8c80334903deff111361e36cb64b7de5fe8aba9c61446c2907ca8f8777292960

Sharing

Copy URL

Twitter E-mail

General

Target

8c80334903deff111361e36cb64b7de5fe8aba9c61446c2907ca8f8777292960
Size

148KB
MD5

6dc4e50b866f3e4ef339e6ae9a201c30
SHA1

5d4f185286b91b6fd762db8e51b92b5269e1f532
SHA256

8c80334903deff111361e36cb64b7de5fe8aba9c61446c2907ca8f8777292960
SHA512

0cf7af493a936b704025e4f1da469ff59bf3a2baf387ac8d52e93ff6b6c287d80ceb69b76aa9837b44c9355f2098b1c7666eca2a4b6f2076844e128be06c3f84
SSDEEP

3072:dtKAOcyjj6b9KZDFN4KBC5CH+xF7vCww95YeoLoSqtIzp:dRbQr3BC564ubYe5t

Score

N/A

Malware Config

Signatures

Files

8c80334903deff111361e36cb64b7de5fe8aba9c61446c2907ca8f8777292960
.exe windows x86

d53fa6bcc0552c31ff05ad1e4e1fd537

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

atl

ord32
ord16
ord58
ord30
ord18
ord17
ord20
ord21
ord23
ord22

imagehlp

SymGetModuleBase
SymInitialize
SymSetOptions
SymFunctionTableAccess
SymGetModuleInfo
SymGetSymFromAddr
StackWalk
SymCleanup
SymUnDName

sqlunirl

_GetUnicodeRedirectionLayer@0
_LoadString@16
_GetVersionEx@4
_FormatMessage@28
_GetProcAddress_@8

kernel32

FlushFileBuffers
ReadProcessMemory
WriteFile
Sleep
CloseHandle
SetErrorMode
GetProcessHeap
GetCurrentProcess
GetEnvironmentVariableA
HeapFree
lstrlenA
GetModuleFileNameA
QueryPerformanceFrequency
GlobalMemoryStatus
GetVersionExA
GetSystemInfo
FreeLibrary
GetModuleHandleA
LoadLibraryA
lstrcatA
FormatMessageA
HeapAlloc
GetLastError
GetSystemDefaultLCID
lstrcpyA
ExpandEnvironmentStringsA
WideCharToMultiByte
ResetEvent
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
SetEvent
InterlockedIncrement
InterlockedDecrement
GetStdHandle
WaitForSingleObject
WaitForMultipleObjects
SetConsoleScreenBufferSize
GetConsoleScreenBufferInfo
SetConsoleCtrlHandler
AllocConsole
GetCurrentThreadId
CreateEventA
GetSystemDefaultLangID
CreateFileA
SetFilePointer
GetCommandLineA

user32

MessageBoxA
wsprintfA

advapi32

DeregisterEventSource
ReportEventA
RegisterEventSourceA
CopySid
RegCloseKey
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
GetLengthSid
OpenProcessToken
GetSecurityDescriptorLength
SetSecurityDescriptorDacl
GetTokenInformation
SetSecurityDescriptorGroup
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
MakeSelfRelativeSD

ole32

CoInitializeEx
CoInitializeSecurity
CoUninitialize
CoCreateInstance

oleaut32

LoadRegTypeLi
SysStringLen
SysFreeString

msvcrt

_stricmp
wcscpy
localtime
time
strchr
_iob
asctime
printf
fclose
freopen
_XcptFilter
_exit
_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
malloc
??3@YAXPAX@Z
wprintf
_except_handler3
sprintf
_strnicmp
_purecall
__p___initenv
exit
wcsncat
wcslen
wcsncpy
wcschr
??2@YAPAXI@Z
free

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

HI�
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d53fa6bcc0552c31ff05ad1e4e1fd537

Headers

File Characteristics

Imports

atl

imagehlp

sqlunirl

kernel32

user32

advapi32

ole32

oleaut32

msvcrt

Sections

.text Size: 28KB - Virtual size: 25KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 8KB - Virtual size: 7KB

HI� Size: 92KB - Virtual size: 92KB

.text
Size: 28KB - Virtual size: 25KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 8KB - Virtual size: 7KB

HI�
Size: 92KB - Virtual size: 92KB