b2abefd52178599dc2653e266f3ee7fe051317054ba22136b7fa3eb35f00200a

Sharing

Copy URL Twitter E-mail

General

Target

b2abefd52178599dc2653e266f3ee7fe051317054ba22136b7fa3eb35f00200a
Size

446KB
MD5

721710517c538b6bfbaf8e0b7a0071b0
SHA1

afc1546dd516702aaf65ea172050991b2fbbb76b
SHA256

b2abefd52178599dc2653e266f3ee7fe051317054ba22136b7fa3eb35f00200a
SHA512

bfb9a048441c40e23db9b249e82b1aea7cf03175caabaf476c802d820e29019c397e2d761de5b72acfdf07e8e976dcac9e82bfd425a5f95fb1e0d3292c18a112
SSDEEP

12288:uIK0VoJC820xaLXHjNchtIcb4FqAgV7UfFxsH5:/XHShtIca87UfFxsH

Score

N/A

Malware Config

Signatures

Files

b2abefd52178599dc2653e266f3ee7fe051317054ba22136b7fa3eb35f00200a
.exe windows x86

ef9d525f7b712a8eaf64325f76249d60

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindClose
FindNextFileA
SetLastError
FindFirstFileA
OutputDebugStringW
FormatMessageW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
FlushFileBuffers
GetLocaleInfoW
GetConsoleMode
CreateThread
SetPriorityClass
GetCurrentThreadId
LocalAlloc
LocalFree
HeapAlloc
GetProcessHeap
HeapFree
OpenProcess
GetCurrentProcess
GetProcessWorkingSetSize
SetProcessWorkingSetSize
GetWindowsDirectoryW
GetSystemDirectoryW
ExpandEnvironmentStringsW
GetCurrentProcessId
GetFileAttributesW
CreateFileW
CreateEventW
OpenEventW
ResetEvent
ResumeThread
WaitForMultipleObjects
LoadLibraryW
LoadLibraryA
GetModuleHandleW
LoadLibraryExW
FreeLibrary
lstrlenA
GetModuleFileNameW
GetThreadPriority
SetThreadPriority
ReleaseMutex
CreateMutexA
GetCurrentThread
SetEvent
CloseHandle
TerminateThread
Sleep
WaitForSingleObject
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
GetLastError
FindResourceExW
FindResourceW
CreateFileA
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
GetVersionExW
EnterCriticalSection
RaiseException
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
GetProcAddress
GetConsoleCP
SetFilePointer
InitializeCriticalSectionAndSpinCount
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeA
GetLocaleInfoA
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
FreeEnvironmentStringsW
GetModuleHandleA
IsValidCodePage
GetOEMCP
GetACP
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
WriteFile
ExitProcess
HeapCreate
VirtualFree
GetStringTypeW
GetCPInfo
LCMapStringW
LCMapStringA
GetStartupInfoW
ExitThread
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
RtlUnwind
InterlockedExchange
InterlockedCompareExchange
HeapSize
HeapReAlloc
HeapDestroy
GetTempPathA
OutputDebugStringA
GetEnvironmentStringsW
LoadResource
GetCommandLineW

user32

GetMessageW
PostThreadMessageW
MessageBoxW
CharUpperW
CharNextW
TranslateMessage
PeekMessageW
DispatchMessageW
LoadStringW

advapi32

RegQueryValueExA
RegOpenKeyW
ChangeServiceConfigW
CreateServiceW
ChangeServiceConfig2W
StartServiceCtrlDispatcherW
RegCreateKeyW
RegisterServiceCtrlHandlerW
ControlService
DeleteService
SetServiceStatus
OpenSCManagerW
OpenServiceW
CloseServiceHandle
RegGetKeySecurity
RegSetKeySecurity
SetSecurityDescriptorOwner
GetFileSecurityW
GetSecurityDescriptorControl
SetSecurityDescriptorControl
SetFileSecurityW
LookupAccountNameW
GetNamedSecurityInfoW
GetSecurityDescriptorDacl
GetLengthSid
GetAclInformation
InitializeAcl
AddAce
GetAce
EqualSid
AddAccessAllowedAce
SetNamedSecurityInfoW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
GetTokenInformation
RegQueryValueExW
RegEnumValueW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegEnumKeyExW
OpenThreadToken
SetThreadToken
DuplicateToken
RegQueryInfoKeyW
RegisterEventSourceW
ReportEventW
DeregisterEventSource
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW

shell32

SHGetFolderPathW
SHCreateDirectoryExA
SHGetSpecialFolderPathW

ole32

CoTaskMemRealloc
CoTaskMemAlloc
CoImpersonateClient
CoInitializeEx
CoUninitialize
CoCreateInstance
CLSIDFromProgID
StringFromCLSID
CoTaskMemFree
CoSuspendClassObjects
CoRevokeClassObject
CoRegisterClassObject
StringFromGUID2
OleRun
CoResumeClassObjects
CoInitializeSecurity
CLSIDFromString
CoRevertToSelf
CoInitialize

oleaut32

SysFreeString
VariantInit
VariantClear
VariantCopy
SysAllocString
VariantCopyInd
VarUI4FromStr
SysStringLen
LoadRegTypeLi
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
SysAllocStringByteLen

shlwapi

PathAppendA
PathAddBackslashA
PathFileExistsA
ord437

userenv

UnloadUserProfile

dbghelp

MiniDumpWriteDump

Sections

.text
Size: 284KB - Virtual size: 284KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ef9d525f7b712a8eaf64325f76249d60

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

userenv

dbghelp

Sections

.text Size: 284KB - Virtual size: 284KB

.rdata Size: 72KB - Virtual size: 72KB

.data Size: 11KB - Virtual size: 20KB

.rsrc Size: 47KB - Virtual size: 46KB

.reloc Size: 27KB - Virtual size: 27KB

.text
Size: 284KB - Virtual size: 284KB

.rdata
Size: 72KB - Virtual size: 72KB

.data
Size: 11KB - Virtual size: 20KB

.rsrc
Size: 47KB - Virtual size: 46KB

.reloc
Size: 27KB - Virtual size: 27KB