8e02ac1c6271a944c54c812e6a0e8c462113fea353ebf432b1ce950da4f8bcb9

Sharing

Copy URL Twitter E-mail

General

Target

8e02ac1c6271a944c54c812e6a0e8c462113fea353ebf432b1ce950da4f8bcb9
Size

538KB
MD5

673204e3c515a116bfe24e36ee7ddf62
SHA1

b401a909bdb77ab23da6aff387060d0b61d2ee8d
SHA256

8e02ac1c6271a944c54c812e6a0e8c462113fea353ebf432b1ce950da4f8bcb9
SHA512

b37d233a8f891522b1901b81709761705fdc7d2abbb346a8b0746eacfa082de6e1584d7e08412d55ca5fa7c184a8bcd3423cc2959538dfd4233407ecfc39ba21
SSDEEP

6144:eo9FURSknaASC/1Qe/zkojDgbXB8BaL+m/si/V8cbFyHxgvY3MbmaRV:eaFrkaASC/1tkoobxgcr/pbF5go

Score

N/A

Malware Config

Signatures

Files

8e02ac1c6271a944c54c812e6a0e8c462113fea353ebf432b1ce950da4f8bcb9
.exe windows x64

01fa62f818199f9d2a6f293d00737579

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

AllocateAndInitializeSid
FreeSid
CheckTokenMembership
RegQueryValueExW
RegEnumValueW
RegOpenKeyExW

kernel32

QueryPerformanceCounter
Sleep
GetSystemInfo
MapViewOfFile
UnmapViewOfFile
FreeLibrary
HeapAlloc
SystemTimeToFileTime
CompareFileTime
LocalFree
SetEvent
GetProcessHeap
LoadLibraryW
GetVersionExW
FileTimeToSystemTime
GetModuleFileNameW
CreateFileW
GetFileSizeEx
GetLastError
GetLocalTime
CreateFileMappingW
LocaleNameToLCID
CreateEventW
GetProductInfo
QueueUserWorkItem
GetFileTime
GetUserDefaultUILanguage
GetDiskFreeSpaceExW
CloseHandle
HeapSetInformation
GetProcAddress
GetConsoleOutputCP
FormatMessageW
GetModuleHandleW
WaitForSingleObject
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
lstrcmpiW
GetWindowsDirectoryW
lstrlenW

msvcrt

_initterm
_amsg_exit
__setusermatherr
_commode
_fmode
__set_app_type
?terminate@@YAXXZ
__C_specific_handler
exit
wcsstr
wcsrchr
strtok
atoi
strstr
wcstoul
swscanf
wcschr
mbstowcs
_wtof
??2@YAPEAX_K@Z
__wgetmainargs
wcstok
strtoul
_cexit
_exit
_XcptFilter
memset
_vsnwprintf
_getmbcp
_wsetlocale
??3@YAXPEAX@Z
_snwprintf_s
printf
_wcsnicmp
_wcsicmp
_strnicmp
memcpy

ntdll

RtlExpandEnvironmentStrings_U
RtlAnsiStringToUnicodeString
RtlInitUnicodeString
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlFreeUnicodeString
RtlInitAnsiString

ole32

CoCreateInstance
CoUninitialize
CoInitializeEx
CoGetMalloc

oleaut32

SysFreeString
SysAllocString

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

powrprof

PowerDeterminePlatformRole

Sections

.text
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 150B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vmp0
Size: 500KB - Virtual size: 1.8MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

01fa62f818199f9d2a6f293d00737579

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

ntdll

ole32

oleaut32

version

powrprof

Sections

.text Size: 33KB - Virtual size: 32KB

.data Size: 512B - Virtual size: 3KB

.pdata Size: 1024B - Virtual size: 912B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 150B

.vmp0 Size: 500KB - Virtual size: 1.8MB

.text
Size: 33KB - Virtual size: 32KB

.data
Size: 512B - Virtual size: 3KB

.pdata
Size: 1024B - Virtual size: 912B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 150B

.vmp0
Size: 500KB - Virtual size: 1.8MB