8129368c3e2e4da706a93cc04d9e16fe7c44dbb3e18587483e65d1af9f0c0ee5

Sharing

Copy URL Twitter E-mail

General

Target

8129368c3e2e4da706a93cc04d9e16fe7c44dbb3e18587483e65d1af9f0c0ee5
Size

40KB
MD5

6527abf8f1ff90182a5c8b9b3953a4e1
SHA1

9c62726217ad3352581d71d088e7b460c82f341b
SHA256

8129368c3e2e4da706a93cc04d9e16fe7c44dbb3e18587483e65d1af9f0c0ee5
SHA512

77269a03863299829ed1bc139a755378cf2008e3bc33b3e7405a712913b0970b19b1f934bdb3c389396b2f59781d36c400634f522fd0737337f3a18e86c8afee
SSDEEP

768:/HOHPxsGVStKQQfRMrC3mMcpzLLhtCpcynP:4PTS4Q2RSzLFcSynP

Score

N/A

Malware Config

Signatures

Files

8129368c3e2e4da706a93cc04d9e16fe7c44dbb3e18587483e65d1af9f0c0ee5
.exe windows x86

a6af5eb93430967de494a5f1c6e74deb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

mfc42

ord2827
ord540
ord2818
ord825
ord823
ord537
ord800

msvcrt

_stricmp
printf
exit
sprintf
time
localtime
wcslen
memmove
strrchr
wcsrchr
swprintf
__dllonexit
_onexit
_except_handler3
?terminate@@YAXXZ
_exit
_XcptFilter
__p___initenv
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
__CxxFrameHandler

kernel32

GetVersionExA
GetModuleFileNameA
FormatMessageA
lstrlenA
LocalFree
SetConsoleCtrlHandler
OutputDebugStringA
GetSystemDirectoryW
lstrcatW
LoadLibraryW
CreateFileW
WaitNamedPipeW
ReadFile
WaitNamedPipeA
CloseHandle
FreeLibrary
ResetEvent
WaitForMultipleObjects
CreateEventA
SetEvent
GetLastError
OpenProcess
GetCurrentProcessId
GetModuleFileNameW
GetProcAddress
LoadLibraryA
WaitForSingleObject
TerminateProcess
Sleep
SetLastError
CreateFileA
WriteFile
SetNamedPipeHandleState
ProcessIdToSessionId

advapi32

OpenSCManagerA
CreateServiceA
ChangeServiceConfig2A
QueryServiceObjectSecurity
GetSecurityDescriptorDacl
InitializeSecurityDescriptor
AllocateAndInitializeSid
SetEntriesInAclA
SetSecurityDescriptorDacl
SetServiceObjectSecurity
FreeSid
CloseServiceHandle
RegisterServiceCtrlHandlerExA
SetServiceStatus
StartServiceCtrlDispatcherA
RegisterEventSourceA
ReportEventA
DeregisterEventSource
DuplicateTokenEx
SetTokenInformation
CreateProcessAsUserW
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
DeleteService
QueryServiceStatus
ControlService
OpenServiceA

Sections

.text
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a6af5eb93430967de494a5f1c6e74deb

Headers

File Characteristics

Imports

userenv

mfc42

msvcrt

kernel32

advapi32

Sections

.text Size: 12KB - Virtual size: 9KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 12KB - Virtual size: 9KB

.text
Size: 12KB - Virtual size: 9KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 12KB - Virtual size: 9KB