a3d950e21ff0566f48d3881e6aa6354645b672a39db29fda4ce5e741c208e7a3

Sharing

Copy URL Twitter E-mail

General

Target

a3d950e21ff0566f48d3881e6aa6354645b672a39db29fda4ce5e741c208e7a3
Size

961KB
MD5

6180721a79baa6dc60bf152bb05d4db8
SHA1

adc850055d7d1cd43aca9cd17d014b78a6b97cd1
SHA256

a3d950e21ff0566f48d3881e6aa6354645b672a39db29fda4ce5e741c208e7a3
SHA512

2f685dc09f7a5505dce0b53ab5d6e468233d999434541edda3945497c40a1ae8aa6e56f79a42dc6962c447f351d1cc94353c7b21b5926bef2f18663b851e35b2
SSDEEP

12288:xcnMmUa8woVorcBt3Gq+9cfG17rQPUV80r3F9ZYsfLGXB9Ct5ey0:xs2yoVoIBlc9cfG1P58mWs6bae

Score

N/A

Malware Config

Signatures

Files

a3d950e21ff0566f48d3881e6aa6354645b672a39db29fda4ce5e741c208e7a3
.exe windows x86

94b01c5dc048f80e5b5239c43e68dae7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

kernel32

CreateFileW
LockResource
LoadResource
SizeofResource
FindResourceW
GetModuleHandleA
HeapAlloc
HeapFree
GetProcessHeap
LCMapStringW
GetStringTypeW
VirtualProtect
VirtualAlloc
GetProcAddress
GetModuleHandleW
GetSystemInfo
WriteFile
GetLocaleInfoA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LocalFree
CloseHandle
DeleteFileW
InterlockedDecrement
GetEnvironmentVariableW
InterlockedExchange
CompareStringW
lstrlenW
GetVersion
GetLastError
WideCharToMultiByte
MultiByteToWideChar
VirtualQuery
HeapDestroy
HeapReAlloc
HeapSize
Sleep
CreateDirectoryW
ExpandEnvironmentStringsW
InterlockedIncrement
LoadLibraryW
FreeLibrary
GetWindowsDirectoryW
GetModuleFileNameW
FormatMessageA
SetLastError
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
OutputDebugStringA
InterlockedCompareExchange

msvcrt

setlocale
malloc
ungetc
_isatty
_write
_lseeki64
_fileno
__pioinfo
__badioinfo
ferror
wctomb
_itoa
_snprintf
localeconv
isleadbyte
mbtowc
isdigit
_controlfp
_onexit
_lock
__dllonexit
_unlock
isspace
memmove
memcpy
memset
?terminate@@YAXXZ
realloc
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_amsg_exit
_initterm
wcsrchr
??0exception@@QAE@ABQBD@Z
??0bad_cast@@QAE@ABV0@@Z
??1bad_cast@@UAE@XZ
fgetwc
fputwc
ungetwc
fflush
setvbuf
memchr
fgetc
fwrite
_ltow
_wcsicmp
fgetpos
fseek
fsetpos
fclose
strcspn
wcstol
_wtol
__crtLCMapStringA
isupper
_fsopen
abort
islower
_Gettnames
_Strftime
_Getdays
_Getmonths
tolower
__crtCompareStringA
isalnum
free
_CxxThrowException
printf
__CxxFrameHandler
_errno
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_callnewh
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@XZ
_pctype
_wcsupr
_iob
__mb_cur_max
__lc_handle
__lc_codepage
__lc_collate_cp

ntdll

RtlFreeHeap
RtlUnwind
RtlAllocateHeap
RtlImageNtHeader

ole32

OleRun
CoUninitialize
CoInitialize
CoTaskMemFree
CoCreateInstance
CoImpersonateClient
CoRevertToSelf
CLSIDFromString
CoTaskMemAlloc
CLSIDFromProgID
CoTaskMemRealloc

oleaut32

SysAllocString
SysStringLen
SysAllocStringByteLen
VariantClear
SafeArrayDestroy
VariantInit
SafeArrayPutElement
SafeArrayCreateVector
SafeArrayCreate
GetErrorInfo
SysFreeString

iassvcs

IASVariantChangeType

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
OpenSCManagerA
OpenServiceA
CloseServiceHandle
QueryServiceStatusEx

rtutils

TraceVprintfExA
TraceRegisterExW
TraceDeregisterW

Sections

.text
Size: 193KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 245KB - Virtual size: 245KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vmp0
Size: 508KB - Virtual size: 1.6MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

94b01c5dc048f80e5b5239c43e68dae7

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

ntdll

ole32

oleaut32

iassvcs

advapi32

rtutils

Sections

.text Size: 193KB - Virtual size: 192KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 245KB - Virtual size: 245KB

.reloc Size: 11KB - Virtual size: 11KB

.vmp0 Size: 508KB - Virtual size: 1.6MB

.text
Size: 193KB - Virtual size: 192KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 245KB - Virtual size: 245KB

.reloc
Size: 11KB - Virtual size: 11KB

.vmp0
Size: 508KB - Virtual size: 1.6MB