d89719e1a3fbea2b45a79a5db7f34a3ea934fa63fd5127b60df12d55cafdc34d

Sharing

Copy URL Twitter E-mail

General

Target

d89719e1a3fbea2b45a79a5db7f34a3ea934fa63fd5127b60df12d55cafdc34d
Size

966KB
MD5

6ac266b0cebe5278c3a22ad394f56fe0
SHA1

80480a931b0e2a4cc72cb3b9a8e39fcb10dcb6ed
SHA256

d89719e1a3fbea2b45a79a5db7f34a3ea934fa63fd5127b60df12d55cafdc34d
SHA512

0d4590398e47abc2df9c8b94cb7f025bbfdd192cd21dbad0ee28995b4504ee7e301c4e9a384ff07f2c80202dea971c60915346d4d8b180f66a2d27ddd61510db
SSDEEP

24576:sB7UZWysCkMnT3RCRNdiZf0GV33UTdljkx:sGXFDT3cNgZfDVHHx

Score

N/A

Malware Config

Signatures

Files

d89719e1a3fbea2b45a79a5db7f34a3ea934fa63fd5127b60df12d55cafdc34d
.exe windows x86

ee9feaa41fb6dbb33a96083b0e31d559

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathRemoveFileSpecW

kernel32

GetExitCodeProcess
WaitForSingleObject
DuplicateHandle
GetCurrentProcess
InterlockedCompareExchange
SizeofResource
LockResource
LoadResource
FindResourceW
VirtualFree
SetFilePointer
ReadFile
GetSystemInfo
FreeLibrary
VirtualAlloc
CreateFileW
SetEnvironmentVariableW
GetEnvironmentVariableW
CreateEventW
ExpandEnvironmentStringsW
ReleaseMutex
GetLastError
SetLastError
CreateProcessW
CreateMutexW
WriteFile
FormatMessageA
GetModuleHandleA
LocalFree
GetUserDefaultLangID
QueryPerformanceCounter
GetSystemTimeAsFileTime
QueryPerformanceFrequency
SystemTimeToFileTime
TzSpecificLocalTimeToSystemTime
GetFileAttributesW
CreateDirectoryW
GetTempPathW
GetLongPathNameW
GetCurrentDirectoryW
QueryDosDeviceW
MapViewOfFile
CreateFileMappingW
GetProcessTimes
LocalAlloc
OpenProcess
GetProcessId
GetNativeSystemInfo
GetVersionExW
SetInformationJobObject
ResumeThread
AssignProcessToJobObject
GetStdHandle
SetHandleInformation
GetLocaleInfoW
GetUserDefaultUILanguage
GetSystemDirectoryW
GetWindowsDirectoryW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
lstrlenW
IsDebuggerPresent
RaiseException
Sleep
CreateThread
InterlockedExchange
HeapSetInformation
SetEndOfFile
FlushFileBuffers
TerminateProcess
GetModuleHandleExW
SetUnhandledExceptionFilter
UnregisterWaitEx
RegisterWaitForSingleObject
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
InterlockedIncrement
GetQueuedCompletionStatus
CreateIoCompletionPort
PostQueuedCompletionStatus
ResetEvent
WaitForMultipleObjects
CreateRemoteThread
VirtualFreeEx
VirtualAllocEx
VirtualProtect
FormatMessageW
VirtualQueryEx
WriteProcessMemory
VirtualProtectEx
TerminateJobObject
InitializeCriticalSection
SignalObjectAndWait
GetProcessHandleCount
GetThreadContext
GetFileType
InterlockedDecrement
CreateJobObjectW
CreateNamedPipeW
ProcessIdToSessionId
SearchPathW
DebugBreak
ReadProcessMemory
SuspendThread
GetComputerNameExW
WideCharToMultiByte
GetStringTypeW
MultiByteToWideChar
EncodePointer
DecodePointer
UnhandledExceptionFilter
HeapFree
ExitProcess
GetStartupInfoW
GetConsoleCP
GetConsoleMode
GetFullPathNameW
HeapAlloc
GetProcessHeap
HeapReAlloc
SetStdHandle
RtlUnwind
LCMapStringW
GetCPInfo
IsProcessorFeaturePresent
HeapCreate
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
HeapSize
GetTimeZoneInformation
WriteConsoleW
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
CompareStringW
GetDriveTypeW
GetModuleHandleW
OutputDebugStringA
CloseHandle
LoadLibraryA
ReleaseSemaphore
RtlCaptureContext
CreateSemaphoreW
WaitNamedPipeW
TransactNamedPipe
SetNamedPipeHandleState
SetCurrentDirectoryW
LoadLibraryExW
GetModuleFileNameW
GetEnvironmentVariableA
GetCommandLineW
SetEnvironmentVariableA
LoadLibraryW
GetProcAddress
GetTickCount
GetCurrentProcessId
InterlockedExchangeAdd
GetCurrentThreadId
SetEvent

advapi32

CreateWellKnownSid
CopySid
ConvertStringSidToSidW
GetLengthSid
SetTokenInformation
RevertToSelf
RegDisablePredefinedCache
CreateProcessAsUserW
RegSetValueExA
ConvertSidToStringSidW
OpenProcessToken
GetTokenInformation
RegCreateKeyExW
RegOpenKeyExW
RegCloseKey
LookupPrivilegeValueW
EqualSid
DuplicateToken
DuplicateTokenEx
CreateRestrictedToken
GetUserNameW
SetEntriesInAclW
GetSecurityInfo
SetThreadToken
RegQueryValueExW
RegSetValueExW

user32

IsWindow
SendMessageTimeoutW
AllowSetForegroundWindow
GetWindowThreadProcessId
CharUpperW
FindWindowExW
wsprintfW
CloseWindowStation
CloseDesktop
CreateWindowStationW
GetProcessWindowStation
CreateDesktopW
SetProcessWindowStation
GetThreadDesktop
GetUserObjectInformationW
MessageBoxW
GetAsyncKeyState

userenv

GetProfileType

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

winmm

timeGetTime

Exports

Exports

ClearCrashKeyValueImpl
CrashForException
DumpProcess
DumpProcessWithoutCrash
InjectDumpForHangDebugging
InjectDumpProcessWithoutCrash
SetCrashKeyValueImpl

Sections

.text
Size: 451KB - Virtual size: 450KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 181KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 108KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ee9feaa41fb6dbb33a96083b0e31d559

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

advapi32

user32

userenv

wtsapi32

version

winmm

Exports

Exports

Sections

.text Size: 451KB - Virtual size: 450KB

.rdata Size: 181KB - Virtual size: 181KB

.data Size: 7KB - Virtual size: 21KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 180KB - Virtual size: 180KB

.reloc Size: 35KB - Virtual size: 35KB

.text Size: 108KB - Virtual size: 112KB

.text
Size: 451KB - Virtual size: 450KB

.rdata
Size: 181KB - Virtual size: 181KB

.data
Size: 7KB - Virtual size: 21KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 180KB - Virtual size: 180KB

.reloc
Size: 35KB - Virtual size: 35KB

.text
Size: 108KB - Virtual size: 112KB