d1f03a76a479536abf0f519c96212ce81063d03f01c475364aefbbf75427fc9e

Sharing

Copy URL Twitter E-mail

General

Target

d1f03a76a479536abf0f519c96212ce81063d03f01c475364aefbbf75427fc9e
Size

1.4MB
MD5

78b5256d935f70360598a87ab58ed3c0
SHA1

4c81ff4e17a8154db41d3b9bfd019016bc07426a
SHA256

d1f03a76a479536abf0f519c96212ce81063d03f01c475364aefbbf75427fc9e
SHA512

b87b5238c63b83ea959c85a196ff8ee4990ffa2eb32b2ff9368a6ca0b3aa17da425c17b2d8074adf0b827552c2f583102dfc2e695e1322f77ca508208b1c0cdc
SSDEEP

24576:SV06i0BB0mr5r6atjDDE6V061wMNr0fdfTiphy8rptl9A86k:SV06i0BxftjDjVrqMNkdGphy8vTA

Score

N/A

Malware Config

Signatures

Files

d1f03a76a479536abf0f519c96212ce81063d03f01c475364aefbbf75427fc9e
.exe windows x64

a9da1a8a93aac927aeef427179e581b9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

LocalAlloc
HeapAlloc
MoveFileExW
HeapFree
GetProcessHeap
GetVolumePathNameW
GetFileAttributesExW
ReleaseMutex
GetVolumeNameForVolumeMountPointW
DeleteFileW
CreateMutexW
GetSystemWindowsDirectoryW
GetSystemTimeAsFileTime
HeapSetInformation
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
FreeLibrary
GetModuleHandleExW
WriteFile
GetModuleFileNameW
CreateFileW
GetLastError
SetLastError
GetProcAddress
OutputDebugStringA
CloseHandle
DebugBreak
WaitForSingleObject
HeapReAlloc
FindFirstFileW
GetSystemDirectoryW
GetSystemWow64DirectoryW
GetFileAttributesW
MultiByteToWideChar
FindClose
FindNextFileW
RaiseException
MapViewOfFile
UnmapViewOfFile
VirtualQuery
GetFileSizeEx
CreateFileMappingW
GetFileInformationByHandle
WideCharToMultiByte
LocalFree
LoadLibraryExW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetSystemInfo
LoadLibraryExA
VirtualProtect

msvcrt

memcpy_s
strncpy_s
_wcsnicmp
free
_strdup
bsearch_s
_stricmp
wcstoul
_wcsrev
swprintf_s
iswalpha
wcschr
_vsnprintf
_vsnwprintf
memset
wcsrchr
strnlen
strchr
memmove
sprintf_s
wcsncmp
??1type_info@@UEAA@XZ
_callnewh
malloc
swscanf_s
wcstombs_s
_ui64toa_s
strrchr
_wcslwr
towlower
qsort_s
__CxxFrameHandler3
memcpy
?terminate@@YAXXZ
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_wfullpath
_wcsicmp
printf
vprintf
_strrev

ntdll

EtwEventRegister
RtlGUIDFromString
RtlNtStatusToDosError
RtlCharToInteger
RtlGetNativeSystemInformation
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
EtwTraceMessage
ZwQueryValueKey
RtlInitUnicodeStringEx
ZwOpenKey
RtlInitUnicodeString
EtwEventWrite
RtlInitializeCriticalSection
RtlLeaveCriticalSection
RtlDeleteCriticalSection
EtwEventUnregister
RtlAllocateHeap
ZwClose
RtlReAllocateHeap
RtlFreeHeap
RtlEnterCriticalSection
EtwEventWriteNoRegistration
RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

ole32

CoInitializeEx
CoUninitialize
CoCreateGuid
CoCreateInstance

oleaut32

VariantInit
SysFreeString
SysAllocString
SysStringLen
VariantClear

advapi32

EventRegister
EventUnregister
EventWriteTransfer
RegLoadAppKeyW
RegDeleteValueW
RegEnumKeyExW
RegCloseKey
RegGetValueW
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW

shlwapi

PathRemoveBackslashW
PathStripPathW
PathFindExtensionA
PathFindExtensionW

mscoree

CLRCreateInstance

Exports

Exports

CreateDCW
DeleteDC
GetFirmwareType
RtlCheckPortableOperatingSystem

Sections

.text
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 252KB - Virtual size: 476KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a9da1a8a93aac927aeef427179e581b9

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

ntdll

ole32

oleaut32

advapi32

shlwapi

mscoree

Exports

Exports

Sections

.text Size: 109KB - Virtual size: 109KB

.rdata Size: 1.0MB - Virtual size: 1.0MB

.data Size: 1KB - Virtual size: 4KB

.pdata Size: 3KB - Virtual size: 2KB

.didat Size: 512B - Virtual size: 32B

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 252KB - Virtual size: 476KB

.text
Size: 109KB - Virtual size: 109KB

.rdata
Size: 1.0MB - Virtual size: 1.0MB

.data
Size: 1KB - Virtual size: 4KB

.pdata
Size: 3KB - Virtual size: 2KB

.didat
Size: 512B - Virtual size: 32B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 252KB - Virtual size: 476KB