a71f1838e1e478c2cbb9938b25fcc607f8a25c5b336dba162b706d9a16e56e30

Sharing

Copy URL

Twitter E-mail

General

Target

a71f1838e1e478c2cbb9938b25fcc607f8a25c5b336dba162b706d9a16e56e30
Size

221KB
MD5

68b4a67b7476c552ae7c9a83d013c14b
SHA1

ad964d54353de31f24cc9c6d41c3207f38473f2d
SHA256

a71f1838e1e478c2cbb9938b25fcc607f8a25c5b336dba162b706d9a16e56e30
SHA512

4c270f9af8c60538321d48dc46a85b0018124a8157f7dd75205ef694852750073c46370209d758f2a435ea429f7e49fd2c8d0dfdd8ff1839281f55e02486839a
SSDEEP

3072:c4QgNOd3z44KwEJrokFyF5Zat/VqlLAKQl3Ugvz4p1OkrJr+TcH4oElpnzZ9oi:cOc1wrokFyEN0Lu+gv8dlX4oElRN

Score

N/A

Malware Config

Signatures

Files

a71f1838e1e478c2cbb9938b25fcc607f8a25c5b336dba162b706d9a16e56e30
.exe windows x86

d424b51b322beca9c4207d7e270756b9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

advapi32

RegCloseKey
RegEnumKeyExW
RegCreateKeyExW
RegOpenKeyExW
SetThreadToken
RegSetValueExW
RegEnumValueW
RegQueryValueExW
RegNotifyChangeKeyValue
SetServiceStatus
StartServiceCtrlDispatcherW
DuplicateToken
GetUserNameA
RegDeleteValueW
RegisterServiceCtrlHandlerW
CryptGetHashParam
CryptDestroyHash
CryptCreateHash
CryptHashData
ConvertStringSecurityDescriptorToSecurityDescriptorW
LookupAccountNameW
FreeSid
AllocateAndInitializeSid
CheckTokenMembership
OpenThreadToken
RegDeleteKeyW
SetFileSecurityW
CryptAcquireContextW
CryptReleaseContext

kernel32

CloseHandle
SetEvent
GetLastError
GetModuleFileNameW
lstrlenW
GetDriveTypeW
GetLogicalDrives
lstrcmpW
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
ExitProcess
Sleep
InitializeCriticalSection
GetCommandLineW
GetTickCount
ReleaseMutex
ResetEvent
WaitForMultipleObjectsEx
SetErrorMode
CreateEventW
CreateMutexW
CreateProcessW
MoveFileExW
GetSystemInfo
CreateFileA
ReadFile
SetFilePointer
DosDateTimeToFileTime
MultiByteToWideChar
FreeLibrary
GetProcAddress
LoadLibraryW
WideCharToMultiByte
CreateFileW
WaitForSingleObject
CreateSemaphoreW
ReleaseSemaphore
WaitForMultipleObjects
CreateThread
VirtualFree
VirtualAlloc
SetFilePointerEx
GlobalFree
GlobalAlloc
GetSystemTimeAsFileTime
ExpandEnvironmentStringsW
CompareStringW
SystemTimeToFileTime
GetSystemTime
SetFileTime
SetEndOfFile
WriteFile
LocalFree
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
FindClose
FindFirstFileW
GetFileSizeEx
GetFileAttributesW
GetTempPathW
CreateDirectoryW
GetCurrentThread
GetFileTime
FindNextFileW
GetStdHandle
GetFileAttributesExW
CopyFileW
CreateHardLinkW
SetFileAttributesW
DeleteFileW
GetTempPathA
RemoveDirectoryW
FormatMessageA
lstrlenA
GetComputerNameW
GetCommandLineA
GetStartupInfoA
SetUnhandledExceptionFilter
GetModuleHandleW
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
HeapFree
QueryPerformanceCounter
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
RaiseException
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
LoadLibraryA
InitializeCriticalSectionAndSpinCount
HeapReAlloc
RtlUnwind
GetLocaleInfoA
HeapSize
LCMapStringA
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
GetProcessHeap

rpcrt4

RpcServerRegisterIfEx
RpcServerUseProtseqEpW
RpcServerUnregisterIf
RpcRevertToSelf
RpcImpersonateClient
NdrServerCall2

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

winhttp

WinHttpSetOption
WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpReceiveResponse
WinHttpConnect
WinHttpCloseHandle
WinHttpOpen
WinHttpCreateUrl
WinHttpCrackUrl
WinHttpQueryHeaders
WinHttpReadData
WinHttpOpenRequest
WinHttpSendRequest

wintrust

WinVerifyTrust

userenv

LoadUserProfileA
UnloadUserProfile

Sections

.text
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 81KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d424b51b322beca9c4207d7e270756b9

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

rpcrt4

version

winhttp

wintrust

userenv

Sections

.text Size: 127KB - Virtual size: 127KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 81KB - Virtual size: 84KB

.text
Size: 127KB - Virtual size: 127KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 81KB - Virtual size: 84KB