35f308ccc102a420a7d5a748d7967ec649e03bea7827dcd45ac3032d223874de

Sharing

Copy URL Twitter E-mail

General

Target

35f308ccc102a420a7d5a748d7967ec649e03bea7827dcd45ac3032d223874de
Size

72KB
MD5

70ba0a34ef8fc72cc361b25cfb91a0c3
SHA1

feeec04397e1e6877b15cd5a82716065a045e50c
SHA256

35f308ccc102a420a7d5a748d7967ec649e03bea7827dcd45ac3032d223874de
SHA512

49b17de6adeed0f3674b17f7c190f0437d1062ced47d0cd099d6ea448255d51efde0a79299d0528ef592abf297feb7b9cd58aa248d831318f10e68f1e7b38f26
SSDEEP

1536:XCwSBiSa6J9inMnrdZkyip9otjzUKxUHRZZYe7MsIpbdCE1H:ST5YexIrotZxUH2e7MsIpbZH

Score

N/A

Malware Config

Signatures

Files

35f308ccc102a420a7d5a748d7967ec649e03bea7827dcd45ac3032d223874de
.exe windows x86

cba203f2245d33d86246beddd7e29ed8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsDBCSLeadByte
CreateFileMappingA
WideCharToMultiByte
GetCurrentThreadId
DeleteFileW
ReadProcessMemory
VirtualFree
CopyFileW
MapViewOfFile
GetModuleHandleA
SetFileAttributesW
TerminateThread
FindNextFileA
GetDriveTypeW
GetSystemInfo
SuspendThread
FindFirstFileA
TlsSetValue
HeapFree
SetLastError
ExpandEnvironmentStringsW
FlushViewOfFile
lstrlenA
ResumeThread
MapViewOfFileEx
CreateFileMappingW
UnhandledExceptionFilter
lstrcpyA
GetDriveTypeA
GetFileType
CreateFileA
CopyFileA
UnmapViewOfFile
TlsAlloc
LCMapStringW
DeviceIoControl
ExpandEnvironmentStringsA
CreateThread
LocalAlloc
EnterCriticalSection
CreateFileW
LocalFree
GetThreadSelectorEntry
WriteFile
SetUnhandledExceptionFilter
TlsGetValue
DeleteCriticalSection
HeapAlloc
LeaveCriticalSection
VirtualAlloc
GetFileSize
GetFullPathNameA
InitializeCriticalSectionAndSpinCount
DuplicateHandle
SetEndOfFile
VirtualProtect
CloseHandle
SetFileAttributesA
FreeLibrary
TlsFree
HeapDestroy
HeapReAlloc
GetSystemTimeAsFileTime
VirtualQueryEx
GetProcessHeap
FindClose
CreateDirectoryA
GetThreadContext
SetFilePointer
SetErrorMode
OutputDebugStringA
GetModuleHandleW
FileTimeToDosDateTime
lstrcpyW
GetNumberFormatA
lstrcmpA
lstrlenW
GetOEMCP
CreateNamedPipeW
GetShortPathNameW
GetLogicalDriveStringsA
GetLogicalDrives
OpenMutexW
RemoveDirectoryA
SetLocaleInfoW
GetLongPathNameA
EnumDateFormatsA
GetHandleInformation
lstrcmpiA
RemoveDirectoryW

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoSizeW
GetFileVersionInfoW

msvcrt

wcscmp
strchr
memmove
_ltoa
fread
_mbsicmp
_wcsnicmp
_snwprintf
__CxxFrameHandler
_read
wcsncpy
_wcsdup
_wfopen
_strlwr
strrchr
fopen
swprintf
_wsplitpath
_strcmpi
free
_osver
_memicmp
_initterm
_CxxThrowException
_iob
isxdigit
malloc
isspace
towlower
_splitpath
_strnicmp
_lseeki64
printf
_access
wprintf
_open_osfhandle
fseek
wcsncmp
wcscpy
_onexit
_wmakepath
sprintf
_wcsicmp
_wfsopen
_sopen
strstr
wcsncat
__dllonexit
tolower
strncpy
qsort
_wgetenv
_close
_chsize
fflush
wcsrchr
_mbscmp
ftell
ctime
_stricmp
_itoa
_get_osfhandle
strncat
_fsopen
_vsnprintf
_mbsnbcpy
wcscat
?terminate@@YAXXZ
_write
_winmajor
calloc
strncmp
time
wcstol
_wfullpath
_purecall
_fullpath
fclose
_wsopen
_winminor
__unDName
_makepath
bsearch
wcslen

rpcrt4

UuidCreate

advapi32

CryptGenRandom
CryptReleaseContext
RegOpenKeyExA
RegCloseKey
RegQueryInfoKeyW
InitializeSecurityDescriptor
RegEnumKeyExW
RegQueryValueExA
RegOpenKeyExW
RegQueryValueExW
CryptAcquireContextA
SetSecurityDescriptorDacl
CryptGetKeyParam
UnlockServiceDatabase
SystemFunction020
SetServiceStatus
ConvertSidToStringSidW
SystemFunction031
GetNamedSecurityInfoExA
SaferiRecordEventLogEntry
StartServiceCtrlDispatcherW
LsaCreateTrustedDomain
GetManagedApplications
LsaQueryDomainInformationPolicy
ImpersonateSelf
BuildTrusteeWithNameA
A_SHAFinal
CredFree
FindFirstFreeAce
CryptHashSessionKey
SystemFunction033
MapGenericMask
AccessCheck
SaferiChangeRegistryScope
ConvertSecurityDescriptorToAccessA
FreeEncryptedFileKeyInfo
InitiateSystemShutdownA
GetUserNameW
QueryServiceConfigW
ObjectPrivilegeAuditAlarmA
CredpEncodeCredential
SystemFunction036
CreateRestrictedToken
LookupPrivilegeDisplayNameA
CreateCodeAuthzLevel
CreateServiceA
AddAccessDeniedAce
ObjectOpenAuditAlarmW
InitiateSystemShutdownExA
SaferCreateLevel
WmiOpenBlock
SystemFunction034
StartTraceW
GetTraceEnableFlags
WmiSetSingleInstanceA
WmiReceiveNotificationsA
LsaFreeMemory
BuildImpersonateExplicitAccessWithNameA

gdi32

CreatePatternBrush
ClearBrushAttributes
CreateScalableFontResourceA
RemoveFontResourceExA
GetMetaFileA
GetRasterizerCaps

rasman

RasSetDevConfig
RasServerPortClose
RasStartRasAutoIfRequired
RasGetProtocolInfo
RasBundleClearStatistics
RasRpcGetDevConfig
RasPortStoreUserData
RasRPCBind
RasGetUnicodeDeviceName
RasRpcDisconnect

user32

WaitForInputIdle
CreateAcceleratorTableA
GetClassInfoA
GetMenuStringW
MessageBoxIndirectW
GetActiveWindow
MonitorFromRect
InsertMenuItemA
LoadMenuA
IsWindow
RegisterWindowMessageW

Sections

.text
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

DATA
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 830B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 899B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cba203f2245d33d86246beddd7e29ed8

Headers

File Characteristics

Imports

kernel32

version

msvcrt

rpcrt4

advapi32

gdi32

rasman

user32

Sections

.text Size: 41KB - Virtual size: 41KB

.idata Size: 4KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 1KB

.tls Size: 512B - Virtual size: 1KB

.idata Size: 7KB - Virtual size: 6KB

.reloc Size: 1024B - Virtual size: 4KB

DATA Size: - Virtual size: 5KB

DATA Size: - Virtual size: 2KB

DATA Size: - Virtual size: 8KB

.tls Size: 512B - Virtual size: 1KB

.tls Size: 512B - Virtual size: 2KB

.tls Size: 512B - Virtual size: 1KB

.tls Size: 512B - Virtual size: 830B

.tls Size: 512B - Virtual size: 2KB

.tls Size: 512B - Virtual size: 899B

.rsrc Size: 11KB - Virtual size: 11KB

.text
Size: 41KB - Virtual size: 41KB

.idata
Size: 4KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 1KB

.tls
Size: 512B - Virtual size: 1KB

.idata
Size: 7KB - Virtual size: 6KB

.reloc
Size: 1024B - Virtual size: 4KB

DATA
Size: - Virtual size: 5KB

DATA
Size: - Virtual size: 2KB

DATA
Size: - Virtual size: 8KB

.tls
Size: 512B - Virtual size: 1KB

.tls
Size: 512B - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 1KB

.tls
Size: 512B - Virtual size: 830B

.tls
Size: 512B - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 899B

.rsrc
Size: 11KB - Virtual size: 11KB