1d9c20ad17846a26bf44a91777fc4c2cdbdbe0f95fb3d45831552ac6168ea3e3

Sharing

Copy URL Twitter E-mail

General

Target

1d9c20ad17846a26bf44a91777fc4c2cdbdbe0f95fb3d45831552ac6168ea3e3
Size

371KB
MD5

6a5f46d611575ad432b23baea0482420
SHA1

3e51b823b50de1e81b92e11a25a961d7be295ab3
SHA256

1d9c20ad17846a26bf44a91777fc4c2cdbdbe0f95fb3d45831552ac6168ea3e3
SHA512

1fea549880059588979299fd5ee685926bb70cc52ddcbeda54ad2be87e09fe881599a9dabbf8f437af79ffe2b6a8ee6891c9fbbd88a79f6413478e5c7c131e8e
SSDEEP

6144:T+XGAQVzvhUOdBvbDHJtRroUkGL3SSUoguwEJOr:C2AwvKOfnHJtRrouzLguyr

Score

N/A

Malware Config

Signatures

Files

1d9c20ad17846a26bf44a91777fc4c2cdbdbe0f95fb3d45831552ac6168ea3e3
.exe windows x86

b94efb677626b2c8928781538018e316

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetStdHandle
WriteConsoleW
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
WriteFile
GetPrivateProfileStringW
GetDriveTypeW
GetProcAddress
GetCurrentProcess
TerminateProcess
GetExitCodeProcess
LoadLibraryExW
FreeLibrary
DeleteFileW
SetLastError
MultiByteToWideChar
GetModuleFileNameW
GetFileAttributesW
CopyFileW
CreateFileW
ReadFile
CreateProcessW
GetFileSize
CreateThread
CloseHandle
lstrcmpiW
CreateEventW
Sleep
SetEvent
LCMapStringW
WaitForSingleObject
CreateDirectoryW
GetLastError
MoveFileExW
LocalFree
LocalAlloc
CompareStringW
HeapReAlloc
OutputDebugStringW
GetConsoleCP
FlushFileBuffers
SetFilePointerEx
ReadConsoleW
GetConsoleMode
RtlUnwind
GetStringTypeW
SetEnvironmentVariableW
SetEnvironmentVariableA
RaiseException
GetCPInfo
GetOEMCP
GetACP
GetCommandLineW
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
WideCharToMultiByte
HeapFree
HeapAlloc
GetCurrentThreadId
GetProcessHeap
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsDebuggerPresent
IsProcessorFeaturePresent
HeapSize
EnterCriticalSection
LeaveCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
IsValidCodePage
SetEndOfFile

user32

LoadStringA
wsprintfW

advapi32

RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegisterServiceCtrlHandlerW
SetServiceStatus
OpenSCManagerA
QueryServiceStatusEx
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
CryptHashData
CryptDestroyHash
CryptCreateHash
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CreateWellKnownSid
GetSecurityDescriptorDacl
QueryServiceConfigW
ControlService
BuildExplicitAccessWithNameW
FreeSid
SetEntriesInAclW
ChangeServiceConfigW
QueryServiceStatus
LookupAccountSidW
ChangeServiceConfig2W
QueryServiceObjectSecurity
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
OpenServiceW
SetServiceObjectSecurity
OpenSCManagerW
DeleteService
CloseServiceHandle
CreateServiceW
StartServiceCtrlDispatcherW

shell32

SHGetFolderPathW

wintrust

WinVerifyTrust

crypt32

CertFreeCertificateContext
CertFindCertificateInStore
CertCloseStore
CryptMsgGetParam
CertGetNameStringW
CryptQueryObject
CryptMsgClose

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

shlwapi

PathStripToRootW
PathQuoteSpacesW
PathUnquoteSpacesW
PathRemoveFileSpecW
PathAppendW

ole32

CoCreateGuid

rpcrt4

UuidToStringW
RpcStringFreeW

Sections

.text
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 240KB - Virtual size: 400KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b94efb677626b2c8928781538018e316

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

wintrust

crypt32

version

shlwapi

ole32

rpcrt4

Sections

.text Size: 89KB - Virtual size: 89KB

.rdata Size: 33KB - Virtual size: 33KB

.data Size: 5KB - Virtual size: 12KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 240KB - Virtual size: 400KB

.text
Size: 89KB - Virtual size: 89KB

.rdata
Size: 33KB - Virtual size: 33KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 240KB - Virtual size: 400KB