f8649b730c5b01446d9a27119495fcec038c6c9301af8b4a2c7a0c79dfb77489

Sharing

Copy URL Twitter E-mail

General

Target

f8649b730c5b01446d9a27119495fcec038c6c9301af8b4a2c7a0c79dfb77489
Size

584KB
MD5

6c8a71ab5d5ce9668ceaf8e6f8c86780
SHA1

eadd8f754fb98ea23f4ad2e8f84d3b6a47aa6776
SHA256

f8649b730c5b01446d9a27119495fcec038c6c9301af8b4a2c7a0c79dfb77489
SHA512

f14f23197e2a4009af8d195a0e5c336ed6bbdcf4dc1856367346225837e72c7a37b4adc08fb1bd854daf4f0432d1b4e4a4d4fcaf2c2661a4d2f9c2470dba665b
SSDEEP

12288:R99999AbgZlCKyo4Edu994H0yhH4Ryt4qzxsqqJqpk:R99999AEhuH6/hYotFlmW

Score

N/A

Malware Config

Signatures

Files

f8649b730c5b01446d9a27119495fcec038c6c9301af8b4a2c7a0c79dfb77489
.exe windows x86

ebf4488334350aee00f675c23c129f70

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlUnwind
memcpy
sin

kernel32

InterlockedCompareExchange
AddVectoredExceptionHandler
GetLastError
GetExitCodeProcess
CreateWaitableTimerW
GetCurrentThread
RemoveVectoredExceptionHandler
GetProcessHeap
ExitProcess
SetHandleCount
SizeofResource
UnhandledExceptionFilter
lstrcpyA
WritePrivateProfileStringA
GetPrivateProfileStringA
lstrcmpiA
LockResource
LocalAlloc
CreateFileMappingA
SetStdHandle
TerminateProcess
CreateFileA
GlobalFree
GetModuleFileNameA
HeapFree
GetStringTypeA
lstrcatA
SetFilePointer
IsBadCodePtr
FreeEnvironmentStringsW
WideCharToMultiByte
MapViewOfFile
LCMapStringW
lstrcpynA
GetStdHandle
FindClose
CompareStringA
FreeEnvironmentStringsA
LoadResource
MultiByteToWideChar
GetEnvironmentStrings
GetEnvironmentStringsW
HeapAlloc
GetShortPathNameA
FindFirstFileA
GetACP
UnmapViewOfFile
GetFileAttributesA
GetSystemDirectoryA
IsBadReadPtr
GetProcAddress
SetUnhandledExceptionFilter
CloseHandle
GetFileType
GetStringTypeW
LCMapStringA
GetTempPathA
GetPrivateProfileSectionA
GetDiskFreeSpaceA
GetFileSize
GlobalUnlock
MoveFileExA
GlobalAlloc
lstrlenA
CreateDirectoryA
GetModuleHandleA
SetEnvironmentVariableA
GetTimeZoneInformation
GetLocaleInfoW
VirtualQuery
GetSystemInfo
VirtualProtect
CompareStringW
GetOEMCP
LoadLibraryA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetCommandLineA
GetVersionExA
GetStartupInfoA
EnterCriticalSection
LeaveCriticalSection
OutputDebugStringA
WriteFile
DeleteCriticalSection
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCurrentThreadId
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
FatalAppExitA
GetCPInfo
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
LoadLibraryExA
InitializeCriticalSection
Sleep
VirtualAlloc
HeapReAlloc
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetCurrentProcess

shell32

SHGetPathFromIDListA
SHGetMalloc
ShellExecuteA
SHBrowseForFolderA

advapi32

RegOpenKeyExA
RegQueryValueExA

user32

InsertMenuW

Sections

.text
Size: 248KB - Virtual size: 461KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 176KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

S0#-
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.eh_fram
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

~%rzD?&(
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.eh_fra0
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

expoi
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ebf4488334350aee00f675c23c129f70

Headers

File Characteristics

Imports

ntdll

kernel32

shell32

advapi32

user32

Sections

.text Size: 248KB - Virtual size: 461KB

.rdata Size: 176KB - Virtual size: 174KB

S0#- Size: 4KB - Virtual size: 2KB

.eh_fram Size: 44KB - Virtual size: 42KB

~%rzD?&( Size: 44KB - Virtual size: 41KB

.edata Size: 12KB - Virtual size: 9KB

.eh_fra0 Size: 4KB - Virtual size: 1KB

expoi Size: 44KB - Virtual size: 42KB

.rsrc Size: 4KB - Virtual size: 2KB

.text
Size: 248KB - Virtual size: 461KB

.rdata
Size: 176KB - Virtual size: 174KB

S0#-
Size: 4KB - Virtual size: 2KB

.eh_fram
Size: 44KB - Virtual size: 42KB

~%rzD?&(
Size: 44KB - Virtual size: 41KB

.edata
Size: 12KB - Virtual size: 9KB

.eh_fra0
Size: 4KB - Virtual size: 1KB

expoi
Size: 44KB - Virtual size: 42KB

.rsrc
Size: 4KB - Virtual size: 2KB