8c15cfa7216f2bbc69278e7f8bc9418c1aea8b41d7ffce64ca1f54307007e3fb

Sharing

Copy URL Twitter E-mail

General

Target

8c15cfa7216f2bbc69278e7f8bc9418c1aea8b41d7ffce64ca1f54307007e3fb
Size

602KB
MD5

6faccac8bf08a3d70122eec54b628210
SHA1

ddc289411d09c862198547dc8ce193a28c8ad855
SHA256

8c15cfa7216f2bbc69278e7f8bc9418c1aea8b41d7ffce64ca1f54307007e3fb
SHA512

5d6090d4e1fa878c1b6bd5a7fc7c2e4b5f752c0e9e608774432c09ccd63c061bd56e3719b22db62cf8811ba88ab2d55c52caddd6f98569ad3568df529e6b3be4
SSDEEP

12288:UyL97I1SxfZQJo+rCHZN3acwNVfYmcgoJlmc4fsm:UfYfZQJYRaCO1

Score

N/A

Malware Config

Signatures

Files

8c15cfa7216f2bbc69278e7f8bc9418c1aea8b41d7ffce64ca1f54307007e3fb
.exe windows x64

7b28e705fbb7335b176f005f2600d45e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegSetValueExW
LookupAccountNameW
OpenEventLogW
ReadEventLogW
LookupAccountSidW
CloseEventLog
DecryptFileW
RegEnumValueW
RegEnumKeyExW
LsaOpenPolicy
LsaLookupSids
LsaFreeMemory
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid

kernel32

CreateFileW
GetLastError
DeviceIoControl
CloseHandle
GetWindowsDirectoryW
GetProcAddress
GetModuleHandleW
SetLastError
SetFilePointerEx
SetEndOfFile
DeleteFileW
OpenFileById
GetFinalPathNameByHandleW
GetLogicalDriveStringsW
GetDriveTypeW
GetVolumeInformationW
GetSystemInfo
CreateHardLinkW
FindFirstFileNameW
FindNextFileNameW
FindClose
HeapSetInformation
SetThreadUILanguage
GetVersionExW
FileTimeToSystemTime
GetTimeFormatW
GetDateFormatW
CreateDirectoryW
GetFileAttributesW
GetSystemDirectoryW
CreateProcessW
SetConsoleCtrlHandler
WaitForSingleObject
GetFullPathNameW
GetVolumePathNameW
GetCurrentDirectoryW
QueryDosDeviceW
GetVolumeNameForVolumeMountPointW
GetComputerNameW
FormatMessageW
WriteFile
LocalFree
ExpandEnvironmentStringsW
FindFirstFileW
FindNextFileW
GetTempPathW
GetTempFileNameW
GetFileSizeEx
GetCurrentProcess
GetStdHandle
GetFileType
GetConsoleMode
WriteConsoleW
WideCharToMultiByte
GetConsoleOutputCP
GetDiskFreeSpaceExW
Sleep
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter

msvcrt

realloc
wcsncpy_s
_wcsdup
wprintf
exit
iswspace
iswdigit
iswalpha
__wgetmainargs
__C_specific_handler
_XcptFilter
_exit
_cexit
_initterm
_amsg_exit
__setusermatherr
_commode
towupper
__set_app_type
?terminate@@YAXXZ
memset
memcpy
isalpha
calloc
free
malloc
wcscat_s
wcscpy_s
_wcsnicmp
_errno
_wcsicmp
_wtoi
wcsrchr
_vsnwprintf
isdigit
toupper
swprintf_s
_fmode
setlocale
_local_unwind

ntdll

NtEnumerateTransactionObject
RtlStringFromGUID
RtlTimeToTimeFields
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlAllocateHeap
NtQuerySecurityObject
RtlFreeUnicodeString
RtlConvertSidToUnicodeString
NtSetInformationFile
NtQueryInformationFile
RtlNtStatusToDosError
RtlInitUnicodeString
RtlGetOwnerSecurityDescriptor
NtCreateFile
RtlFreeHeap
RtlDosPathNameToNtPathName_U
RtlSetCurrentTransaction
RtlGetCurrentTransaction
NtSetQuotaInformationFile
NtQueryQuotaInformationFile
RtlLengthSid
NtSetVolumeInformationFile
NtQueryVolumeInformationFile
NtOpenFile

ktmw32

GetTransactionInformation
CommitTransaction
OpenTransaction
RollbackTransaction

ole32

CoTaskMemFree
StringFromIID
IIDFromString

netapi32

NetApiBufferFree
NetShareEnum

Sections

.text
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 826B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vmp0
Size: 508KB - Virtual size: 1.8MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7b28e705fbb7335b176f005f2600d45e

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

ntdll

ktmw32

ole32

netapi32

Sections

.text Size: 85KB - Virtual size: 84KB

.data Size: 3KB - Virtual size: 4KB

.pdata Size: 2KB - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 826B

.vmp0 Size: 508KB - Virtual size: 1.8MB

.text
Size: 85KB - Virtual size: 84KB

.data
Size: 3KB - Virtual size: 4KB

.pdata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 826B

.vmp0
Size: 508KB - Virtual size: 1.8MB