79698aa780a96c0b59827ce54bfe172daad89d36d25be23c6d793b518d5ee3a4

Sharing

Copy URL Twitter E-mail

General

Target

79698aa780a96c0b59827ce54bfe172daad89d36d25be23c6d793b518d5ee3a4
Size

306KB
MD5

6d4d29c348d1025bdbb15e8b09d0c820
SHA1

5d4aeae76472addab5fdc4604292bbae4fca2228
SHA256

79698aa780a96c0b59827ce54bfe172daad89d36d25be23c6d793b518d5ee3a4
SHA512

68f24ab2ece8d1081569993c63f9f75778e841fccafd5f388c741a8c429ef559090ca1cba6104213c343e18fef75c1f2bee669417200d930a87d50ec55331b64
SSDEEP

6144:1uptmgrA9rduwFHLgM7qRaA0HoCWhU/YmHaJwgpej7ka:0m7rswFHkMXH9L/HYI

Score

N/A

Malware Config

Signatures

Files

79698aa780a96c0b59827ce54bfe172daad89d36d25be23c6d793b518d5ee3a4
.exe windows x86

7c7b6a06d39be49bdb0033cae62bf259

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

LookupPrivilegeValueA
GetTokenInformation
DeleteService
CreateServiceA
ControlService
CloseServiceHandle
AdjustTokenPrivileges
SetServiceStatus
SetSecurityDescriptorDacl
SetEntriesInAclA
RegisterServiceCtrlHandlerA
RegSetValueExA
RegEnumKeyA
InitializeSecurityDescriptor
StartServiceCtrlDispatcherA
OpenProcessToken
FreeSid
AllocateAndInitializeSid
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

usp10

ScriptBreak
ScriptCPtoX
ScriptCacheGetHeight
ScriptFreeCache
ScriptGetCMap
ScriptGetFontProperties
ScriptGetGlyphABCWidth
ScriptGetLogicalWidths
ScriptGetProperties
ScriptIsComplex
ScriptItemize
ScriptJustify
ScriptLayout
ScriptPlace
ScriptRecordDigitSubstitution
ScriptShape
ScriptStringAnalyse
ScriptStringCPtoX

kernel32

GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetLocaleInfoA
MultiByteToWideChar
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
CreateProcessA
GetCurrentThreadId
RemoveDirectoryA
GetCurrentProcessId
GetFileTime
GetDiskFreeSpaceA
GetTimeFormatA
HeapWalk
GetLocalTime
CreateFileA
HeapFree
HeapAlloc
HeapCreate
CreateDirectoryA
DeleteFileA
ResetEvent
VirtualFree
VirtualAlloc
PrepareTape
GetTempPathA
GetLastError
HeapReAlloc
GetCommandLineA
GetVersionExA
GetProcessHeap
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapDestroy
HeapSize
GetProcAddress
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
InitializeCriticalSection
Sleep
RtlUnwind
LoadLibraryA

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 138KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 105KB - Virtual size: 691KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7c7b6a06d39be49bdb0033cae62bf259

Headers

File Characteristics

Imports

advapi32

usp10

kernel32

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 138KB - Virtual size: 137KB

.data Size: 105KB - Virtual size: 691KB

.xdata Size: 26KB - Virtual size: 25KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 138KB - Virtual size: 137KB

.data
Size: 105KB - Virtual size: 691KB

.xdata
Size: 26KB - Virtual size: 25KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 5KB