2b2437dd72821ba8748b6cc4c6ac63150bf8736188c309aaef58e64ff2f10adb

Sharing

Copy URL

Twitter E-mail

General

Target

2b2437dd72821ba8748b6cc4c6ac63150bf8736188c309aaef58e64ff2f10adb
Size

40KB
MD5

4f57774869dc2640edade919fff88800
SHA1

2b84c9514956878a018168c79a5d323ba33ffc9c
SHA256

2b2437dd72821ba8748b6cc4c6ac63150bf8736188c309aaef58e64ff2f10adb
SHA512

8e446b1a155bb963a4a991713992c57756b008ca2b3e311ce3c7ed8d30d462c0b0b1e89ce5d3e0529db11b99b774b64ea402230c03e29833e55f5959c81d403c
SSDEEP

768:8MyaD/Z9wuQDBHrK0vOHb4CFhsQo4Dr5CqQfp6XlTtP4C7bprm:8o1QDBG02cqD7EqWIdr

Score

N/A

Malware Config

Signatures

Files

2b2437dd72821ba8748b6cc4c6ac63150bf8736188c309aaef58e64ff2f10adb
.exe windows x86

d8a73106fe3b40ff2a6b6f7538f72355

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CredUnprotectW
CredIsProtectedW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
CheckTokenMembership

kernel32

HeapAlloc
GetProcessHeap
HeapFree
LocalFree
GetLastError
LocalAlloc
FreeLibrary
GetProcAddress
LoadLibraryW
ExpandEnvironmentStringsW
SetEvent
CloseHandle
WaitForSingleObject
CreateEventW
HeapSetInformation
DelayLoadFailureHook
InterlockedCompareExchange
LoadLibraryExA
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
GetStartupInfoA
Sleep
InterlockedExchange
UnhandledExceptionFilter

msvcrt

_controlfp
__p__commode
?terminate@@YAXXZ
_except_handler4_common
__set_app_type
__setusermatherr
_vsnwprintf
memcpy
_amsg_exit
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
memset
__p__fmode

rpcrt4

UuidFromStringW
NdrServerCall2
RpcServerUseProtseqW
RpcServerRegisterIfEx
RpcServerInqBindings
RpcEpRegisterW
RpcServerListen
RpcEpUnregister
RpcBindingVectorFree
RpcServerUnregisterIf
RpcBindingInqAuthClientW
RpcRevertToSelf
RpcImpersonateClient
I_RpcBindingIsClientLocal

ntdll

RtlNtStatusToDosError

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 916B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d8a73106fe3b40ff2a6b6f7538f72355

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

rpcrt4

ntdll

Sections

.text Size: 9KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 916B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 28KB - Virtual size: 29KB

.text
Size: 9KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 916B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 28KB - Virtual size: 29KB