c0880d7649df4710813a87e9f0d59e03036521840b1a5f2b2bd6e3d6b11a4cd0

Sharing

Copy URL

Twitter E-mail

General

Target

c0880d7649df4710813a87e9f0d59e03036521840b1a5f2b2bd6e3d6b11a4cd0
Size

687KB
MD5

722b56542ed9eaae6d3e45b2b6322620
SHA1

df41484f76186241c54f8ecfbba19538276c80c0
SHA256

c0880d7649df4710813a87e9f0d59e03036521840b1a5f2b2bd6e3d6b11a4cd0
SHA512

be19f664751552afb31b33379b08036e697b585414d24a098e3a27bfe3428e94b738241d33e1c214c467337f734f4e62dee38e9bd979bc68fddaa8f7f3fe9097
SSDEEP

12288:kpowaAL5CJRvYYBi3yUkcIt1DDhdpo9gagH7PhSlplMD9Sfz86:kpowaAQuyUkcqDD3po+agbP2p+cf

Score

N/A

Malware Config

Signatures

Files

c0880d7649df4710813a87e9f0d59e03036521840b1a5f2b2bd6e3d6b11a4cd0
.exe windows x64

f63b5a4c61cc1116ea110163f0df7a8b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

GetUserNameW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
ReadEncryptedFileRaw
DecryptFileW
GetSecurityDescriptorControl
SetNamedSecurityInfoW
GetNamedSecurityInfoW
EncryptFileW
RegCreateKeyExW
RegQueryValueExW
RegDeleteValueW
RegCloseKey
RegSetValueExW
CloseEncryptedFileRaw
WriteEncryptedFileRaw
OpenEncryptedFileRawW

kernel32

GetFullPathNameW
SystemTimeToFileTime
FileTimeToSystemTime
lstrcmpW
lstrlenW
GetLastError
lstrcmpiW
GetVersion
GetSystemTime
ExpandEnvironmentStringsW
LocalFileTimeToFileTime
FindFirstChangeNotificationW
SetErrorMode
SetWaitableTimer
FindCloseChangeNotification
GetModuleHandleW
SetThreadUILanguage
SetFileTime
OpenProcess
Sleep
GetFileAttributesW
GetConsoleOutputCP
SetLastError
GetLocalTime
FindNextChangeNotification
WaitForMultipleObjects
CreateWaitableTimerW
HeapSetInformation
CloseHandle
GetCurrentProcessId
WideCharToMultiByte
FormatMessageW
FindFirstFileW
CompareFileTime
CreateDirectoryW
CreateFileW
GlobalFree
FindClose
RemoveDirectoryW
FindNextFileW
GetFileInformationByHandle
SetFileAttributesW
GetVolumeInformationW
CopyFileExW
WaitForSingleObject
SetEvent
BackupRead
BackupWrite
DeviceIoControl
GetFileTime
DeleteFileW
LocalFree
ExitThread
SetThreadPriority
GetExitCodeThread
CreateEventW
ResumeThread
CreateThread
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
ExitProcess
HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
GetConsoleMode
HeapValidate
WriteConsoleW
GetStdHandle
HeapSize
GetFileType
SetUnhandledExceptionFilter

mfc42u

ord1264
ord1262
ord1259
ord1353
ord5933
ord4234
ord620
ord2629
ord2783
ord3830
ord1869
ord445
ord940
ord6886
ord6880
ord1483
ord6887
ord5949
ord1379
ord624
ord626
ord1126
ord1122
ord1287
ord4436
ord6050
ord4523
ord1040

msvcrt

_onexit
_lock
__dllonexit
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_unlock
__set_app_type
_fmode
_commode
__setusermatherr
memset
__CxxFrameHandler3
_get_osfhandle
_memicmp
_amsg_exit
_initterm
exit
_cexit
_exit
_XcptFilter
__C_specific_handler
__wgetmainargs
clock
fflush
fwprintf_s
_wsetlocale
swprintf_s
fclose
time
_setmode
fputws
_fileno
ctime
_vsnwprintf
fprintf
printf
fgetws
wprintf
_wfopen
__iob_func
_wcsnicmp
fwprintf
_wcsicmp
_errno
memcpy

user32

LoadStringW

ws2_32

WSACleanup

shlwapi

StrChrIW

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
NtSetInformationProcess

Sections

.text
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 393KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 580KB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f63b5a4c61cc1116ea110163f0df7a8b

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

mfc42u

msvcrt

user32

ws2_32

shlwapi

ntdll

Sections

.text Size: 99KB - Virtual size: 98KB

.data Size: 1024B - Virtual size: 393KB

.pdata Size: 4KB - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 580KB - Virtual size: 2.5MB

.text
Size: 99KB - Virtual size: 98KB

.data
Size: 1024B - Virtual size: 393KB

.pdata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 580KB - Virtual size: 2.5MB