cd055222cfcd705f4b298512b0f564fa9ac99b5e2c41f5d7e73d474b837459bd

Sharing

Copy URL Twitter E-mail

General

Target

cd055222cfcd705f4b298512b0f564fa9ac99b5e2c41f5d7e73d474b837459bd
Size

388KB
MD5

4589b0b4032cad7c39a3ff42ef360b70
SHA1

184cbb9e1ce7c0d0d297742a5782718e01abc7a0
SHA256

cd055222cfcd705f4b298512b0f564fa9ac99b5e2c41f5d7e73d474b837459bd
SHA512

ebeb28faba05008d5b16368d705017269b117229d8d02fe42445304295a29a27cb3107bec5eb31eccfa5356b1d1d7cbc05d6e615d5b4d33c634733bb177054ec
SSDEEP

6144:44rC/xgJkzm2jslBpeAxMhNLY6KJ4QM5lFsYf6b7M:4nZgJkzm2jiBp5qKaQMRfi7M

Score

N/A

Malware Config

Signatures

Files

cd055222cfcd705f4b298512b0f564fa9ac99b5e2c41f5d7e73d474b837459bd
.exe windows x86

1560bdc342ab6f31d199a5bf0808b25a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileW
FlushFileBuffers
ReadFile
SetEndOfFile
WriteFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CreateFileA
SetStdHandle
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetFileAttributesW
GetModuleHandleA
GetFullPathNameW
GetCurrentDirectoryW
GetCurrentProcessId
WideCharToMultiByte
lstrlenA
GetProcAddress
Sleep
GetCommandLineW
SetErrorMode
Process32NextW
ProcessIdToSessionId
Process32FirstW
CreateToolhelp32Snapshot
WTSGetActiveConsoleSessionId
CreateProcessW
ResumeThread
TerminateProcess
SetLastError
GetCurrentThreadId
InterlockedIncrement
InterlockedDecrement
GetModuleFileNameW
GetModuleHandleW
LoadLibraryExW
FindResourceW
GetLastError
LoadResource
SizeofResource
MultiByteToWideChar
RaiseException
lstrcmpiW
lstrlenW
FreeLibrary
OutputDebugStringW
GetCurrentProcess
DuplicateHandle
OpenProcess
CreateThread
SetEvent
LeaveCriticalSection
EnterCriticalSection
CreateEventW
InitializeCriticalSectionAndSpinCount
GetConsoleMode
GetConsoleCP
LCMapStringW
LCMapStringA
SetFilePointer
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetModuleFileNameA
GetStdHandle
ExitProcess
HeapCreate
VirtualFree
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
RtlUnwind
GetStartupInfoA
GetCommandLineA
VirtualQuery
GetSystemInfo
VirtualAlloc
DeleteCriticalSection
InitializeCriticalSection
GetExitCodeProcess
WaitForSingleObject
CloseHandle
LoadLibraryA
VirtualProtect
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetProcessHeap
HeapSize
HeapReAlloc
HeapDestroy
HeapAlloc
HeapFree

user32

CloseWindowStation
OpenDesktopW
SetThreadDesktop
EnumDesktopsW
SetProcessWindowStation
OpenWindowStationW
GetWindowThreadProcessId
CharUpperW
wsprintfW
EnumWindowStationsW
PostThreadMessageW
LoadStringW
GetMessageW
TranslateMessage
DispatchMessageW
MessageBoxW
CharNextW
GetThreadDesktop
GetProcessWindowStation
EnumDesktopWindows

advapi32

StartServiceCtrlDispatcherW
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
DeleteService
ControlService
RegisterServiceCtrlHandlerW
SetServiceStatus
RegQueryValueExW
DeregisterEventSource
ReportEventW
RegisterEventSourceW
CloseServiceHandle
ChangeServiceConfig2W
OpenServiceW
CreateServiceW
OpenSCManagerW
CreateProcessAsUserW
OpenProcessToken
DuplicateTokenEx
SetTokenInformation
GetTokenInformation
GetSecurityDescriptorControl
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
LookupAccountSidW
IsValidSid
GetLengthSid
CopySid
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
AdjustTokenPrivileges
LookupPrivilegeValueW
RegDeleteValueW
RegCreateKeyExW
RegDeleteKeyW

shell32

SHGetFolderPathW

ole32

CoSuspendClassObjects
CoCreateInstance
CoRegisterClassObject
CoRevokeClassObject
CoResumeClassObjects
CoInitializeSecurity
CoTaskMemAlloc
CoTaskMemRealloc
CoUninitialize
CoInitializeEx
CoTaskMemFree
StringFromGUID2

oleaut32

UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
SysStringLen
SysFreeString
LoadRegTypeLi
LoadTypeLi
SysAllocStringLen
SysAllocString
VariantClear
VariantInit

shlwapi

PathQuoteSpacesW
PathFileExistsW
PathAppendW
PathUnquoteSpacesW

wtsapi32

WTSQueryUserToken

userenv

LoadUserProfileW
CreateEnvironmentBlock
DestroyEnvironmentBlock
UnloadUserProfile

crypt32

CertNameToStrA
CryptMsgGetAndVerifySigner
CryptQueryObject
CertFreeCertificateContext
CryptMsgClose

wintrust

WinVerifyTrust

psapi

GetModuleFileNameExW

Sections

.text
Size: 131KB - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 192KB - Virtual size: 1.3MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1560bdc342ab6f31d199a5bf0808b25a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

wtsapi32

userenv

crypt32

wintrust

psapi

Sections

.text Size: 131KB - Virtual size: 130KB

.rdata Size: 47KB - Virtual size: 47KB

.data Size: 9KB - Virtual size: 17KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 7KB - Virtual size: 7KB

.vmp0 Size: 192KB - Virtual size: 1.3MB

.text
Size: 131KB - Virtual size: 130KB

.rdata
Size: 47KB - Virtual size: 47KB

.data
Size: 9KB - Virtual size: 17KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 7KB - Virtual size: 7KB

.vmp0
Size: 192KB - Virtual size: 1.3MB