a9e3d2c978ac684a18c7d0b42b59fd9f068a42583704b4f7454d2cd08109cccb

Sharing

Copy URL Twitter E-mail

General

Target

a9e3d2c978ac684a18c7d0b42b59fd9f068a42583704b4f7454d2cd08109cccb
Size

563KB
MD5

66428170e77713443b1747ca3f5fc010
SHA1

b977308ab66303abf2c090986741140395324ad1
SHA256

a9e3d2c978ac684a18c7d0b42b59fd9f068a42583704b4f7454d2cd08109cccb
SHA512

8a24c122dd8ebc1acd6c3968c0084570bca383c7485189a799ed230eec9c8a76b36328a7e090d7aa16809240cdb03a8f2032e0c2dbe9ebd52132da0e4cc808b4
SSDEEP

12288:i7TAGGpLQcH0AmAUY3zhc5Ia6ETEosaMg0ZG+PB9t1+TCgrBCmOY:OOLH6/6EXxMe+PB9+T/rUz

Score

N/A

Malware Config

Signatures

Files

a9e3d2c978ac684a18c7d0b42b59fd9f068a42583704b4f7454d2cd08109cccb
.exe windows x64

5e10bc97171517479b1b1c426498c9fd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

EventRegister
EventUnregister
RegOpenKeyExW
RegDeleteValueW
RegCloseKey
RegEnumValueW
RegDeleteKeyW
RegQueryValueExW
StopTraceW
EnableTraceEx
StartTraceW
RegQueryInfoKeyW
RegCreateKeyExW

kernel32

CloseHandle
CreateProcessW
LocalFree
LocalAlloc
GetPrivateProfileIntW
SetTermsrvAppInstallMode
CreateThread
lstrlenW
Sleep
GetStartupInfoW
SetUnhandledExceptionFilter
GetModuleHandleW
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
WideCharToMultiByte
DeleteFileW
GetModuleHandleA
GetWindowsDirectoryW
TerminateThread
HeapSetInformation
ExitProcess
GetProcAddress
LoadLibraryW
WaitForMultipleObjects
CompareStringOrdinal
CreateEventW
SetEvent
LoadLibraryA
GetVersionExW
GetQueuedCompletionStatus
CreateIoCompletionPort
SetInformationJobObject
CreateJobObjectW
GetLastError
GetSystemDirectoryW
AssignProcessToJobObject
ResumeThread
GetProcessId

gdi32

SelectObject
CreateCompatibleDC
GetObjectW
BitBlt
DeleteObject
SetBkColor
CreateSolidBrush
CreateFontIndirectW
GetLayout
GetTextExtentPointW
ExtTextOutW

user32

GetDlgItem
GetSysColor
LoadBitmapW
DrawTextW
PostMessageW
ExitWindowsEx
MessageBoxW
GetParent
GetWindowTextW
LoadStringW
EndDialog
ReleaseDC
GetDC
GetWindowRect
SetWindowPos
DialogBoxParamW
GetSystemMetrics
PeekMessageW
PostQuitMessage
DispatchMessageW
SetCursor
LoadCursorW
TranslateMessage
MsgWaitForMultipleObjects
DestroyMenu
GetMenuDefaultItem
CreatePopupMenu
SendMessageW
MessageBeep

msvcrt

memset
_vsnwprintf
__wgetmainargs
__C_specific_handler
_XcptFilter
iswalpha
wcschr
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
_purecall
_initterm
_wcmdln
exit
_cexit
_exit
_amsg_exit
__setusermatherr
_commode
_fmode
__set_app_type
?terminate@@YAXXZ

shlwapi

SHDeleteValueW
ord388
SHGetValueW
ord199
ord176
ord219
ord217
ord174
PathFindFileNameW
SHRegGetValueW
ord437
ord158
ord460
PathQuoteSpacesW

ole32

CoTaskMemFree
CoUninitialize
CoInitialize

ntdll

EtwEventEnabled
EtwEventWrite

comctl32

ord334
ord329
ord328

shell32

SHBindToParent
ord155
SHParseDisplayName
ord165
ord885
ord100
ord723
SHEvaluateSystemCommandTemplate

Sections

.text
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 924B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vmp0
Size: 508KB - Virtual size: 1.8MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5e10bc97171517479b1b1c426498c9fd

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

msvcrt

shlwapi

ole32

ntdll

comctl32

shell32

Sections

.text Size: 48KB - Virtual size: 48KB

.data Size: 1024B - Virtual size: 2KB

.pdata Size: 1024B - Virtual size: 924B

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 512B - Virtual size: 248B

.vmp0 Size: 508KB - Virtual size: 1.8MB

.text
Size: 48KB - Virtual size: 48KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 1024B - Virtual size: 924B

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 512B - Virtual size: 248B

.vmp0
Size: 508KB - Virtual size: 1.8MB