07cb7faf81b9a4a46c6e247431ca5480cbc9eb4b2f435e79ae09f74262e058f9

Sharing

Copy URL Twitter E-mail

General

Target

07cb7faf81b9a4a46c6e247431ca5480cbc9eb4b2f435e79ae09f74262e058f9
Size

468KB
MD5

4b12d174da6beb57446045c4cb53f630
SHA1

f87c02aec0195f5dc07ccefb83d119a9bc3bc524
SHA256

07cb7faf81b9a4a46c6e247431ca5480cbc9eb4b2f435e79ae09f74262e058f9
SHA512

94f1c4b3567fc2f68fa2a0ec9068925c69119ab98f586b682bdf08d02ac53a645522221008f13b4000230ab21777f04878d21c0a7b0c71c5d3193887f3a76b30
SSDEEP

12288:/pKz6RZT8e6wEbv43S8OM/FHO8RWuLt8E:hNZTDKQ35lO8/LSE

Score

N/A

Malware Config

Signatures

Files

07cb7faf81b9a4a46c6e247431ca5480cbc9eb4b2f435e79ae09f74262e058f9
.exe windows x86

bf991bd3de2fc9b441110fc1d6af7059

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InitializeCriticalSectionAndSpinCount
GetUserDefaultLangID
GetWindowsDirectoryW
GetModuleFileNameW
LoadLibraryExW
GetLocalTime
CloseHandle
Sleep
GetCurrentThreadId
TerminateProcess
GetCurrentProcessId
GetCurrentProcess
OpenProcess
GetProcessHeap
HeapFree
HeapAlloc
LocalFree
InterlockedDecrement
GetVersionExW
MoveFileExW
CopyFileW
ExpandEnvironmentStringsW
GetTickCount
FindFirstFileW
DeleteFileW
GetCurrentDirectoryW
SetCurrentDirectoryW
OutputDebugStringW
GetCommandLineW
GetModuleHandleExW
LoadLibraryW
FindClose
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetEnvironmentVariableA
ReadConsoleW
InitializeCriticalSection
SetLastError
GetLastError
GetProcAddress
FreeLibrary
InterlockedExchange
FlushFileBuffers
WriteConsoleW
SetStdHandle
SetFilePointerEx
GetModuleHandleW
GetFileAttributesW
FindNextFileW
RemoveDirectoryW
CreateFileW
ReadFile
CreateDirectoryW
WriteFile
GetTempPathW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetErrorMode
CreateProcessW
WaitForSingleObject
WideCharToMultiByte
MultiByteToWideChar
InterlockedIncrement
GetStringTypeW
EncodePointer
DecodePointer
RaiseException
RtlUnwind
GetFileAttributesExW
GetSystemTimeAsFileTime
IsDebuggerPresent
IsProcessorFeaturePresent
FindFirstFileExW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
CompareStringW
LCMapStringW
GetStdHandle
ExitProcess
HeapSize
IsValidCodePage
GetACP
GetOEMCP
GetFileType
QueryPerformanceCounter
HeapReAlloc
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode

user32

CloseDesktop
OpenDesktopW
FindWindowW
GetWindowThreadProcessId
SystemParametersInfoW
UnloadKeyboardLayout
LoadKeyboardLayoutW
LoadStringW
GetKeyboardLayoutList

advapi32

RegCreateKeyExW
OpenProcessToken
RegOpenKeyExW
FreeSid
RegSetValueExW
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegEnumValueW
RegDeleteValueW
AllocateAndInitializeSid
SetEntriesInAclW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
GetNamedSecurityInfoW
SetNamedSecurityInfoW
GetAce
GetFileSecurityW
MapGenericMask
ConvertStringSidToSidW
RegUnLoadKeyW
RegQueryValueExW
RegLoadKeyW
RegEnumKeyW
RegDeleteKeyW
DuplicateTokenEx
CreateProcessAsUserW
GetUserNameW
GetLengthSid
GetSidSubAuthorityCount
GetSidSubAuthority
SetTokenInformation
RegOpenKeyW
LookupAccountSidW
GetAclInformation
GetSecurityDescriptorDacl
AdjustTokenPrivileges
LookupPrivilegeValueW
GetTokenInformation

shell32

SHGetSpecialFolderPathW
SHFileOperationW
ord165
SHGetFolderPathW
ShellExecuteW

ole32

CoInitializeEx
CoInitialize
StringFromIID
IIDFromString
CoUninitialize
CoCreateInstance
CoTaskMemFree

oleaut32

VariantInit
SysAllocString
SysFreeString
VariantClear

shlwapi

PathFindFileNameW
SHDeleteKeyW
PathAppendW
StrStrIW
PathFileExistsW
PathQuoteSpacesW
PathRemoveFileSpecW

imm32

ImmInstallIMEW
ImmGetIMEFileNameW
ImmGetHotKey
ImmSetHotKey
ImmDisableIME

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Sections

.text
Size: 239KB - Virtual size: 239KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 6KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 115KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

bf991bd3de2fc9b441110fc1d6af7059

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

imm32

version

Sections

.text Size: 239KB - Virtual size: 239KB

.rdata Size: 70KB - Virtual size: 69KB

.data Size: 6KB - Virtual size: 16KB

.rsrc Size: 27KB - Virtual size: 27KB

.reloc Size: 115KB - Virtual size: 116KB

.text
Size: 239KB - Virtual size: 239KB

.rdata
Size: 70KB - Virtual size: 69KB

.data
Size: 6KB - Virtual size: 16KB

.rsrc
Size: 27KB - Virtual size: 27KB

.reloc
Size: 115KB - Virtual size: 116KB