22ead497a2aade913991c7c81a8a52ffbccd581054a7632582ba45edeb6ae445

Sharing

Copy URL

Twitter E-mail

General

Target

22ead497a2aade913991c7c81a8a52ffbccd581054a7632582ba45edeb6ae445
Size

196KB
MD5

02c97389a9c339c240b078f229ea4680
SHA1

88ce8a42a966512f438c47b9ada8f63befc3bb98
SHA256

22ead497a2aade913991c7c81a8a52ffbccd581054a7632582ba45edeb6ae445
SHA512

a24a95622a5fab22029486846ade1af4cc1f40338db10c5d1f1efcf183773f55e3196ad039637758ed2cb2385003e11f478c58e53a9c6172696ee44346613677
SSDEEP

3072:SngN3BjDN1+gQRd54Hpo3tVxjG5ic2JQLyZOE9V3vsZG+8EiDJN3:lN3/wd5QYxjGP2eLyZOE9VvsG+i

Score

N/A

Malware Config

Signatures

Files

22ead497a2aade913991c7c81a8a52ffbccd581054a7632582ba45edeb6ae445
.exe windows x86

96dec31967931d774e36ea252b43f031

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

SetupDiCallClassInstaller
SetupDiDeleteDeviceInfo
SetupDiGetDeviceRegistryPropertyA
SetupDiOpenDevRegKey
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA

msvcrt

_amsg_exit
memcpy
_access
strtok
memset
__set_app_type
_mbscmp
_acmdln
__getmainargs
__p__commode
_exit
_ismbblead
_mbsupr
_initterm
?terminate@@YAXXZ
_cexit
_getcwd
strstr
_adjust_fdiv
malloc
strchr
_mbschr
_mbsicmp
_mbsstr
exit
_controlfp
memmove
__setusermatherr
_mbsinc
_XcptFilter
__p__fmode

advapi32

RegCloseKey
LookupPrivilegeValueA
DeleteService
AllocateAndInitializeSid
RegSetValueExA
RegQueryValueExA
FreeSid
RegDeleteKeyA
RegEnumKeyExA
RegDeleteValueA
GetTokenInformation
ControlService
AdjustTokenPrivileges
OpenSCManagerA
RegOpenKeyExA
EqualSid
OpenServiceA
CloseServiceHandle
OpenProcessToken

kernel32

CreateProcessA
GetSystemTimeAsFileTime
CreateDirectoryA
FindNextFileA
lstrcpynA
SetEndOfFile
CloseHandle
WaitForSingleObject
GetVersionExA
SetFileAttributesA
lstrcpyA
GetShortPathNameA
FreeLibrary
VirtualProtect
GetTickCount
LoadLibraryA
GetSystemDirectoryA
GetCurrentThreadId
CreateFileMappingA
GlobalFree
CreateFileA
lstrcatA
UnmapViewOfFile
GetProcAddress
GetCommandLineA
GetExitCodeProcess
QueryPerformanceCounter
InterlockedExchange
Sleep
GetCurrentProcessId
GetPrivateProfileStringA
GetFileSize
FindClose
lstrlenA
FindFirstFileA
SetFilePointer
InterlockedCompareExchange
GetModuleHandleA
RemoveDirectoryA
GlobalAlloc
TerminateProcess
GetWindowsDirectoryA
UnhandledExceptionFilter
MapViewOfFile
MoveFileExA
GetCurrentProcess
GetLastError
GetStartupInfoA
CreateFileW
DeleteFileA
SetUnhandledExceptionFilter

user32

LoadIconA
SendMessageA
FindWindowA
LoadStringA
wsprintfA
ExitWindowsEx
MessageBoxA

ntdll

RtlUnwind

Sections

.text
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 117KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

96dec31967931d774e36ea252b43f031

Headers

File Characteristics

Imports

setupapi

msvcrt

advapi32

kernel32

user32

ntdll

Sections

.text Size: 71KB - Virtual size: 71KB

.rdata Size: 3KB - Virtual size: 13KB

.data Size: 117KB - Virtual size: 1.1MB

.rsrc Size: 3KB - Virtual size: 2KB

.text
Size: 71KB - Virtual size: 71KB

.rdata
Size: 3KB - Virtual size: 13KB

.data
Size: 117KB - Virtual size: 1.1MB

.rsrc
Size: 3KB - Virtual size: 2KB