d6a3210ed9467df51604c34ee3f4f453e491f3421ecc1bd01ed8f86789e93d61

Sharing

Copy URL

Twitter E-mail

General

Target

d6a3210ed9467df51604c34ee3f4f453e491f3421ecc1bd01ed8f86789e93d61
Size

845KB
MD5

6abc3c32fda2b2c3f29e9f3eedcae31f
SHA1

d4b9aca393f3e52fe71a0375382295cce1aea8f8
SHA256

d6a3210ed9467df51604c34ee3f4f453e491f3421ecc1bd01ed8f86789e93d61
SHA512

7a03b61dfb731a9b04790d17cbea9a978aea3c4510805d9c3aed03676f5acb39c8028e2d1c2b3b62a5cb966a6d331dcbae50be481c57e3655190425d838093b5
SSDEEP

12288:YpZ7On7Rmb74lKtNd5+8A96DoVs6mx5g6ZXmFMzCmzJo4Zkb77zK0VfmMVY0VgT6:y7On+1BA96DwaPZWFMzCGogkXhEN0Sm

Score

N/A

Malware Config

Signatures

Files

d6a3210ed9467df51604c34ee3f4f453e491f3421ecc1bd01ed8f86789e93d61
.exe windows x86

931cc30f14a527d6c67a88a71ddade68

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnumDateFormatsW
GetHandleInformation
VirtualAlloc
LoadLibraryA
GetConsoleAliasExesLengthW
GetSystemDefaultLCID
InitializeCriticalSectionAndSpinCount
LocalCompact
SetStdHandle
ReplaceFile
lstrcpyA
GetNamedPipeHandleStateA
ReadConsoleOutputAttribute
GetTickCount
GetNumaProcessorNode
CreateIoCompletionPort
CreateTimerQueue
GlobalUnWire
WriteProfileSectionA
IsValidCodePage
GetConsoleCommandHistoryW
InitializeCriticalSection

user32

GetWindowContextHelpId
CheckMenuRadioItem
DdeQueryStringA
GetInputState
SetFocus
RegisterClipboardFormatA
ModifyMenuW
ReleaseDC
MonitorFromRect
GetClipboardData
SetWinEventHook
ChangeDisplaySettingsExA
GetClipboardFormatNameA
IsWindowEnabled
PackDDElParam
ShowCursor
ReleaseCapture
DdeInitializeA
KillTimer
FindWindowExW
CreateIconFromResource
EnumDisplaySettingsExA
GetWindowInfo
OemKeyScan
UpdateWindow

ntdll

ZwQuerySystemTime
NtCreateProcess
RtlUnlockHeap
ZwTerminateJobObject
NtProtectVirtualMemory
LdrFindResourceDirectory_U
ZwQueryMultipleValueKey
RtlValidateProcessHeaps
ZwSetLowEventPair
_strcmpi
ZwSetSecurityObject
RtlUnicodeStringToAnsiString
RtlLargeIntegerShiftRight
ZwClose
RtlValidRelativeSecurityDescriptor
RtlIsGenericTableEmptyAvl
ZwEnumerateValueKey

cmutil

?GPPI@CIniW@@QBEKPBG0K@Z
?WPPI@CIniW@@QAEXPBG0K@Z
?Clear@CmLogFile@@QAEXH@Z
WzToSzWithAlloc
?LoadEntry@CIniA@@IBEPADPBD@Z
?Clear@CIniW@@QAEXXZ
?CIniW_GetEntryFromReg@CIniW@@IBEPAEPAUHKEY__@@PBG1KK@Z
CmStrStrA
GetOSMajorVersion
CmStrCpyAllocA
?SetParams@CmLogFile@@QAEJHKPBG@Z
??1CmLogFile@@QAE@XZ
WzToSz
??4CIniW@@QAEAAV0@ABV0@@Z
?WPPB@CIniA@@QAEXPBD0H@Z
?SetFile@CIniW@@QAEXPBG@Z
??_FCIniW@@QAEXXZ
?SetFile@CIniA@@QAEXPBD@Z
??_FCIniA@@QAEXXZ
?OpenFile@CmLogFile@@AAEJXZ

Sections

.text
Size: 730KB - Virtual size: 729KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 972B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

931cc30f14a527d6c67a88a71ddade68

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ntdll

cmutil

Sections

.text Size: 730KB - Virtual size: 729KB

.rdata Size: 107KB - Virtual size: 107KB

.data Size: 4KB - Virtual size: 1.5MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 972B

.text
Size: 730KB - Virtual size: 729KB

.rdata
Size: 107KB - Virtual size: 107KB

.data
Size: 4KB - Virtual size: 1.5MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 972B