462610c0b4912a4382b3cdf16e161b4e107e1b1688f0ca9abdede16fcef620c0

Sharing

Copy URL

Twitter E-mail

General

Target

462610c0b4912a4382b3cdf16e161b4e107e1b1688f0ca9abdede16fcef620c0
Size

184KB
MD5

6ded2764a5ec08b082fd5a9ad0566d8a
SHA1

fa86e9731db2979e9d8edfb8a00675b780193e25
SHA256

462610c0b4912a4382b3cdf16e161b4e107e1b1688f0ca9abdede16fcef620c0
SHA512

67569c245f59923e016fa2f663ac71d58e77b5e9749f68f3d6b05596f30b9dac105c5d7cffe23d45776f55f8d3b79bac05e5c7500953238cbbd8703d487ac240
SSDEEP

3072:gOu9bIE1JFXr+BxK/+xltRQWJZ97XWfLztyxem8tPQ8M8WANSt6Q+pywpe79F37n:xE1nXMxK/ItRQu97Xeztyom8tPQ8M8Cm

Score

N/A

Malware Config

Signatures

Files

462610c0b4912a4382b3cdf16e161b4e107e1b1688f0ca9abdede16fcef620c0
.dll windows x86

ac83d849bd2257b6a88e9832139b7f29

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

NtQueryInformationProcess
NtQueryObject
RtlUnwind
RtlZeroMemory

psapi

EnumProcessModules
GetProcessImageFileNameA
GetModuleFileNameExA

kernel32

DeleteFileA
DeleteTimerQueueTimer
DuplicateHandle
ExitProcess
ExitThread
FindClose
FindFirstFileA
FindNextFileA
FindResourceA
FlushFileBuffers
FormatMessageA
FreeLibrary
GetComputerNameA
GetCurrentProcess
GetCurrentProcessId
GetDateFormatA
GetEnvironmentStringsA
GetEnvironmentVariableA
GetExitCodeProcess
GetExitCodeThread
GetFileTime
GetLastError
GetLocalTime
GetModuleFileNameA
GetProcAddress
GetProcessHeap
GetSystemDirectoryA
CloseHandle
GetTempPathA
GetTickCount
GetTimeFormatA
GetVersionExA
GlobalLock
GlobalUnlock
HeapAlloc
HeapFree
LoadLibraryA
CopyFileA
LoadResource
LocalFree
LockResource
MultiByteToWideChar
OpenEventA
OpenMutexA
Process32First
Process32Next
ProcessIdToSessionId
QueryDosDeviceA
CreateDirectoryA
ReadFile
ReadProcessMemory
CreateFileA
SetFilePointer
SetFileTime
SizeofResource
Sleep
SystemTimeToFileTime
TerminateProcess
TerminateThread
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteFile
CreateMutexA
CreateProcessA
CreateThread
CreateTimerQueueTimer
CreateToolhelp32Snapshot

user32

GetWindowTextA
GetWindowThreadProcessId
GetClipboardSequenceNumber
GetForegroundWindow
GetMessageA
OpenInputDesktop
SetThreadDesktop
CloseDesktop
PeekMessageA
OpenWindowStationA
CloseWindowStation
SetProcessWindowStation
TranslateMessage
GetUserObjectInformationA
DispatchMessageA
GetKeyboardLayout
RegisterClassExA
PostMessageA
GetRawInputData
RegisterRawInputDevices
PostQuitMessage
CreateWindowExA
DestroyWindow
DefWindowProcA

advapi32

LookupAccountSidA
LookupPrivilegeValueA
ChangeServiceConfigA
CloseServiceHandle
CreateServiceA
DeleteService
OpenSCManagerA
OpenServiceA
StartServiceA
LsaClose
LsaOpenPolicy
LsaQueryInformationPolicy
OpenProcessToken
GetTokenInformation
AdjustTokenPrivileges
RegDeleteValueA
RegEnumValueA
RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetKeySecurity
RegSetValueExA
InitiateSystemShutdownA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl

crtdll

_fdopen
_iob
_itoa
_makepath
_open_osfhandle
_sleep
_snprintf
_splitpath
_strdup
_stricmp
_strlwr
_strnicmp
atoi
fclose
feof
fopen
fputc
fread
free
_cexit
localeconv
malloc
memcmp
memcpy
memmove
memset
pow
raise
rand
realloc
setbuf
strcat
strchr
strcmp
strncpy
strpbrk
strrchr
strstr
strtol
wcslen
wcsncpy
wctomb

Exports

Exports

CTF
CTFInit
CTFInits
CTFInitw
CTFStart
CTFTo
DS
Extract
LibMain

Sections

.text
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 84B - Virtual size: 84B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE

.edata
Size: 248B - Virtual size: 248B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ac83d849bd2257b6a88e9832139b7f29

Headers

File Characteristics

Imports

ntdll

psapi

kernel32

user32

advapi32

crtdll

Exports

Exports

Sections

.text Size: 72KB - Virtual size: 72KB

.bss Size: - Virtual size: 5KB

.rdata Size: 84B - Virtual size: 84B

.data Size: 15KB - Virtual size: 15KB

.idata Size: 5KB - Virtual size: 5KB

.rsrc Size: 27KB - Virtual size: 27KB

.reloc Size: 3KB - Virtual size: 3KB

.edata Size: 248B - Virtual size: 248B

.text
Size: 72KB - Virtual size: 72KB

.bss
Size: - Virtual size: 5KB

.rdata
Size: 84B - Virtual size: 84B

.data
Size: 15KB - Virtual size: 15KB

.idata
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 27KB - Virtual size: 27KB

.reloc
Size: 3KB - Virtual size: 3KB

.edata
Size: 248B - Virtual size: 248B