3e5c46d18e4ad5d74a5b0bc70dccec7f14e91d6e4c9b534049be1169cc6000c8

Sharing

Copy URL Twitter E-mail

General

Target

3e5c46d18e4ad5d74a5b0bc70dccec7f14e91d6e4c9b534049be1169cc6000c8
Size

573KB
MD5

ef07b6866d2042654b01ca797281be33
SHA1

0247b9eccab187a937f9d3d4a0d411785c425ae8
SHA256

3e5c46d18e4ad5d74a5b0bc70dccec7f14e91d6e4c9b534049be1169cc6000c8
SHA512

7eacfd9cf1710ed39830fb44f412a6915519410cc254bb6ba1e23cebe9f67e180d62609050a15e69f7e56e98904fb2707d012166b930240eb3669f6e86173df8
SSDEEP

12288:q2yg3ID5PCyxq3pnoYkrOKbrsno3tBhI:q2yUePCyxipnNaYGI

Score

N/A

Malware Config

Signatures

Files

3e5c46d18e4ad5d74a5b0bc70dccec7f14e91d6e4c9b534049be1169cc6000c8
.exe windows x64

1a9a1a6d7c66f14cb3797dd4a69254f4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

GetSecurityDescriptorControl
GetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetSecurityDescriptorLength
MakeSelfRelativeSD
RegOpenKeyExW
RegQueryValueExW
AllocateAndInitializeSid
GetExplicitEntriesFromAclW
EqualSid
BuildTrusteeWithObjectsAndSidW
SetEntriesInAclW
ConvertSidToStringSidW
RegCloseKey
FreeSid

kernel32

WideCharToMultiByte
GetSystemTimeAsFileTime
FormatMessageW
LocalFree
lstrcmpiW
SetThreadUILanguage
LocalAlloc
GetModuleHandleW
ReadConsoleW
SetConsoleMode
GetLastError
GetStdHandle
LockResource
LoadResource
FindResourceW
WriteFile
WriteConsoleW
GetCommandLineW
GetConsoleCP
GetFileType
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep
GetConsoleMode
SetLastError

msvcrt

_itow
fgetwc
__wgetmainargs
__C_specific_handler
_XcptFilter
_exit
_cexit
exit
_initterm
_amsg_exit
__setusermatherr
_commode
_wtol
memcpy
malloc
_wcsnicmp
_vsnwprintf
wcschr
_wcsicmp
free
_iob
fputwc
_fmode
__set_app_type
?terminate@@YAXXZ
_callnewh
_wtoi
iswdigit
_setmode
_fileno
setlocale
_vsnprintf
wcsstr
memmove
fread
memset

ole32

CoInitializeEx
CoCreateInstance
CoUninitialize

oleaut32

SafeArrayGetElement
SafeArrayGetUBound
SafeArrayGetLBound
VariantClear
SysAllocStringLen
SysStringLen
VariantInit
SysAllocString
SysFreeString
SysStringByteLen

user32

CharLowerW
LoadStringW

activeds

ord15
ord9
ord13

crypt32

CryptProtectData
CryptUnprotectData

Sections

.text
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vmp0
Size: 500KB - Virtual size: 1.8MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1a9a1a6d7c66f14cb3797dd4a69254f4

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

ole32

oleaut32

user32

activeds

crypt32

Sections

.text Size: 55KB - Virtual size: 54KB

.data Size: 12KB - Virtual size: 13KB

.pdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 1KB - Virtual size: 1KB

.vmp0 Size: 500KB - Virtual size: 1.8MB

.text
Size: 55KB - Virtual size: 54KB

.data
Size: 12KB - Virtual size: 13KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1KB - Virtual size: 1KB

.vmp0
Size: 500KB - Virtual size: 1.8MB