a384f1be7ccdaed35d571e132b0ee8002ea5c7ee812fdd49916934129bd40e2f

Sharing

Copy URL Twitter E-mail

General

Target

a384f1be7ccdaed35d571e132b0ee8002ea5c7ee812fdd49916934129bd40e2f
Size

46KB
MD5

443f4f51122c875e9a54c31da0ea2b00
SHA1

c4e5efc3d5c0780c5aa2c1c858ca559ddab6abc6
SHA256

a384f1be7ccdaed35d571e132b0ee8002ea5c7ee812fdd49916934129bd40e2f
SHA512

a7183c49a0c0eea6733a8f758c8f5a3d87c0cb33f0671ae5eb03435d416e85b3330f8953cd48574c228e6aed201d7e8cfdc6f2a2e4e409974a705464253e08fb
SSDEEP

768:PR5nIgOmIEv2im+EoKth+mHz9JaTGlS7/dZbqrgd0FMyBLkLpzFSGj7F89RW:PR5nIgOmJsuK/+mT+17/9yFLBkLzS

Score

N/A

Malware Config

Signatures

Files

a384f1be7ccdaed35d571e132b0ee8002ea5c7ee812fdd49916934129bd40e2f
.exe windows x86

7af42db3a89b178bf60b79a43cb756c2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

apphelp

SdbGrabMatchingInfoEx
SdbReadWORDTagRef
SdbOpenApphelpDetailsDatabase
ApphelpCheckInstallShieldPackage
SdbGetMsiPackageInformation
SdbCreateMsiTransformFile
SdbReadBYTETag
SdbGetPermLayerKeys
SdbReadStringTag
SdbGetDatabaseID
ApphelpFixMsiPackage
ApphelpShowDialog
SdbRegisterDatabase
SdbGetBinaryTagData
SdbTagRefToTagID
SdbFindNextMsiPackage
SdbQueryData
SdbGetFirstChild
SdbReadDWORDTagRef
SdbQueryApphelpInformation
SdbDeletePermLayerKeys
SdbFindFirstNamedTag
SdbGetTagFromTagID
SdbGetTagDataSize
ApphelpCheckIME

advpack

UserUnInstStubWrapper
GetVersionFromFile
IsNTAdmin
ExecuteCab
RegInstall
DelNodeRunDLL32
RegisterOCX
RegRestoreAll
DoInfInstall
ExtractFiles
RebootCheckOnInstall
OpenINFEngine

kernel32

FileTimeToSystemTime
InterlockedDecrement
VirtualAllocEx
InterlockedFlushSList
ConnectNamedPipe
TransactNamedPipe
GetSystemTimeAdjustment
CreateMailslotA
GetStringTypeA
GetLastError
WaitForMultipleObjects
InterlockedPopEntrySList
GetSystemTime
ReadFile
GetFileTime
InterlockedPushEntrySList
CloseHandle
GetNamedPipeHandleStateA
CreateMutexA
DisconnectNamedPipe
SetFirmwareEnvironmentVariableA
GetFileAttributesA
VirtualFree
SetFilePointer
GetVersion
OpenMutexA
SetEnvironmentVariableA
InterlockedIncrement
DeleteFileA
ReleaseMutex
CreateFileA
lstrcmpA
GetFirmwareEnvironmentVariableA

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 776B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7af42db3a89b178bf60b79a43cb756c2

Headers

DLL Characteristics

File Characteristics

Imports

apphelp

advpack

kernel32

Sections

.text Size: 21KB - Virtual size: 21KB

.data Size: 1024B - Virtual size: 776B

.rsrc Size: 23KB - Virtual size: 52KB

.text
Size: 21KB - Virtual size: 21KB

.data
Size: 1024B - Virtual size: 776B

.rsrc
Size: 23KB - Virtual size: 52KB