3b9a4620a5549092cf306c97b66b68faf3ee5c290146ba3cdef37d5c06475297

Sharing

Copy URL

Twitter E-mail

General

Target

3b9a4620a5549092cf306c97b66b68faf3ee5c290146ba3cdef37d5c06475297
Size

41KB
MD5

71e86ce9cd37fbc42a75ebbae96851c0
SHA1

eb76b435fa790172a85a19c9f6b37d7600d9d503
SHA256

3b9a4620a5549092cf306c97b66b68faf3ee5c290146ba3cdef37d5c06475297
SHA512

8dd3a87d3af62e6d34c7a39ff5cbd8ab9c5032c8c7fa8ca8c7386ae161d1fdb89ef418b8bcfb8f1e68095acc665dcbf66a6b6c45feb6ad0a9f2d0d5b1172555c
SSDEEP

768:y6OrxKPsu/qL0l6ic+zmV3famyaPpcEo/Fnz7IyyX30Ya50cr47n:y+J/qLo3m7pcEoRf+Fx7n

Score

N/A

Malware Config

Signatures

Files

3b9a4620a5549092cf306c97b66b68faf3ee5c290146ba3cdef37d5c06475297
.exe windows x86

f89fe0885a16d66355c63c0c06a39533

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegQueryValueExW
SetServiceStatus
RegisterServiceCtrlHandlerW
RegCloseKey
RegOpenKeyExW
StartServiceCtrlDispatcherW
SetSecurityDescriptorDacl
SetEntriesInAclW
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
GetTokenInformation
OpenProcessToken
OpenThreadToken

kernel32

HeapFree
GetLastError
WideCharToMultiByte
lstrlenW
DeactivateActCtx
GetProcAddress
LoadLibraryExW
ActivateActCtx
LeaveCriticalSection
lstrcmpW
EnterCriticalSection
HeapAlloc
FreeLibrary
ReleaseActCtx
CreateActCtxW
ExpandEnvironmentStringsW
lstrcmpiW
ExitProcess
GetCommandLineW
InitializeCriticalSection
GetProcessHeap
SetErrorMode
SetUnhandledExceptionFilter
RegisterWaitForSingleObject
LocalFree
GetCurrentProcess
GetCurrentThread
InterlockedCompareExchange
LoadLibraryA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
LocalAlloc
LCMapStringW
DelayLoadFailureHook

ntdll

RtlInitializeSid
RtlAllocateHeap
RtlLengthRequiredSid
RtlSubAuthoritySid
RtlFreeHeap
RtlCopySid
RtlSubAuthorityCountSid
wcscpy
wcscat
RtlInitializeCriticalSection
RtlSetProcessIsCritical
RtlImageNtHeader
wcslen
RtlUnhandledExceptionFilter

rpcrt4

RpcServerUnregisterIfEx
RpcMgmtWaitServerListen
RpcServerUnregisterIf
RpcMgmtSetServerStackSize
RpcServerListen
RpcServerUseProtseqEpW
RpcServerRegisterIf
I_RpcMapWin32Status
RpcMgmtStopServerListening

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

wgivkyq
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f89fe0885a16d66355c63c0c06a39533

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

ntdll

rpcrt4

Sections

.text Size: 11KB - Virtual size: 11KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 28KB - Virtual size: 29KB

wgivkyq Size: - Virtual size: 4KB

.text
Size: 11KB - Virtual size: 11KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 28KB - Virtual size: 29KB

wgivkyq
Size: - Virtual size: 4KB