ea82d14324949ca032a1b5deb355113c7e5c96fef19d4190b215a20186bb0e73

Sharing

Copy URL Twitter E-mail

General

Target

ea82d14324949ca032a1b5deb355113c7e5c96fef19d4190b215a20186bb0e73
Size

124KB
MD5

3f86e0726c9e5392ad9077421e456ec0
SHA1

d3cd15f25448b330d8b4d63c2a45c88746575ff3
SHA256

ea82d14324949ca032a1b5deb355113c7e5c96fef19d4190b215a20186bb0e73
SHA512

c06cbf85a3872567ea3a90646ab5afadc6461337e0747a4ef30727ad0afeac579f836e0f83d8a37212647559722214b7f19c2819733e30f47f2bdabbb25cbc18
SSDEEP

1536:pUNFU1+YijmU/5y+HC0dTcEhFn5xP2NSzs0pjY3fBgotyJptNoZ5G0tvV+:KNZYijt/5yCT35xuNdejYp/yJptNgb9

Score

N/A

Malware Config

Signatures

Files

ea82d14324949ca032a1b5deb355113c7e5c96fef19d4190b215a20186bb0e73
.dll windows x86

2dac6915abd49ac8aadce3ef8b673153

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ResumeThread
GetThreadContext
LoadLibraryW
CreateRemoteThread
TerminateProcess
GetLongPathNameW
WideCharToMultiByte
GetSystemWindowsDirectoryW
GetSystemTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetDateFormatW
GetTimeFormatW
ExpandEnvironmentStringsW
GetFileAttributesW
OpenMutexW
SystemTimeToFileTime
GetExitCodeProcess
CreateEventA
CreateMutexA
DuplicateHandle
CreateFileMappingA
MapViewOfFile
GetCurrentThreadId
OpenThread
Thread32Next
GetSystemDirectoryW
CreateProcessW
WaitForSingleObject
ReleaseMutex
UnmapViewOfFile
GetTempPathW
GetTickCount
CreateFileW
GetCurrentProcessId
CreateToolhelp32Snapshot
Module32FirstW
Module32NextW
GetLogicalDriveStringsW
QueryDosDeviceW
GetDriveTypeW
GetProcAddress
FreeLibrary
GetCurrentThread
GetCurrentProcess
HeapAlloc
GetLastError
ExitProcess
SetCurrentDirectoryW
GetStartupInfoW
SuspendThread
Thread32First
GetACP
CreateFileMappingW
DeviceIoControl
CopyFileW
WriteFile
SetFilePointer
GetBinaryTypeW
GetTempFileNameW
GetFileAttributesExW
FindClose
FindNextFileW
FindFirstFileW
GetSystemDefaultLangID
GetVersionExW
Sleep
GetSystemTimeAsFileTime
QueryPerformanceCounter
UnhandledExceptionFilter
SetUnhandledExceptionFilter
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
lstrlenW
GetFileSize
WaitNamedPipeW
GetOverlappedResult
TransactNamedPipe
CreateEventW
SetNamedPipeHandleState
RemoveDirectoryW
CreateDirectoryW
CompareStringW
SetEvent
DeleteFileW
GetProcessHeap
HeapFree
OpenProcess
CloseHandle
MultiByteToWideChar
SetLastError
DisableThreadLibraryCalls
GetUserDefaultUILanguage
GetModuleFileNameW
LoadLibraryExW

user32

GetUserObjectInformationW
OpenWindowStationW
GetProcessWindowStation
CloseWindowStation
GetSystemMetrics
LoadStringW

advapi32

SetSecurityDescriptorGroup
AddAccessAllowedAce
SetSecurityDescriptorDacl
AccessCheck
RegDeleteKeyW
RegEnumKeyExW
OpenSCManagerW
OpenServiceW
QueryServiceConfigW
CloseServiceHandle
CheckTokenMembership
GetUserNameW
ImpersonateLoggedOnUser
CreateProcessAsUserW
RegisterEventSourceW
ReportEventW
DeregisterEventSource
AllocateAndInitializeSid
FreeSid
IsValidSid
GetTokenInformation
EqualSid
RevertToSelf
SetThreadToken
RegSetKeySecurity
RegLoadKeyW
RegUnLoadKeyW
RegOpenKeyExW
RegSetValueExW
RegCloseKey
AdjustTokenPrivileges
OpenProcessToken
OpenThreadToken
LookupPrivilegeValueW
RegDeleteValueW
RegEnumValueW
RegQueryInfoKeyA
RegQueryValueExW
RegCreateKeyExW
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
GetLengthSid
DuplicateToken
AddAccessDeniedAce
GetSecurityDescriptorDacl
InitializeAcl

shell32

StrStrIW

msvcrt

tolower
memset
toupper

powrprof

GetPwrCapabilities

Exports

Exports

Wrch4

Sections

.data
Size: 4KB - Virtual size: 448KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qdata
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.code
Size: 88KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2dac6915abd49ac8aadce3ef8b673153

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

msvcrt

powrprof

Exports

Exports

Sections

.data Size: 4KB - Virtual size: 448KB

.qdata Size: 4KB - Virtual size: 8B

.code Size: 88KB - Virtual size: 86KB

.rsrc Size: 20KB - Virtual size: 17KB

.reloc Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 448KB

.qdata
Size: 4KB - Virtual size: 8B

.code
Size: 88KB - Virtual size: 86KB

.rsrc
Size: 20KB - Virtual size: 17KB

.reloc
Size: 4KB - Virtual size: 1KB