5b8d3abc04c04fb75345d212472e71ee7d6a206f5f5927f5b519d054ff353532

Sharing

Copy URL Twitter E-mail

General

Target

5b8d3abc04c04fb75345d212472e71ee7d6a206f5f5927f5b519d054ff353532
Size

997KB
MD5

7645633c81f3f4a4da4c7c9ec4d0f0a0
SHA1

4e976c8f8e1305fa22e065a2f0477d91b4fd18e5
SHA256

5b8d3abc04c04fb75345d212472e71ee7d6a206f5f5927f5b519d054ff353532
SHA512

7798509182410da58eef9f5af750540a420c2d085b1eb68a4316973e6a72ae4cb75aa61108af126858664043dc9d16d5c6db6184a8c2731794becabbaaeb2dee
SSDEEP

24576:TI6EOrkwGCNmzrxw4bZ6vtvrUPvL5vnm8irU:TI6EOr/NmzlwEGKbirU

Score

N/A

Malware Config

Signatures

Files

5b8d3abc04c04fb75345d212472e71ee7d6a206f5f5927f5b519d054ff353532
.exe windows x86

6eb04091df0a3536d17a6da3c7d75696

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempPathW
LocalFree
FormatMessageW
InterlockedDecrement
LocalAlloc
lstrlenW
ReadFile
CreateFileW
CloseHandle
GetFileAttributesExW
WideCharToMultiByte
DeleteFileW
SetEvent
CreateEventA
MultiByteToWideChar
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
HeapFree
GetProcessHeap
GetSystemTimeAsFileTime
GetProcAddress
GetModuleHandleA
GetTickCount
HeapAlloc
CreateDirectoryW
GetTempFileNameW
GetNativeSystemInfo
OpenProcess
ProcessIdToSessionId
WTSGetActiveConsoleSessionId
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetTimeZoneInformation
SetEndOfFile
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetLocaleInfoW
SetStdHandle
GetConsoleOutputCP
WriteConsoleA
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetLastError
CopyFileW
Sleep
GetModuleFileNameW
GetSystemTime
WriteFile
GetCurrentThreadId
InterlockedExchange
FreeLibrary
LoadLibraryW
SetConsoleCtrlHandler
QueryPerformanceCounter
GetStartupInfoA
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapCreate
FatalAppExitA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
ExitProcess
GetCurrentThread
SetLastError
InterlockedIncrement
GetModuleHandleW
GetStdHandle
GetFileType
WriteConsoleW
CreateThread
ExitThread
GetStartupInfoW
IsDebuggerPresent
SetUnhandledExceptionFilter
InterlockedCompareExchange
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
HeapDestroy
HeapReAlloc
HeapSize
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
ReleaseSemaphore
TlsAlloc
TlsFree
TlsGetValue
GetSystemInfo
GetCurrentProcessId
OpenEventA
ResetEvent
TlsSetValue
ResumeThread
GetLogicalProcessorInformation
SystemTimeToFileTime
WaitForMultipleObjects
SetWaitableTimer
CreateWaitableTimerA
FormatMessageA
lstrlenA
FindResourceA
FindResourceExA
GetModuleFileNameA
VirtualAlloc
VirtualFree
CreateFileA
SetFilePointer
GetFileSize
CreateSemaphoreA
RtlUnwind

user32

TranslateAcceleratorW
GetMessageW
LoadAcceleratorsW
DispatchMessageW
EndDialog
DialogBoxParamW
DestroyWindow
DefWindowProcW
BeginPaint
EndPaint
PostQuitMessage
CreateWindowExW
UpdateWindow
LoadIconW
LoadCursorW
RegisterClassExW
LoadStringW
TranslateMessage

advapi32

RegSetValueExW
CreateProcessAsUserW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW

ole32

CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

SysStringLen
GetErrorInfo
VariantChangeType
SetErrorInfo
SysFreeString
VariantInit
SafeArrayCopy
SafeArrayGetVartype
VariantClear
SysAllocString
VariantCopy
CreateErrorInfo
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayCreate
SafeArrayDestroy
SafeArrayLock
SafeArrayUnlock

shlwapi

PathRemoveFileSpecW
PathRemoveExtensionA
PathFindFileNameA
PathFindFileNameW
PathRemoveExtensionW
PathAddExtensionA
PathFileExistsW
PathAddExtensionW
PathRemoveFileSpecA

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

psapi

EnumProcessModules
GetModuleBaseNameW
EnumProcesses

wtsapi32

WTSQueryUserToken

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

Sections

.text
Size: 675KB - Virtual size: 675KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 221KB - Virtual size: 221KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6eb04091df0a3536d17a6da3c7d75696

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

version

psapi

wtsapi32

userenv

Sections

.text Size: 675KB - Virtual size: 675KB

.rdata Size: 221KB - Virtual size: 221KB

.data Size: 16KB - Virtual size: 24KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 49KB - Virtual size: 48KB

.reloc Size: 33KB - Virtual size: 33KB

.text
Size: 675KB - Virtual size: 675KB

.rdata
Size: 221KB - Virtual size: 221KB

.data
Size: 16KB - Virtual size: 24KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 49KB - Virtual size: 48KB

.reloc
Size: 33KB - Virtual size: 33KB