9648a98b0fea08df66688f2408c8137b86cd8abb6bcca815bd5ab641dd2e50ec

Sharing

Copy URL Twitter E-mail

General

Target

9648a98b0fea08df66688f2408c8137b86cd8abb6bcca815bd5ab641dd2e50ec
Size

324KB
MD5

6fcf3a8582f4eb2ff88e29cc2cb3fe8e
SHA1

775b1a1256b05cb453e855945a02fb458628e69f
SHA256

9648a98b0fea08df66688f2408c8137b86cd8abb6bcca815bd5ab641dd2e50ec
SHA512

d78a39d36ea48f97c98666545c38ca83f10a235f65b6ccb3472086b864060ba6b27146bcb5c191a1daa6406324b30d8a566bc0d8e0c914fa02328d3b238251ba
SSDEEP

6144:HDfTAnNX5jvzD4tkrtRW+7NpxyN90vEpsOQs8v:jfTAnLjvQtkRRTVy907OQr

Score

N/A

Malware Config

Signatures

Files

9648a98b0fea08df66688f2408c8137b86cd8abb6bcca815bd5ab641dd2e50ec
.exe windows x86

ddc91ecd17d943e2ee26d62fc9a4fb0c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
InitiateSystemShutdownExW
RegSetValueExW
RegCreateKeyExW
CreateProcessAsUserW
RegDeleteKeyW
RegQueryValueExW
RegEnumKeyW
RegDeleteValueW
ConvertSidToStringSidW
RegOpenKeyExW
AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueW
CopySid
GetTokenInformation
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegDeleteKeyValueW
ControlTraceW
EnableTrace
CloseTrace
StartTraceW
GetLengthSid
IsValidSid
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
InitializeSecurityDescriptor
CryptReleaseContext
DecryptFileA
CryptGenRandom
CryptAcquireContextW
EventRegister
EventUnregister
EventWrite
EventEnabled

kernel32

ProcessIdToSessionId
GetCurrentProcessId
FormatMessageW
CreateFileW
GetFullPathNameW
GetCurrentProcess
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
CreateEventW
InterlockedIncrement
LocalFree
MultiByteToWideChar
GetFileAttributesA
CreateDirectoryA
GetSystemDirectoryA
RemoveDirectoryW
MoveFileExW
DeleteFileW
lstrcmpW
CreateDirectoryW
OutputDebugStringW
lstrlenW
GetFileAttributesW
GetSystemDirectoryW
WaitForSingleObject
GetExitCodeProcess
GetExitCodeThread
FindFirstFileW
lstrcmpiW
FindNextFileW
GetSystemWindowsDirectoryW
InterlockedDecrement
GetLastError
CloseHandle
GetCommandLineW
CreateThread
FreeLibrary
GetProcAddress
LoadLibraryW
InterlockedExchange
Sleep
InterlockedCompareExchange
GetStartupInfoW
SetUnhandledExceptionFilter
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
OutputDebugStringA
FindClose

gdi32

GetStockObject
GetDeviceCaps
CreateFontIndirectW
DeleteObject
CreateCompatibleDC
SelectObject
GetTextExtentPoint32W
DeleteDC

user32

GetClientRect
FillRect
EndPaint
SetRect
SendDlgItemMessageW
GetDC
ReleaseDC
SetWindowLongW
ShowWindow
SystemParametersInfoW
MessageBoxW
PostMessageW
BeginPaint
DestroyAcceleratorTable
TranslateAcceleratorW
RegisterClassExW
CreateWindowExW
ShutdownBlockReasonCreate
ShutdownBlockReasonDestroy
DestroyWindow
DefWindowProcW
MsgWaitForMultipleObjects
TranslateMessage
DispatchMessageW
PeekMessageW
SetFocus
EnableWindow
GetDlgItem
SetDlgItemTextW
UpdateWindow
LoadCursorW
LoadIconW
EndDialog
DialogBoxParamW
CreateAcceleratorTableW
SendMessageW

msvcrt

memmove
??3@YAXPAX@Z
_vsnwprintf
memset
wcsrchr
_controlfp
?terminate@@YAXXZ
_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
memcpy
_vsnprintf
_ftol2
_wcsnicmp
iswdigit
wcschr
_wcsicmp
??2@YAPAXI@Z

ole32

CoInitializeSecurity
CoCreateInstance
CoInitializeEx
CoTaskMemFree
CoUninitialize

oleaut32

SysFreeString
VariantInit
SysAllocString

shell32

CommandLineToArgvW
SHGetPathFromIDListW
ShellExecuteExW
SHBrowseForFolderW
ord730

shlwapi

StrToIntExW

ntdll

WinSqmEndSession
WinSqmSetString
WinSqmStartSession
WinSqmSetDWORD

dpx

DpxNewJob

wtsapi32

WTSQueryUserToken

comctl32

InitCommonControlsEx

Sections

.text
Size: 201KB - Virtual size: 201KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ddc91ecd17d943e2ee26d62fc9a4fb0c

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

msvcrt

ole32

oleaut32

shell32

shlwapi

ntdll

dpx

wtsapi32

comctl32

Sections

.text Size: 201KB - Virtual size: 201KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 85KB - Virtual size: 85KB

.reloc Size: 36KB - Virtual size: 39KB

.text
Size: 201KB - Virtual size: 201KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 85KB - Virtual size: 85KB

.reloc
Size: 36KB - Virtual size: 39KB