883cc1b6de2f9650c205c6622aba80a59e336634b53ae72e170eb51d51741153

Sharing

Copy URL Twitter E-mail

General

Target

883cc1b6de2f9650c205c6622aba80a59e336634b53ae72e170eb51d51741153
Size

50KB
MD5

63ec587fa25a58275a9289be55d259a3
SHA1

b760fef9e760a9130dd734e2f85722dce5c45435
SHA256

883cc1b6de2f9650c205c6622aba80a59e336634b53ae72e170eb51d51741153
SHA512

83a77453e28486fc44347c2aaf78dc251842045dee8966de9785ea810536f9361af883387f08bf2429a9ea2de9ac2f9c9cb3222746d3cbce9dcebbc78eb3e0f3
SSDEEP

1536:XTAWDqNlT+dDggIxyMmLK2Fwvv2agTmXyx+VQLU17VeU:DA1NlTCh2yMme2CG1mI+VQLU17VeU

Score

N/A

Malware Config

Signatures

Files

883cc1b6de2f9650c205c6622aba80a59e336634b53ae72e170eb51d51741153
.exe windows x86

7d12646b6b97b9b3ee68fde699a84166

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

RpcStringBindingParseW
NdrOleAllocate
RpcRevertToSelf
RpcServerInqBindings
RpcStringFreeA
RpcBindingSetAuthInfoExW
RpcBindingFree
CStdStubBuffer_CountRefs
CStdStubBuffer_AddRef
RpcEpResolveBinding
RpcStringBindingComposeW
IUnknown_Release_Proxy
NdrDllGetClassObject
RpcServerUseProtseqEpW
NdrServerCall2
CStdStubBuffer_DebugServerQueryInterface
RpcImpersonateClient
IUnknown_QueryInterface_Proxy

gdi32

GetColorSpace

shell32

SHFileOperationW
SHBrowseForFolderA
DragQueryFileA
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
SHGetPathFromIDListA
SHChangeNotify
ShellExecuteExW
ShellExecuteA
SHBindToParent
SHGetFolderPathW
SHGetMalloc
SHGetSpecialFolderPathW
CommandLineToArgvW
DragQueryFileW
SHGetDesktopFolder
ShellExecuteW
SHGetSpecialFolderLocation

shlwapi

PathFindFileNameW
PathRemoveBlanksW
PathSkipRootW
StrStrIA
StrCmpIW
StrCpyNW
StrCmpNIA
StrCpyW
StrToIntExW
StrCatBuffW
PathRemoveFileSpecA
StrCatW
wnsprintfA
UrlUnescapeW
StrCmpNW
StrChrIW
SHDeleteKeyW
SHRegGetBoolUSValueW
PathAddBackslashW
UrlCanonicalizeW
PathRemoveExtensionW
PathRemoveBackslashW
SHDeleteValueA
PathCreateFromUrlW
PathFindExtensionW
PathFileExistsW
PathIsURLW
SHDeleteValueW
PathAppendW

msvcrt

_access
_rotr
rand
__p__osver
__p__iob
srand

ntdll

RtlCreateAcl
NtQueryValueKey
RtlFreeHeap
RtlCopySid
RtlSetEnvironmentVariable
RtlUpcaseUnicodeStringToOemString
RtlCreateTimer
NtAllocateVirtualMemory
RtlCopyLuid
wcsncpy
RtlSubAuthorityCountSid
RtlRegisterWait
NtTerminateThread
NtDelayExecution
NtReadFile
NtAllocateLocallyUniqueId
RtlFreeAnsiString
qsort
DbgPrint
NtRequestWaitReplyPort
RtlReAllocateHeap
_chkstk
NtOpenProcessToken
RtlNtStatusToDosError
NtWaitForSingleObject
wcsstr
_strnicmp
RtlWriteRegistryValue
RtlUnwind
_wcsicmp
RtlUnicodeStringToAnsiString
RtlSetOwnerSecurityDescriptor
NtQueryInformationFile
NtAdjustPrivilegesToken
RtlFreeUnicodeString
RtlAdjustPrivilege
RtlQueryInformationAcl
RtlAcquireResourceShared
RtlDestroyHeap
NtSetValueKey
RtlGetVersion
RtlxUnicodeStringToAnsiSize
RtlValidSid
RtlPrefixUnicodeString
NtOpenThread
NtQueryDirectoryFile
wcscat
RtlAllocateHeap
RtlGetOwnerSecurityDescriptor
NtOpenProcess
RtlCreateSecurityDescriptor
RtlIntegerToUnicodeString
RtlCreateEnvironment
_vsnprintf
RtlRaiseStatus
RtlEqualUnicodeString
RtlQueryEnvironmentVariable_U
RtlUpcaseUnicodeString
RtlOpenCurrentUser
RtlGUIDFromString
wcsncmp
RtlInitializeCriticalSectionAndSpinCount
RtlImageNtHeader
RtlLookupElementGenericTable
NtCancelIoFile
NtOpenSymbolicLinkObject
strrchr
RtlSizeHeap

version

VerQueryValueA
GetFileVersionInfoW
GetFileVersionInfoSizeA
VerFindFileW
GetFileVersionInfoA
GetFileVersionInfoSizeW
VerLanguageNameA
VerQueryValueW

advapi32

RegOpenKeyW
SetServiceStatus
CryptDestroyKey
MakeSelfRelativeSD
GetTraceEnableLevel
LockServiceDatabase
RegSetValueExW
OpenProcessToken
ConvertSidToStringSidW
InitializeSecurityDescriptor
RegQueryInfoKeyW
RegOpenKeyA
ConvertStringSidToSidW
RegEnumKeyW
CryptGenRandom
SetSecurityDescriptorDacl
UnregisterTraceGuids
RegEnumKeyA
SetEntriesInAclW
RegConnectRegistryW
RegEnumKeyExW
LsaFreeMemory
GetSidSubAuthorityCount
RegQueryValueA
ImpersonateLoggedOnUser
AllocateAndInitializeSid
DeleteService
RegDeleteKeyW
FreeSid
GetSecurityDescriptorOwner
AdjustTokenPrivileges
ConvertStringSecurityDescriptorToSecurityDescriptorW

user32

EnumChildWindows
InvalidateRect
IsZoomed
GetWindowPlacement
GetSystemMetrics
GetForegroundWindow
GetMessageA
IsMenu
IsChild
GetDC
GetClassNameA
OffsetRect
CreateWindowExW
SystemParametersInfoA
CharNextW
LoadStringW
DialogBoxParamW
CharUpperA
GetFocus
MapWindowPoints
wsprintfA
ClientToScreen
KillTimer
GetDlgItem
GetActiveWindow
RegisterClipboardFormatW
CreateDialogParamW

kernel32

OpenEventW
GetModuleHandleW
GetStringTypeA
SetLastError
GetModuleFileNameW
GetCommandLineA
InterlockedExchange
GetComputerNameW
GetProcAddress
lstrcmpA
HeapCreate
FormatMessageA
TlsGetValue
WaitForMultipleObjects
GetSystemDirectoryA
GetCurrentProcess
ExitProcess
TlsFree
GlobalAlloc
SetErrorMode
lstrlenW
GetCommandLineW
IsDebuggerPresent
SetUnhandledExceptionFilter
GetStartupInfoA
WaitForSingleObject
lstrcmpW
GetConsoleMode
CompareStringW
SetFileAttributesA
GetModuleHandleA
OpenMutexA
SetFilePointer
GetTickCount
FindClose
LocalAlloc
GetExitCodeProcess
GetUserDefaultLCID
lstrcpynA
CompareStringA
LCMapStringA
FileTimeToLocalFileTime
HeapReAlloc
IsBadReadPtr
GetFileAttributesA
MulDiv
CreateThread
CreateProcessA
InitializeCriticalSectionAndSpinCount
UnhandledExceptionFilter
MultiByteToWideChar
GetCurrentThread
HeapDestroy
CreateFileMappingA
ReleaseSemaphore
GetModuleFileNameA
CreateMutexW
LoadLibraryExA
HeapAlloc
CreateFileW
GetProcessHeap
VirtualAlloc

Sections

.code
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEKD
Size: 1024B - Virtual size: 996B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RT_CODE
Size: 1KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7d12646b6b97b9b3ee68fde699a84166

Headers

File Characteristics

Imports

rpcrt4

gdi32

shell32

shlwapi

msvcrt

ntdll

version

advapi32

user32

kernel32

Sections

.code Size: 53KB - Virtual size: 53KB

PAGEKD Size: 1024B - Virtual size: 996B

RT_CODE Size: 1KB - Virtual size: 47KB

.rsrc Size: 4KB - Virtual size: 4KB

.code
Size: 53KB - Virtual size: 53KB

PAGEKD
Size: 1024B - Virtual size: 996B

RT_CODE
Size: 1KB - Virtual size: 47KB

.rsrc
Size: 4KB - Virtual size: 4KB