c4c6471f2133f132e40c7340bc83786de54e94460fcef619ea3675f74344d4e1

Sharing

Copy URL

Twitter E-mail

General

Target

c4c6471f2133f132e40c7340bc83786de54e94460fcef619ea3675f74344d4e1
Size

649KB
MD5

6b55886d0ecf234d5d6f6a40d63100f0
SHA1

b168139601536541a389b017074e716e8380affa
SHA256

c4c6471f2133f132e40c7340bc83786de54e94460fcef619ea3675f74344d4e1
SHA512

281cf6822a2658ba409f3df51430694579527b6d3c674bc1f122e989b92937cde069e00edb7dd6f57e55073694c02c55527d76cf67b6ace893d8e3b101a3e3a1
SSDEEP

12288:aBjfJvMWzus/Jm316dC9Pe9LGGWuglKQADQ+N8iEW:ofJvm1Z29hWugn+FVE

Score

N/A

Malware Config

Signatures

Files

c4c6471f2133f132e40c7340bc83786de54e94460fcef619ea3675f74344d4e1
.exe windows x64

a52bc3ed99ad03a1c7f549e9d94fb14c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

_vsnprintf
??1type_info@@UEAA@XZ
iswspace
_wtoi
memset
__CxxFrameHandler3
memcpy
towlower
memmove
isspace
tolower
_purecall
wcsrchr
_vsnwprintf
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
_wcsicmp
wcschr
_wcsnicmp
_wtoi64
_vscwprintf
wcsncmp
?terminate@@YAXXZ
__set_app_type
_fmode
_commode
__setusermatherr
_amsg_exit
_initterm
exit
_cexit
_exit
_XcptFilter
__C_specific_handler
__wgetmainargs
_CxxThrowException

advapi32

DeregisterEventSource
ReportEventW
RegisterEventSourceW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
TraceMessage
EventRegister
EventUnregister
EventWrite
RegSetKeyValueW
RegGetValueW
RegCreateKeyExW
RegCloseKey
RegSetValueExW
RegDeleteKeyW
RegOpenKeyExW
RegDeleteValueW
OpenSCManagerW
GetServiceDisplayNameW
CloseServiceHandle
RegQueryValueExW

kernel32

WaitForSingleObject
CloseHandle
MapViewOfFile
OpenThread
SetEvent
TerminateProcess
ReleaseMutex
CreateProcessW
GetUserDefaultUILanguage
MultiByteToWideChar
GetThreadId
UnmapViewOfFile
GetWindowsDirectoryW
GetLogicalDriveStringsW
QueryDosDeviceW
GetProcAddress
FreeLibrary
GetDriveTypeW
FindFirstFileNameW
FindNextFileNameW
FindClose
CreateToolhelp32Snapshot
GetProcessId
Module32FirstW
Module32NextW
K32EnumProcessModules
K32GetModuleFileNameExW
LoadLibraryW
GlobalMemoryStatus
ReadProcessMemory
OpenEventW
GetVersionExW
IsWow64Process
GetLastError
LoadLibraryExW
DuplicateHandle
GetExitCodeThread
GetModuleHandleExW
FreeLibraryAndExitThread
DebugBreak
SystemTimeToFileTime
GetSystemTime
GetProcessTimes
GetApplicationRestartSettings
GetFileAttributesW
CreateFileW
OpenMutexW
CreateFileMappingW
GetSystemDirectoryW
GetSystemWow64DirectoryW
LocalFree
UnhandledExceptionFilter
GetCurrentProcess
CreateThread
lstrlenW
DeleteFileW
WriteProcessMemory
OutputDebugStringA
CreateEventW
VirtualAllocEx
GetCommandLineW
HeapSetInformation
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
VirtualAlloc
VirtualFreeEx
VirtualFree
CreateMutexW
GetTickCount
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
Sleep
SearchPathW
GetFileSize
ExpandEnvironmentStringsW
WaitForMultipleObjects
SetEnvironmentVariableW

user32

LoadStringW
GetProcessWindowStation
GetThreadDesktop
GetUserObjectInformationW
IsWindow

ntdll

NtSuspendProcess
NtResumeProcess
WinSqmAddToStream
RtlAllocateHeap
RtlFreeHeap
NtQuerySystemInformation
RtlAdjustPrivilege
RtlGetCurrentTransaction
RtlSetCurrentTransaction
RtlDetermineDosPathNameType_U
NtWaitForMultipleObjects
RtlGetUnloadEventTraceEx
RtlImageNtHeaderEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
DbgPrint
RtlInitUnicodeString
NtSetSystemInformation
EtwTraceMessage
NtClose
RtlFreeSid
NtAlpcSendWaitReceivePort
NtAlpcConnectPort
RtlAllocateAndInitializeSid
NtWaitForSingleObject
NtOpenEvent
RtlNtStatusToDosError
EtwEventWriteNoRegistration
NtQueryInformationProcess
NtQueryInformationThread

wer

WerpSetCallBack
WerReportAddDump
WerReportSetParameter
WerpCreateIntegratorReportId
WerpSetIntegratorReportId
WerpFreeString
WerpGetReportFlags
WerpIsTransportAvailable
WerReportSetUIOption
WerpAddSecondaryParameter
WerReportAddFile
WerpSetReportFlags
WerpPromtUser
WerpAddTextToReport
WerReportCloseHandle
WerReportSubmit
WerpAddAppCompatData
WerReportCreate

shell32

SHGetFolderPathW
CommandLineToArgvW
SHCreateDirectoryExW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Sections

.text
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 674B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vmp0
Size: 500KB - Virtual size: 1.8MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a52bc3ed99ad03a1c7f549e9d94fb14c

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

advapi32

kernel32

user32

ntdll

wer

shell32

version

Sections

.text Size: 136KB - Virtual size: 135KB

.data Size: 4KB - Virtual size: 5KB

.pdata Size: 4KB - Virtual size: 3KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 1024B - Virtual size: 674B

.vmp0 Size: 500KB - Virtual size: 1.8MB

.text
Size: 136KB - Virtual size: 135KB

.data
Size: 4KB - Virtual size: 5KB

.pdata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 1024B - Virtual size: 674B

.vmp0
Size: 500KB - Virtual size: 1.8MB