308333973004cbae310601bfd1a20a37962435518d40e2ff1e4d0fd251172af0

Sharing

Copy URL Twitter E-mail

General

Target

308333973004cbae310601bfd1a20a37962435518d40e2ff1e4d0fd251172af0
Size

118KB
MD5

40ff6f323719108fa9bbc045d5cce795
SHA1

832d38c0d077055faff0381888b0cafccb4cb0e9
SHA256

308333973004cbae310601bfd1a20a37962435518d40e2ff1e4d0fd251172af0
SHA512

0ee48a4e2665b38f667c98391aa57d44335bb6f5a3a1a5cb93ea16e2c7e533cc9d64edccbab4771795ee8abfaadc2a3cc083f06dfb263786791919db39f91141
SSDEEP

1536:LfP2dUyDqpooTVFj+Iv4SxC+76nuILgXvRAYDb6:LXgWpLVl+IvvC+7yBAvRAYDb6

Score

N/A

Malware Config

Signatures

Files

308333973004cbae310601bfd1a20a37962435518d40e2ff1e4d0fd251172af0
.exe windows x86

368a8f153886837ef5f02a9fcbe89508

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathRemoveFileSpecA
PathFileExistsA

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

secur32

LsaFreeReturnBuffer
LsaGetLogonSessionData
LsaEnumerateLogonSessions

kernel32

CreateEventA
LeaveCriticalSection
GetExitCodeProcess
TerminateProcess
EnterCriticalSection
ResetEvent
OpenEventA
WaitForMultipleObjects
GetModuleFileNameA
DeleteCriticalSection
Sleep
LocalFree
CreateThread
GetCommandLineA
GetVersionExW
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
HeapSize
HeapReAlloc
VirtualAlloc
OpenProcess
InitializeCriticalSection
GetModuleHandleW
SetEvent
WaitForSingleObject
GetCurrentProcess
GetModuleHandleA
LoadLibraryA
GetProcAddress
SetLastError
FreeLibrary
InitializeCriticalSectionAndSpinCount
CloseHandle
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoA
RaiseException
RtlUnwind
GetLastError
HeapFree
HeapAlloc
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
ExitProcess
WriteFile
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime

user32

DefWindowProcW
RegisterClassA
DispatchMessageW
UnregisterDeviceNotification
RegisterDeviceNotificationW
CreateWindowExA
LoadIconW
GetMessageW
LoadCursorW

advapi32

DuplicateTokenEx
ControlService
FreeSid
SetEntriesInAclW
SetServiceStatus
AllocateAndInitializeSid
QueryServiceStatus
StartServiceW
SetSecurityDescriptorDacl
StartServiceA
SetTokenInformation
InitializeSecurityDescriptor
CreateServiceA
GetTokenInformation
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
OpenSCManagerW
DeleteService
OpenProcessToken
CloseServiceHandle
OpenServiceA
CreateProcessAsUserA

Sections

.text
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

368a8f153886837ef5f02a9fcbe89508

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

userenv

secur32

kernel32

user32

advapi32

Sections

.text Size: 56KB - Virtual size: 56KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 3KB - Virtual size: 6KB

.rsrc Size: 41KB - Virtual size: 41KB

.text
Size: 56KB - Virtual size: 56KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 41KB - Virtual size: 41KB