d3b875fa41b202ef73f8b5b497375b172bf591a8bacb1718704caab6a47ed025

Sharing

Copy URL Twitter E-mail

General

Target

d3b875fa41b202ef73f8b5b497375b172bf591a8bacb1718704caab6a47ed025
Size

262KB
MD5

7ff7e6310cf95a7cee301865cc05f511
SHA1

3793480da6e42135da334b77af53184369f2437d
SHA256

d3b875fa41b202ef73f8b5b497375b172bf591a8bacb1718704caab6a47ed025
SHA512

2ebae33c11df8bceb9d8288d3aae43c0154468aa3e4993f2bd7054479871feb06c1d1550ad591621ea2bb82b05adcad65bb93c9936987e20e04c58c229c878a8
SSDEEP

3072:EXVOAGmzJzB7Qy+kqxA6u67/NCU2VKXflY9JKwFl+rC+NHaEqF6elM5fgokZ:EsCzT+kqxJT78wY9J0VNHaEqF6migL

Score

N/A

Malware Config

Signatures

Files

d3b875fa41b202ef73f8b5b497375b172bf591a8bacb1718704caab6a47ed025
.exe windows x86

7a911329f9a9c229930917afa29f952c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStringTypeA
IsBadWritePtr
VirtualFree
HeapCreate
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
SetUnhandledExceptionFilter
GetCPInfo
GetOEMCP
LoadLibraryA
LCMapStringA
LCMapStringW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
DeleteTimerQueueTimer
CreateTimerQueueTimer
lstrcmpW
DuplicateHandle
GetProcAddress
LoadLibraryW
GetCurrentThread
CreateThread
lstrcpyW
GetCurrentProcessId
CloseHandle
GetCurrentThreadId
GetStringTypeW
lstrcatW
lstrcmpiW
SetProcessWorkingSetSize
CreateEventW
LockResource
GetThreadLocale
GetLastError
InterlockedExchange
RaiseException
GetTempPathW
lstrlenW
MultiByteToWideChar
GetACP
GetModuleFileNameW
lstrcpynW
GetVersionExW
SizeofResource
Sleep
OpenProcess
GetCommandLineW
InitializeCriticalSection
GetModuleHandleW
SetEvent
WaitForSingleObject
GetCurrentProcess
InterlockedDecrement
InterlockedIncrement
LoadLibraryExW
LoadResource
FreeLibrary
FindResourceW
FindResourceExW
GetLocaleInfoA
DeleteTimerQueueEx
CreateTimerQueue
GetTempFileNameW
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
RtlUnwind
GetStartupInfoW
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
DeleteCriticalSection
FreeEnvironmentStringsW
GetModuleHandleA
GetSystemInfo
VirtualAlloc
VirtualProtect
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA
SetLastError
FindFirstFileW
DeleteFileW
FindNextFileW
GetFileAttributesW
RemoveDirectoryW
GetTickCount
GetExitCodeProcess
FindClose
ResetEvent
CreateFileW
CreateProcessW
CreateMutexW
ReleaseMutex
EnterCriticalSection
LeaveCriticalSection
InterlockedCompareExchange
GetFileSize
QueryPerformanceFrequency
QueryPerformanceCounter
VirtualQuery
GetFileAttributesExW
CopyFileW
MoveFileExW
FlushFileBuffers
SetFilePointer
ReadFile
WriteFile
GetSystemTimeAsFileTime
CompareFileTime
FileTimeToSystemTime
WideCharToMultiByte
GetSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
GetDateFormatW
GetTimeFormatW
ExitProcess
TerminateProcess

user32

CharLowerW
SetTimer
GetMessageW
CharNextW
wvsprintfW
KillTimer
TranslateMessage
LoadStringW
PostThreadMessageW
DispatchMessageW

ole32

StringFromGUID2
CoInitialize
CoTaskMemFree
CoTaskMemAlloc
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemRealloc
CoImpersonateClient
CoCreateGuid
CoUninitialize
CoRevertToSelf
CoCreateInstance
CoInitializeSecurity

oleaut32

SysAllocString
LoadTypeLi
UnRegisterTypeLi
VarUI4FromStr
RegisterTypeLi
SysFreeString

advapi32

FreeSid
CheckTokenMembership
AllocateAndInitializeSid
OpenThreadToken
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
RegSetValueExW
RegCloseKey
RegEnumKeyExW
ControlService
GetLengthSid
ReportEventW
RegisterServiceCtrlHandlerW
MakeSelfRelativeSD
GetSecurityDescriptorSacl
AddAce
InitializeSid
GetSidLengthRequired
RegOpenKeyExW
IsValidSid
GetSecurityDescriptorOwner
SetSecurityDescriptorOwner
SetServiceStatus
InitializeAcl
ChangeServiceConfigW
MakeAbsoluteSD
RegDeleteValueW
QueryServiceStatus
StartServiceW
ChangeServiceConfig2W
GetSecurityDescriptorLength
SetSecurityDescriptorDacl
RegDeleteKeyW
InitializeSecurityDescriptor
DeregisterEventSource
RegQueryInfoKeyW
RegQueryValueExW
GetSecurityDescriptorControl
RegCreateKeyExW
CopySid
GetAclInformation
OpenServiceW
SetSecurityDescriptorGroup
SetSecurityDescriptorControl
StartServiceCtrlDispatcherW
OpenSCManagerW
DeleteService
GetSidSubAuthority
CloseServiceHandle
RegisterEventSourceW
CreateServiceW

shlwapi

SHQueryValueExW
StrRetToStrW
PathFindExtensionW

crypt32

CertEnumCertificatesInStore
CryptQueryObject
CertNameToStrW
CertFreeCertificateContext
CertDuplicateCertificateContext
CertCloseStore

shell32

SHCreateDirectoryExW
SHFileOperationW
SHGetDesktopFolder
SHGetFolderLocation

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

wintrust

WinVerifyTrust

Sections

.text
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.erdata
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7a911329f9a9c229930917afa29f952c

Headers

File Characteristics

Imports

kernel32

user32

ole32

oleaut32

advapi32

shlwapi

crypt32

shell32

version

wintrust

Sections

.text Size: 96KB - Virtual size: 95KB

.rdata Size: 20KB - Virtual size: 20KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 6KB - Virtual size: 5KB

.erdata Size: 60KB - Virtual size: 60KB

.text
Size: 96KB - Virtual size: 95KB

.rdata
Size: 20KB - Virtual size: 20KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 6KB - Virtual size: 5KB

.erdata
Size: 60KB - Virtual size: 60KB