c30789b3129f1c61b39d22c0b3d9b18bc8fd3fda5249050ef1c1df9b8bd59dae

Sharing

Copy URL

Twitter E-mail

General

Target

c30789b3129f1c61b39d22c0b3d9b18bc8fd3fda5249050ef1c1df9b8bd59dae
Size

293KB
MD5

32012311ef216ec741a06c342078d410
SHA1

4602d8f106936c24c11b3f63eb3876db5b0597ff
SHA256

c30789b3129f1c61b39d22c0b3d9b18bc8fd3fda5249050ef1c1df9b8bd59dae
SHA512

97a6de7ab09511fa0c2d1e0f59fece991819896964f19d7914f59fdf5493bb0c2c48bd2a55afc7033dd7e581707cecc4fbbfbc1f49e07886eff600f0851c104e
SSDEEP

3072:XVB8Mi8cLackiUUiQb883qBBuyAlHzwT8NaknK77VRnARRnhaFkhsHJKe0rvgqjP:/UiQQfTAnNXuVyRRnh68qy9jMZPWN7

Score

N/A

Malware Config

Signatures

Files

c30789b3129f1c61b39d22c0b3d9b18bc8fd3fda5249050ef1c1df9b8bd59dae
.exe windows x86

d361bcda566ef6ba36ab674f62d05722

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
CryptGenRandom
CryptAcquireContextW
CryptReleaseContext
RegQueryValueExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegLoadKeyW
EventUnregister
EventWrite

kernel32

FormatMessageW
Sleep
HeapFree
HeapReAlloc
HeapAlloc
GetProcessHeap
lstrlenW
GetCurrentProcess
WideCharToMultiByte
GlobalFree
ReadFile
CreateFileW
GetWindowsDirectoryW
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
FreeLibrary
GetProcAddress
LoadLibraryW
InterlockedIncrement
MultiByteToWideChar
LocalFree
ReleaseMutex
SetEvent
InterlockedDecrement
OutputDebugStringA
GetUILanguageInfo
EnumUILanguagesW
GetProductInfo
GetVersionExW
SetLastError
FindClose
FindNextFileW
FindFirstFileW
WriteFile
SetEndOfFile
SetFilePointer
InterlockedExchange
HeapSize
HeapDestroy
GetVersionExA
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetFullPathNameW
GetSystemWindowsDirectoryW
GetModuleFileNameW
GetFileAttributesW
CreateDirectoryW
CreateEventW
CreateThread
CloseHandle
GetLastError
FindResourceExW
InterlockedCompareExchange
SetUnhandledExceptionFilter
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentVariableW
TerminateProcess
UnhandledExceptionFilter
DeleteFileW
CompareFileTime
SetFileTime
MoveFileExW
GetSystemTime
GetFileAttributesExW
FindResourceW
LoadResource
LockResource
SizeofResource
CreateMutexW

user32

UnregisterClassA
MessageBoxW

msvcrt

_exit
_unlock
wcsspn
_XcptFilter
_resetstkoflw
wcscspn
vsprintf_s
_cexit
wcsrchr
??2@YAPAXI@Z
iswdigit
_wtoi
memcpy
calloc
malloc
free
exit
_initterm
_ftol2
__wgetmainargs
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
__setusermatherr
vswprintf_s
_vscwprintf
_wcsicmp
wcstoul
_wcsnicmp
wcschr
memset
memmove_s
_CxxThrowException
memcpy_s
_vsnwprintf
??_V@YAXPAX@Z
__CxxFrameHandler3
??_U@YAPAXI@Z
??3@YAXPAX@Z
_vsnprintf
_controlfp
?terminate@@YAXXZ
_except_handler4_common
_onexit
_lock
_amsg_exit
__dllonexit
_vscprintf

shell32

SHFileOperationW
CommandLineToArgvW

ole32

CoInitializeSecurity
CoUninitialize
CoGetMalloc
CoCreateInstance
CoInitializeEx

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

shlwapi

PathRemoveFileSpecW

userenv

UnloadUserProfile

spwizui

SPInstallFailed
SPInstallSucceeded

sperror

GetErrorDescription

sqmapi

SqmStartUpload
SqmEndSession
SqmIsWindowsOptedIn
SqmSet
SqmSetMachineId
SqmWriteSharedMachineId
SqmCreateNewId
SqmReadSharedMachineId
SqmSetString
SqmSetAppId
SqmSetEnabled
SqmGetSession
SqmAddToStreamV
SqmWaitForUploadComplete

winbrand

BrandingFormatString

Sections

.text
Size: 246KB - Virtual size: 246KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d361bcda566ef6ba36ab674f62d05722

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

msvcrt

shell32

ole32

version

shlwapi

userenv

spwizui

sperror

sqmapi

winbrand

Sections

.text Size: 246KB - Virtual size: 246KB

.data Size: 1KB - Virtual size: 3KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 42KB - Virtual size: 45KB

.text
Size: 246KB - Virtual size: 246KB

.data
Size: 1KB - Virtual size: 3KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 42KB - Virtual size: 45KB