3d7afbb0c624518525fbd73f15e7d73926ab2e00a700f141310b9ee3d113c5ed

Sharing

Copy URL Twitter E-mail

General

Target

3d7afbb0c624518525fbd73f15e7d73926ab2e00a700f141310b9ee3d113c5ed
Size

266KB
MD5

62065cfec7f01b579d6c15b948d96f40
SHA1

6bc12469b01d33dee773cba6adfbd15c2780de46
SHA256

3d7afbb0c624518525fbd73f15e7d73926ab2e00a700f141310b9ee3d113c5ed
SHA512

8aa6fe50b5fdef0db12e04c6e69030873269dccb4cca5175d0eaf30952267692797b35f3f7aecd90f2c082ab419b769748eaead51512c8807ae0985c36052a7b
SSDEEP

6144:3TGCpwIx6X2Le5tnfTfcicrMK3XWcYAxj9HUEHwzWPPl:KCpwIxrC5FfLcYA70KLl

Score

N/A

Malware Config

Signatures

Files

3d7afbb0c624518525fbd73f15e7d73926ab2e00a700f141310b9ee3d113c5ed
.exe windows x86

c04a3365f5fe9abf95aaeba851162d60

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedCompareExchange
OpenProcess
GetModuleFileNameW
GetCurrentThread
LocalFree
FormatMessageW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
ResumeThread
VirtualQuery
Sleep
VirtualAlloc
GetCurrentThreadId
FlushInstructionCache
SetThreadContext
GetThreadContext
SuspendThread
SetFilePointer
LoadLibraryA
WaitForMultipleObjects
CreateEventW
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
DeviceIoControl
GetVersionExW
GetCurrentProcessId
GetCurrentProcess
GetModuleHandleW
LoadLibraryW
GetProcAddress
FreeLibrary
SetLastError
SetUnhandledExceptionFilter
GetCommandLineW
CreateFileW
GetFileSize
ReadFile
WriteFile
DeleteFileW
WritePrivateProfileSectionW
MoveFileW
GetPrivateProfileStringW
FindFirstFileW
WritePrivateProfileStringW
CopyFileW
FindNextFileW
FindClose
SetCurrentDirectoryW
lstrlenA
OutputDebugStringW
DebugBreak
InterlockedIncrement
OpenEventW
SetEvent
CloseHandle
ExitProcess
GetLastError
lstrlenW
InterlockedDecrement
VirtualProtect
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
InitializeCriticalSectionAndSpinCount
HeapSize
LCMapStringW
WideCharToMultiByte
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetTickCount
QueryPerformanceCounter
VirtualFree
RaiseException
CreateFileA
SystemTimeToFileTime
GetSystemTimeAsFileTime
LocalFileTimeToFileTime
SetFilePointerEx
GetFileSizeEx
MultiByteToWideChar
GetSystemTime
GetEnvironmentVariableW
CreateMutexW
TlsGetValue
HeapAlloc
SetEnvironmentVariableW
HeapFree
WaitForSingleObject
GetProcessHeap
TlsSetValue
OpenThread
ReleaseMutex
TlsAlloc
TlsFree
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
HeapReAlloc
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate

user32

LoadStringW
CharNextW
CharUpperW
wvsprintfW

advapi32

RegQueryValueA
RegSetValueA
RegSetValueW
RegQueryValueW
RegOpenKeyW
RegOpenKeyA
RegCreateKeyW
RegCreateKeyA
RegFlushKey
RegCloseKey
RegSetValueExW
RegSetValueExA
RegQueryValueExW
RegQueryValueExA
RegQueryInfoKeyW
RegQueryInfoKeyA
RegOpenKeyExW
RegOpenKeyExA
RegEnumValueW
RegEnumValueA
RegEnumKeyExW
RegEnumKeyExA
RegEnumKeyW
RegEnumKeyA
RegDeleteValueW
RegDeleteValueA
RegDeleteKeyW
RegDeleteKeyA
RegCreateKeyExW
RegCreateKeyExA
OpenSCManagerW
OpenServiceW
CloseServiceHandle
QueryServiceStatus
ControlService
DeleteService

shell32

CommandLineToArgvW

ole32

CoCreateInstance
CoUninitialize
CoInitialize
CoTaskMemFree
CLSIDFromString
CoTaskMemAlloc

shlwapi

SHGetValueW
PathFileExistsW
PathAppendW
PathCombineW
PathRemoveFileSpecW
PathAddBackslashW
StrCmpIW
StrRChrW
SHDeleteKeyW

psapi

GetModuleFileNameExW

setupapi

SetupCopyOEMInfW

Sections

.text
Size: 121KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 10KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 97KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c04a3365f5fe9abf95aaeba851162d60

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

shlwapi

psapi

setupapi

Sections

.text Size: 121KB - Virtual size: 120KB

.rdata Size: 31KB - Virtual size: 30KB

.data Size: 10KB - Virtual size: 22KB

.rsrc Size: 97KB - Virtual size: 100KB

.text
Size: 121KB - Virtual size: 120KB

.rdata
Size: 31KB - Virtual size: 30KB

.data
Size: 10KB - Virtual size: 22KB

.rsrc
Size: 97KB - Virtual size: 100KB