1c3d9a7a0e304e97766a002b97f01c6828b56f893b9ea0946eb7e8698569b6d0

Sharing

Copy URL Twitter E-mail

General

Target

1c3d9a7a0e304e97766a002b97f01c6828b56f893b9ea0946eb7e8698569b6d0
Size

596KB
MD5

76748b29ac064a2a0365ffff562155f0
SHA1

643a6a88fbd20c8af493d9bb886b6d32727d582b
SHA256

1c3d9a7a0e304e97766a002b97f01c6828b56f893b9ea0946eb7e8698569b6d0
SHA512

b448c5bba23130745b396736870cf69dd41c8edf91b73e82a26b9cd5716f2f4117f791bee68745a1355b9e40de47ed90905b38256e02a8be64053cb8faa76d82
SSDEEP

12288:B6UumjzbBZ9vVYZinuWyfMpTPKw2p8CYVUJQzpvMScgTqC7yRXz8585mTDMqfAdk:SibhMQGJQxMRgj7yZz8585VUy

Score

N/A

Malware Config

Signatures

Files

1c3d9a7a0e304e97766a002b97f01c6828b56f893b9ea0946eb7e8698569b6d0
.exe windows x64

60665c78b82cb0d243314c1a77b94d8e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegQueryValueExW
CredUnprotectW
RegOpenKeyExW
CheckTokenMembership
RegCloseKey
CredIsProtectedW

kernel32

FreeLibrary
HeapAlloc
HeapFree
WaitForSingleObject
SetEvent
GetProcessHeap
LoadLibraryW
GetLastError
GetProcAddress
LocalAlloc
CreateEventW
HeapSetInformation
CloseHandle
LocalFree
ExpandEnvironmentStringsW
LoadLibraryExA
DelayLoadFailureHook
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
GetStartupInfoW
Sleep
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetCurrentProcessId

msvcrt

__setusermatherr
?terminate@@YAXXZ
__set_app_type
_fmode
memset
_amsg_exit
_initterm
_acmdln
exit
_cexit
_ismbblead
_exit
_XcptFilter
__C_specific_handler
__getmainargs
_vsnwprintf
_commode
memcpy

rpcrt4

RpcServerUnregisterIf
NdrServerCallAll
NdrServerCall2
RpcEpUnregister
RpcRevertToSelf
UuidFromStringW
RpcBindingVectorFree
RpcImpersonateClient
RpcServerUseProtseqW
RpcServerRegisterIfEx
RpcServerInqBindings
RpcServerListen
RpcBindingInqAuthClientW
I_RpcBindingIsClientLocal
RpcEpRegisterW

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlNtStatusToDosError
RtlCaptureContext

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 408B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 580KB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

60665c78b82cb0d243314c1a77b94d8e

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

rpcrt4

ntdll

Sections

.text Size: 12KB - Virtual size: 12KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 512B - Virtual size: 408B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 580KB - Virtual size: 1.9MB

.text
Size: 12KB - Virtual size: 12KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 512B - Virtual size: 408B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 580KB - Virtual size: 1.9MB