32bc4c46a9323c238ce1c0676611e3574236c9e5cebfe2d4c38a2f4cb1181556

Sharing

Copy URL Twitter E-mail

General

Target

32bc4c46a9323c238ce1c0676611e3574236c9e5cebfe2d4c38a2f4cb1181556
Size

639KB
MD5

6274c4c2a32c35aa21c8387745559c21
SHA1

e3c7d96336893fcc8cb0dccd5352ff6ea85e028b
SHA256

32bc4c46a9323c238ce1c0676611e3574236c9e5cebfe2d4c38a2f4cb1181556
SHA512

09c2d7a5fce728578614ea6bbde09b72d4eb3af65f06b9d92a41d91b5892bf4b94f7b9783ae77e81d48d8565e06aab44dfd7d88e4e56ded6c9e022bb339e88d4
SSDEEP

12288:hRTvhj07fAT+Pn21A/yt5xW5dQbicG6pQVDCa/NtlWl6:hm4ToYxySbicG6iDCel5

Score

N/A

Malware Config

Signatures

Files

32bc4c46a9323c238ce1c0676611e3574236c9e5cebfe2d4c38a2f4cb1181556
.exe windows x64

f13cc49bc694c04ad294ca1b0c7c0aa2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

setupapi

SetupDiOpenDevRegKey
CM_Connect_MachineA
CM_Get_DevNode_Status_Ex
CM_Disconnect_Machine
SetupDiGetClassDevsA
SetupDiEnumDeviceInfo
SetupDiGetDeviceInstanceIdA
SetupDiSetClassInstallParamsA
SetupDiChangeState
SetupDiDestroyDeviceInfoList

crypt32

CryptProtectData

psapi

EnumProcesses
EnumProcessModules
GetModuleBaseNameA

kernel32

CreateProcessA
SetLastError
GetTickCount
Sleep
GetComputerNameA
WideCharToMultiByte
lstrlenA
OpenProcess
InitializeCriticalSection
lstrlenW
RaiseException
InitializeCriticalSectionAndSpinCount
GetModuleHandleA
lstrcmpiA
GetCurrentThread
GetModuleHandleW
IsDBCSLeadByte
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
GetCommandLineA
TerminateProcess
LeaveCriticalSection
EnterCriticalSection
GetSystemDirectoryA
GetSystemTimeAsFileTime
QueryPerformanceCounter
RtlCaptureContext
DeleteCriticalSection
MultiByteToWideChar
GetLastError
WaitForSingleObject
GetModuleHandleExA
GetEnvironmentVariableA
GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId
LocalAlloc
CreateEventA
SetUnhandledExceptionFilter
GetModuleFileNameA
OutputDebugStringA
CreateDirectoryA
FindFirstFileA
FindClose
LoadLibraryA
GetProcAddress
CreateFileA
SetEvent
FreeLibrary
CloseHandle
LocalFree
WriteFile
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
GetStartupInfoW
DecodePointer
GetComputerNameExA
EncodePointer

user32

CharNextW
LoadStringA
PostThreadMessageA
GetMessageA
DispatchMessageA
CharNextA

advapi32

RegCreateKeyExA
CopySid
RegQueryInfoKeyW
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
IsValidSid
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
OpenThreadToken
LsaOpenPolicy
LsaNtStatusToWinError
OpenProcessToken
SetServiceStatus
DeleteService
CreateServiceA
LsaRetrievePrivateData
LsaFreeMemory
LsaClose
RegEnumValueA
QueryServiceConfigA
LockServiceDatabase
ChangeServiceConfigA
UnlockServiceDatabase
OpenSCManagerA
OpenServiceA
StartServiceA
QueryServiceStatus
ControlService
CloseServiceHandle
RegEnumKeyExA
RegQueryInfoKeyA
RegNotifyChangeKeyValue
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetUserNameA
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
GetTokenInformation
ChangeServiceConfig2A
GetLengthSid

ole32

CoSetProxyBlanket
CoTaskMemAlloc
CoTaskMemRealloc
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemFree
StringFromGUID2
CoUninitialize
CoInitializeSecurity
CoInitialize
CoCreateInstance

shell32

SHGetFolderPathA

oleaut32

LoadRegTypeLi
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
VariantCopy
SafeArrayPutElement
SysAllocStringLen
SafeArrayCreate
SafeArrayAccessData
SafeArrayUnaccessData
SysStringByteLen
SysAllocStringByteLen
SysAllocString
VariantClear
VariantInit
SysStringLen
CreateErrorInfo
SysFreeString
GetErrorInfo
VariantChangeType
SetErrorInfo
VarBstrCat

shlwapi

PathAppendA
PathStripPathA

msvcr100

wcsncpy_s
_resetstkoflw
_purecall
_recalloc
memmove_s
__C_specific_handler
_unlock
__dllonexit
_lock
_onexit
?terminate@@YAXXZ
_amsg_exit
__getmainargs
_XcptFilter
_exit
_ismbblead
_cexit
exit
_acmdln
__crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__set_app_type
_fmode
_commode
__setusermatherr
_mbsstr
memcmp
wcslen
wcscpy_s
memcpy_s
strcpy_s
strcat_s
??_U@YAPEAX_K@Z
??_V@YAXPEAX@Z
??2@YAPEAX_K@Z
_mbsicmp
vsprintf_s
__CxxFrameHandler3
_mbsupr_s
_mbsrchr
_mbscmp
_mbstok
_mbsnbcpy_s
_mbsnbcat_s
strlen
_configthreadlocale
_initterm_e
_initterm
??3@YAXPEAX@Z
_CxxThrowException
memset
free
memcpy
calloc
malloc

mfc100

ord12679
ord305
ord5035
ord7534
ord11312
ord1461
ord1291
ord1294
ord316
ord2028
ord2024
ord2530
ord7190
ord310
ord2538
ord7539
ord13144
ord321
ord4124
ord4340
ord3285
ord306
ord1831
ord2076
ord2022
ord2048
ord2050
ord1914
ord396
ord2002
ord1945
ord2040
ord889
ord1906
ord1844
ord1895
ord322
ord1275
ord3991
ord893
ord2051
ord2014
ord2012
ord397

Sections

.text
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 946B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vmp0
Size: 500KB - Virtual size: 1.8MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f13cc49bc694c04ad294ca1b0c7c0aa2

Headers

DLL Characteristics

File Characteristics

Imports

setupapi

crypt32

psapi

kernel32

user32

advapi32

ole32

shell32

oleaut32

shlwapi

msvcr100

mfc100

Sections

.text Size: 77KB - Virtual size: 77KB

.rdata Size: 43KB - Virtual size: 42KB

.data Size: 2KB - Virtual size: 5KB

.pdata Size: 6KB - Virtual size: 5KB

.rsrc Size: 8KB - Virtual size: 8KB

.reloc Size: 1024B - Virtual size: 946B

.vmp0 Size: 500KB - Virtual size: 1.8MB

.text
Size: 77KB - Virtual size: 77KB

.rdata
Size: 43KB - Virtual size: 42KB

.data
Size: 2KB - Virtual size: 5KB

.pdata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 8KB - Virtual size: 8KB

.reloc
Size: 1024B - Virtual size: 946B

.vmp0
Size: 500KB - Virtual size: 1.8MB