eff4dc82e8a50616050ad7df7cdfa6c3d1f2ef3d18b702f27eb7f9a7b195d716 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

eff4dc82e8a50616050ad7df7cdfa6c3d1f2ef3d18b702f27eb7f9a7b195d716
Size

80KB
MD5

fa8e970d7cd899cd7a5412c0873a7a5e
SHA1

3503a5879b1b4248fac0a1f173293a9cffe37644
SHA256

eff4dc82e8a50616050ad7df7cdfa6c3d1f2ef3d18b702f27eb7f9a7b195d716
SHA512

c0bf68fe53afab7452e06a2b8dac2e5bc8a320fa45a2a247f1cb201e9d8da0ce3993d78304afde4c7d411fdc0022e37c49ee56d9e1f59d443925c4e91d5d64cd
SSDEEP

384:Jsgsx/MF+UlWycAxQr6+e9Pfqbn1FEGOu2G7ydMepnvF:zsFVyWyPxXha5uL8edv

Score

N/A

Malware Config

Signatures

Files

eff4dc82e8a50616050ad7df7cdfa6c3d1f2ef3d18b702f27eb7f9a7b195d716
.exe windows x86

36ff9f51efef0cb6ff5171482f87bcb5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindResourceA
GetCurrentProcess
Process32Next
TerminateProcess
LoadResource
Process32First
CreateToolhelp32Snapshot
DeleteFileA
Sleep
LockResource
CreateFileA
SizeofResource
WriteFile
CloseHandle
OpenProcess
FreeResource

advapi32

RegRestoreKeyA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA

msvcrt

rewind
fwrite
fseek
fopen
_strlwr
fclose

Sections

.nsp0
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nsp1
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nsp2
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE