9f77f3aea101b2c3595270dbe5b09866252adaba6a615e359f0ed93f63c8770d

Sharing

Copy URL Twitter E-mail

General

Target

9f77f3aea101b2c3595270dbe5b09866252adaba6a615e359f0ed93f63c8770d
Size

364KB
MD5

05dffa21900a7eb0d0060bd9b115d461
SHA1

6af1635f1665b7febc05c907db613ff5fd434882
SHA256

9f77f3aea101b2c3595270dbe5b09866252adaba6a615e359f0ed93f63c8770d
SHA512

c65871874ce446a874d733e1b3fb052b1ed7cfb7c6cea8118a1664e762bca96ae4dd807e07e95454379186f9a036371dc6f54be434067a246174efe2bb3dc1f8
SSDEEP

6144:HCPbB+LVRHIBy1hfZ5735RgXecLYswtP3BAnNi/zl:iYBRHNfZ5r5CXtYs+JACzl

Score

N/A

Malware Config

Signatures

Files

9f77f3aea101b2c3595270dbe5b09866252adaba6a615e359f0ed93f63c8770d
.exe windows x86

0249420604dd370a4f3d32546d6fe62b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SuspendThread
OpenThread
SystemTimeToFileTime
SetEnvironmentVariableW
LoadLibraryW
GetPrivateProfileStringW
QueryDosDeviceW
GetLogicalDriveStringsW
WideCharToMultiByte
WriteFile
lstrlenA
DebugBreak
OutputDebugStringW
TlsSetValue
TlsGetValue
GetACP
CreateProcessW
WaitForSingleObject
GetFileAttributesExW
TerminateProcess
GetTimeZoneInformation
SetFilePointer
DeviceIoControl
SetEvent
GetHandleInformation
TerminateThread
DisconnectNamedPipe
OutputDebugStringA
WaitNamedPipeW
LeaveCriticalSection
EnterCriticalSection
ConnectNamedPipe
CreateNamedPipeW
CreateThread
FlushFileBuffers
GetLocalTime
LocalFileTimeToFileTime
GetEnvironmentVariableW
GetProcessHeap
GetFileSizeEx
SetFilePointerEx
lstrcmpA
FormatMessageW
GetSystemTime
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
WriteConsoleW
FindFirstFileW
WriteConsoleA
SetStdHandle
Sleep
GetPrivateProfileSectionW
GetTickCount
WritePrivateProfileStringW
GetCommandLineW
OpenProcess
GetProcessTimes
FileTimeToLocalFileTime
FileTimeToSystemTime
GetWindowsDirectoryW
CreateDirectoryW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
GetCurrentProcessId
GetModuleFileNameW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
lstrcmpiW
InterlockedIncrement
GetCurrentThread
GetCurrentProcess
lstrlenW
LocalAlloc
LocalFree
GetVersionExW
GetVersion
GetModuleHandleW
GetProcAddress
CreateFileW
GetFileSize
ReadFile
CloseHandle
InterlockedDecrement
GetLastError
DeleteCriticalSection
InitializeCriticalSection
GetConsoleMode
GetConsoleCP
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringA
InitializeCriticalSectionAndSpinCount
LCMapStringW
HeapSize
HeapReAlloc
VirtualAlloc
IsValidCodePage
GetOEMCP
GetCPInfo
QueryPerformanceCounter
VirtualFree
HeapCreate
SetLastError
TlsAlloc
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStdHandle
FindClose
LoadLibraryA
GetModuleHandleA
CreateMutexA
ReleaseMutex
TlsFree
CreateMutexW
GetConsoleOutputCP
GetCurrentThreadId
ExitProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
GetStartupInfoW
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
RtlUnwind
UnhandledExceptionFilter
RaiseException

user32

CharNextW
PostThreadMessageW
LoadStringW
PostMessageW
wvsprintfW
CharUpperW

advapi32

CopySid
CreateProcessAsUserW
RevertToSelf
DuplicateTokenEx
SetEntriesInAclW
AllocateAndInitializeSid
FreeSid
EqualSid
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
SetSecurityDescriptorDacl
QueryServiceStatus
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
OpenThreadToken
OpenProcessToken
GetTokenInformation
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
IsValidSid
GetLengthSid
RegQueryValueExA
SetServiceStatus
ControlService
StartServiceW
CreateServiceW
ChangeServiceConfigW
ChangeServiceConfig2W
OpenSCManagerW
OpenServiceW
QueryServiceConfigW
CloseServiceHandle

shell32

SHGetSpecialFolderPathW

ole32

CoRevokeClassObject
CoRegisterClassObject
CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree
CoUninitialize
CoInitializeSecurity
CoInitialize
CoTaskMemRealloc

oleaut32

VarUI4FromStr

shlwapi

StrCmpNIW
PathFileExistsW
StrCmpIW
SHSetValueW
SHGetValueW
StrStrIW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

crypt32

CryptMsgOpenToDecode
CryptMsgUpdate
CertCloseStore
CryptMsgClose
CertGetNameStringW
CertGetCertificateContextProperty
CertOpenStore

wintrust

WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain

Sections

.text
Size: 201KB - Virtual size: 201KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 7KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 102KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0249420604dd370a4f3d32546d6fe62b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

version

crypt32

wintrust

Sections

.text Size: 201KB - Virtual size: 201KB

.rdata Size: 46KB - Virtual size: 45KB

.data Size: 7KB - Virtual size: 17KB

.rsrc Size: 102KB - Virtual size: 104KB

.text
Size: 201KB - Virtual size: 201KB

.rdata
Size: 46KB - Virtual size: 45KB

.data
Size: 7KB - Virtual size: 17KB

.rsrc
Size: 102KB - Virtual size: 104KB