71a18d0397a76ad0057546773180434609f76a79fe7560694758f6ff7a09fcdc

Sharing

Copy URL Twitter E-mail

General

Target

71a18d0397a76ad0057546773180434609f76a79fe7560694758f6ff7a09fcdc
Size

301KB
MD5

9f9638ce8da35d1ac81db1a013459d5a
SHA1

3e33dc88c78dd2fcb7eb1b21eeaab19f0da1fb87
SHA256

71a18d0397a76ad0057546773180434609f76a79fe7560694758f6ff7a09fcdc
SHA512

edac8239bb33dde9cf355c30a6d9f58e035736720efbc1653944f2fd64dffdb0bc3d2b02ad1e64bd0640df0f4caa0c0b47bc28e5127a0c2ffb943bf994edffef
SSDEEP

6144:+1IKLJKRfVk4ctYtb4guczBPyzPRdbqsaZ//1y3Xll5NsECs21gDB2uD4fZc:+zJuW4yYtbvzMzpV2V/eN5CzST4B

Score

N/A

Malware Config

Signatures

Files

71a18d0397a76ad0057546773180434609f76a79fe7560694758f6ff7a09fcdc
.exe windows x86

0bf20ba36ec6c5ae21530238450fbb6f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

MakeSelfRelativeSD
RegCreateKeyA
RegRestoreKeyA
RegOpenKeyW
ImpersonateSelf
RegisterEventSourceW
GetNamedSecurityInfoW
CryptGetKeyParam
SetSecurityInfo
DeleteAce
CryptVerifySignatureA
RegSaveKeyW
AccessCheck
RegisterEventSourceA
LookupAccountNameW
SetThreadToken
BuildTrusteeWithSidW
GetLengthSid
CryptDestroyKey
SetServiceObjectSecurity
ImpersonateNamedPipeClient
StartServiceCtrlDispatcherA
MapGenericMask
RegEnumKeyExA
RegLoadKeyW
CreateServiceW
FreeSid
RegConnectRegistryA
RegEnumValueW
CryptVerifySignatureW
OpenServiceW
RegSetValueExA
GetServiceDisplayNameA
AbortSystemShutdownA
OpenThreadToken
RegOpenKeyExW
DestroyPrivateObjectSecurity
ChangeServiceConfigW
RegSetKeySecurity

version

VerFindFileA
GetFileVersionInfoA
VerInstallFileA

ole32

CoCreateInstance
OleIsRunning
ReadFmtUserTypeStg
CoFreeAllLibraries
GetRunningObjectTable
CoGetObject
CoGetInterfaceAndReleaseStream

kernel32

CompareStringA
VirtualAlloc
IsBadStringPtrA
SetProcessAffinityMask
GetProcessTimes
EndUpdateResourceA
SetConsoleCursorPosition
GetSystemTimeAsFileTime
ReadConsoleOutputA
CreateWaitableTimerA
FatalAppExitA
SetConsoleWindowInfo
SetConsoleTitleA
GetLogicalDriveStringsA
FlushConsoleInputBuffer
GetLongPathNameA
SizeofResource
GetModuleFileNameW
IsValidLocale
_hread
SetThreadPriorityBoost
FindFirstFileExW
CopyFileExW
LocalLock
GetDriveTypeW
GlobalFree
OpenFile
WaitNamedPipeA
WritePrivateProfileSectionA
GetProfileStringA
GetStringTypeExW
EnumCalendarInfoA
CreateMutexW
GetVolumeInformationW
InitializeCriticalSection
ExitThread
GetLocaleInfoW
_lclose
GetProfileIntA
LoadLibraryExW
GetFileType
GetTickCount
GetOverlappedResult
SwitchToFiber
PulseEvent
SetCurrentDirectoryA
GlobalGetAtomNameW
GetCommandLineW
CancelIo
ReadFileScatter
SetFileTime
FindResourceExA
GlobalAddAtomA
_lread
ReadConsoleInputW
GetComputerNameW
GetSystemTime
GetThreadPriority
GlobalUnlock
CreateEventA
WriteFile
PeekConsoleInputW
EnumSystemCodePagesW
EnumResourceLanguagesW
SearchPathW
GetVersion
GlobalDeleteAtom
GlobalFindAtomA
GetCommConfig
Beep
LocalAlloc
VirtualQueryEx
SetEvent
EnumTimeFormatsW
SetConsoleActiveScreenBuffer
GetFullPathNameA
ReadDirectoryChangesW
GetFileAttributesA
SuspendThread
GetCurrentProcess
ClearCommBreak
SetStdHandle
_lopen
LocalFileTimeToFileTime
GetLargestConsoleWindowSize
GetCurrentProcessId
RemoveDirectoryA
GetSystemDefaultLangID
GetHandleInformation
MultiByteToWideChar
LocalReAlloc
GetTapeStatus
GetStartupInfoA
SetEnvironmentVariableA
GetShortPathNameW
UnmapViewOfFile
CreatePipe
SetFileAttributesA
WriteConsoleOutputW
GetConsoleMode
GetTapeParameters
SetLastError
AreFileApisANSI
GetPrivateProfileStringA
SetEndOfFile
DuplicateHandle
CreateDirectoryW
SetErrorMode
CreateIoCompletionPort
GlobalAddAtomW
GetCommModemStatus
VirtualProtect
SetEnvironmentVariableW
ReadConsoleA
GetProcessHeap
GlobalFindAtomW
GetModuleHandleA

oleaut32

SysAllocStringLen
SetErrorInfo
VariantChangeType
SafeArrayPutElement
SafeArrayCreate
SafeArrayGetLBound
LoadTypeLi
QueryPathOfRegTypeLi
LoadTypeLibEx
SafeArrayGetElement
SysStringLen

shell32

SHGetSpecialFolderPathW

ws2_32

WSAIsBlocking
getservbyname
inet_addr
WSAGetLastError
WSAAccept
WSALookupServiceEnd
WSALookupServiceBeginA
WSASocketW
WSAAsyncGetHostByName
ntohl
WSAInstallServiceClassW
getsockname
WSAHtons
WSASetLastError
WSACancelAsyncRequest
WSASetServiceW
WSARecvFrom
WSAGetServiceClassNameByClassIdW
WSAConnect

user32

SetFocus
ScrollWindow
DefWindowProcW
SetWindowContextHelpId
PostMessageA
DialogBoxParamW
CharToOemBuffA
ReleaseCapture
GetMonitorInfoW
GetClipboardFormatNameA
IsWindowVisible
IsDlgButtonChecked
GetClipCursor

gdi32

SaveDC
DeleteDC
GetStretchBltMode
CreateDIBPatternBrush
SetGraphicsMode
GetTextFaceW
GetNearestPaletteIndex
GetTextAlign
StartDocA

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
wcstoul
_errno
strerror
_tzset
_pipe
_endthreadex
strncpy
clock
_tempnam
_wspawnv
setbuf
__p___argc
iswctype
strstr
wprintf
wcsftime
_mbsnbcat
iswalpha
freopen
iswxdigit
_waccess
_stricmp
_wremove
_iob
_mbctolower
_cwait
_ismbcdigit
_exit
wscanf
_spawnvp
_strnicmp
_wcsnicmp

Sections

kmamsqi
Size: 199KB - Virtual size: 199KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

gqiiaei
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

kckaiy
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

csccu
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0bf20ba36ec6c5ae21530238450fbb6f

Headers

File Characteristics

Imports

advapi32

version

ole32

kernel32

oleaut32

shell32

ws2_32

user32

gdi32

msvcrt

Sections

kmamsqi Size: 199KB - Virtual size: 199KB

gqiiaei Size: 7KB - Virtual size: 6KB

kckaiy Size: 85KB - Virtual size: 85KB

csccu Size: 8KB - Virtual size: 8KB

kmamsqi
Size: 199KB - Virtual size: 199KB

gqiiaei
Size: 7KB - Virtual size: 6KB

kckaiy
Size: 85KB - Virtual size: 85KB

csccu
Size: 8KB - Virtual size: 8KB