6a25d9794fe800221498592d0fd431014b4e3e8b63998b54e63ef9a944e2c3fd

Sharing

Copy URL Twitter E-mail

General

Target

6a25d9794fe800221498592d0fd431014b4e3e8b63998b54e63ef9a944e2c3fd
Size

64KB
MD5

4b8c43ae5ac058c1aaef31d6fe69a7c8
SHA1

713ae68e83077b0d83a6ea849c578dda0da29f67
SHA256

6a25d9794fe800221498592d0fd431014b4e3e8b63998b54e63ef9a944e2c3fd
SHA512

a6be903406ebf88dcf1520961a778bdc7b79f7ba49f2c01474662a7f19d80169fd9a8482a6c93c93e9ab41518b5d80817f560919d9a692696026017f97752083
SSDEEP

1536:Vf/9oZjr91SAuShInwerpMaOBoDA1DFN+8ucpIOh:F9oZjr91SAVh8PrevomFPucxh

Score

N/A

Malware Config

Signatures

Files

6a25d9794fe800221498592d0fd431014b4e3e8b63998b54e63ef9a944e2c3fd
.exe windows x86

bf03c4f1e77adc0719a84cf4665342a3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetExitCodeProcess
LoadLibraryA
VirtualQuery
GetSystemDirectoryA
GetProcAddress
WideCharToMultiByte
CreateFileW
GetCurrentProcessId
GetCPInfo
GetVersion
FindResourceA
IsBadReadPtr
lstrcmpW
LockResource
GetModuleHandleW
GetTickCount
SetLastError
IsBadWritePtr
TlsFree
VirtualFree
TerminateProcess
ExitProcess
FreeEnvironmentStringsW
GetStringTypeW
VirtualAlloc
GetCommandLineW
GetStdHandle
GetCurrentThreadId
RtlUnwind
lstrlenA
GetConsoleMode
GetLastError
LocalAlloc
FindResourceW

ole32

OleRun
CoTaskMemRealloc
CreateILockBytesOnHGlobal
CoGetObjectContext
CoTaskMemFree
CoGetMalloc
CoSetProxyBlanket
StgCreateDocfile
OleRegGetMiscStatus
CoCreateInstance
CoCreateFreeThreadedMarshaler
CreateDataAdviseHolder
WriteClassStm
CoInitializeEx
CoUnmarshalInterface
OleUninitialize
OleRegEnumVerbs
StringFromGUID2
CoGetInterfaceAndReleaseStream
ReadOleStg
CoFreeUnusedLibraries

msvcrt

_vsnwprintf
fprintf
_initterm
wcsncmp
fseek
atol
malloc
memmove
isdigit
_stricmp
??1type_info@@UAE@XZ
_ftol
_ltow
_snprintf
wcscspn
_wcsdup
_CIsqrt
??0exception@@QAE@ABV0@@Z
__set_app_type
_exit
isleadbyte
strncpy
_vsnprintf
fwrite

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoA
GetFileVersionInfoSizeA
VerFindFileW
VerQueryValueA

ntdll

RtlCreateUserThread
RtlReleaseResource
RtlGUIDFromString
RtlAcquireResourceExclusive
RtlAppendUnicodeToString
DbgPrint
RtlQueryInformationAcl
RtlCreateEnvironment
NtDuplicateToken
NtDuplicateObject
RtlGetNtProductType
RtlInitializeCriticalSection
RtlGetOwnerSecurityDescriptor
NtQueryAttributesFile
NtQueryObject
NtWriteFile
RtlDeleteCriticalSection
RtlInitializeCriticalSectionAndSpinCount
NtQueryInformationProcess
RtlFormatCurrentUserKeyPath
NtUnmapViewOfSection
RtlQueueWorkItem
RtlSubAuthoritySid
NtCreateFile

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 30KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 483B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bf03c4f1e77adc0719a84cf4665342a3

Headers

File Characteristics

Imports

kernel32

ole32

msvcrt

version

ntdll

Sections

.text Size: 9KB - Virtual size: 9KB

.rdata Size: 23KB - Virtual size: 22KB

.data Size: 30KB - Virtual size: 91KB

.reloc Size: 512B - Virtual size: 483B

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 23KB - Virtual size: 22KB

.data
Size: 30KB - Virtual size: 91KB

.reloc
Size: 512B - Virtual size: 483B