2eda4984b5ddb433feb21e8ba4c2dd0b6a81fd9dc1cc9657a152324ecb893462

Sharing

Copy URL Twitter E-mail

General

Target

2eda4984b5ddb433feb21e8ba4c2dd0b6a81fd9dc1cc9657a152324ecb893462
Size

149KB
MD5

592b433efc6a2229f2945cad6ce9d211
SHA1

4c13943883ccfef7734283c11107ba7d9dde7155
SHA256

2eda4984b5ddb433feb21e8ba4c2dd0b6a81fd9dc1cc9657a152324ecb893462
SHA512

c94d7d438fafc37fd2151a4f36a8701edd7185aee4981ae2af95d878a31091e1e7da4bb1bd64132bc5ecba720c77d4918184bf6597dc2888ceee9416e8a6adcd
SSDEEP

3072:hRHlf/LtCSPhHkTSBDWr/Dw7rHAEZcDwb8rCiEKBV:zHlf/zPTD1Q/Dwbi7V

Score

N/A

Malware Config

Signatures

Files

2eda4984b5ddb433feb21e8ba4c2dd0b6a81fd9dc1cc9657a152324ecb893462
.zip
memclean.exe
.exe windows x64

ca5e7feb83f0b003ab7740d0fdb4e293

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CreateToolhelp32Snapshot
Sleep
GetLastError
GetFileAttributesA
LoadLibraryA
Process32Next
CloseHandle
WritePrivateProfileStringA
GetProcAddress
LocalFree
GlobalMemoryStatusEx
FreeLibrary
CreateDirectoryA
FormatMessageA
GetPrivateProfileIntA
GetPrivateProfileStringA
WriteConsoleW
CreateFileW
HeapReAlloc
HeapSize
GetConsoleMode
GetConsoleOutputCP
OpenProcess
GetStringTypeW
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
SetFilePointerEx
GetFileType
GetModuleHandleA
ReleaseMutex
K32EmptyWorkingSet
CreateMutexA
ExpandEnvironmentStringsA
GetCurrentProcess
Process32First
FlushFileBuffers
GetModuleFileNameA
LCMapStringW
GetCurrentThreadId
WaitForSingleObjectEx
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
QueryPerformanceCounter
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
SetLastError
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
GetStdHandle
WriteFile
HeapAlloc
HeapFree

user32

SetWindowPos
PostMessageA
GetSystemMetrics
CreatePopupMenu
TrackPopupMenu
RegisterWindowMessageA
IsDlgButtonChecked
DefWindowProcA
DestroyMenu
SetDlgItemTextA
SendMessageA
AppendMenuA
GetClientRect
GetWindowRect
PostQuitMessage
SetForegroundWindow
GetCursorPos
GetMessageA
GetClassLongPtrA
DispatchMessageA
DestroyWindow
EndDialog
ShowWindow
MessageBoxA
RegisterClassA
CreateWindowExA
TranslateMessage
LoadIconA
SetProcessDPIAware
DialogBoxParamA
CheckDlgButton

advapi32

RegSetValueExA
RegOpenKeyExA
RegDeleteValueA
AdjustTokenPrivileges
PrivilegeCheck
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey

shell32

ord680
ShellExecuteA
Shell_NotifyIconA

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 266KB - Virtual size: 266KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ca5e7feb83f0b003ab7740d0fdb4e293

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

Sections

.text Size: 100KB - Virtual size: 99KB

.rdata Size: 53KB - Virtual size: 53KB

.data Size: 3KB - Virtual size: 9KB

.pdata Size: 6KB - Virtual size: 5KB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 266KB - Virtual size: 266KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 100KB - Virtual size: 99KB

.rdata
Size: 53KB - Virtual size: 53KB

.data
Size: 3KB - Virtual size: 9KB

.pdata
Size: 6KB - Virtual size: 5KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 266KB - Virtual size: 266KB

.reloc
Size: 2KB - Virtual size: 1KB