoInitialize

shlwapi

StrStrIW
PathRemoveFileSpecW
PathQuoteSpacesW
PathFindFileNameW
PathFileExistsW
PathCombineW
PathAppendW

version

VerQueryValueW

oledlg

ord8

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsW

psapi

GetModuleInformation
GetModuleFileNameExW

msvcrt

_except_handler3
_CIsin
__set_app_type
_exit

Sections

.text
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ae2a50b2f575ee4584a960707a90f184

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

shlwapi

version

oledlg

wtsapi32

psapi

msvcrt

Sections

.text Size: 58KB - Virtual size: 58KB

.rdata Size: 26KB - Virtual size: 26KB

.data Size: 18KB - Virtual size: 85KB

.rsrc Size: 98KB - Virtual size: 98KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 58KB - Virtual size: 58KB

.rdata
Size: 26KB - Virtual size: 26KB

.data
Size: 18KB - Virtual size: 85KB

.rsrc
Size: 98KB - Virtual size: 98KB

.reloc
Size: 5KB - Virtual size: 4KB