9c972c2ba5909646a17a6b0adc37f922c2a693dc96c862de9e967853ddfbe91b

Sharing

Copy URL

Twitter E-mail

General

Target

9c972c2ba5909646a17a6b0adc37f922c2a693dc96c862de9e967853ddfbe91b
Size

795KB
MD5

53b25f8661368bd95076ce98bef4b110
SHA1

1164fa527300b4e5c8284e5ecf1111bf0a6ed065
SHA256

9c972c2ba5909646a17a6b0adc37f922c2a693dc96c862de9e967853ddfbe91b
SHA512

415bfe295a5e9a00e660696c9e8649f3d5505cf1ee0dd4e827054ccecaaa8d7ceb668b8484ae734f3b6b9c7fcb65db83e0db188737346404eee9e112117819b8
SSDEEP

24576:6UkLPnEoM6gwnzCAHdYcwe5eKMpZ3FL3YEoBAesBacyQxCAvbX7xtkKe:6UkLPnK6g0zCAHd4yWdLxtkX

Score

N/A

Malware Config

Signatures

Files

9c972c2ba5909646a17a6b0adc37f922c2a693dc96c862de9e967853ddfbe91b
.exe windows x64

764fa9804b6493c368379fc4afa56cea

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

ProcessTrace
EnableTraceEx
TraceMessage
UpdateTraceW
ControlTraceW
GetTraceEnableFlags
CloseTrace
RegQueryValueExW
RegQueryInfoKeyW
GetTraceLoggerHandle
StopTraceW
StartTraceW
RegDeleteValueW
UnregisterTraceGuids
RegEnumValueW
IsValidSid
RegOpenKeyExW
GetTraceEnableLevel
RegEnumKeyExW
QueryTraceW
OpenTraceW
RegCloseKey
RegisterTraceGuidsW
RegisterEventSourceW
RegCreateKeyExW
DeregisterEventSource
ReportEventW
ConvertSidToStringSidW
RegSetValueExW
CopySid
GetLengthSid
OpenProcessToken
OpenSCManagerW
OpenServiceW
GetTokenInformation
SetNamedSecurityInfoW
TraceEvent
QueryServiceStatus
GetSecurityDescriptorOwner
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorDacl
ImpersonateLoggedOnUser
RevertToSelf
RegGetValueW
CloseServiceHandle

kernel32

FindNextFileW
GetFileAttributesExW
CloseHandle
DeleteFileW
GetSystemTime
SetFileAttributesW
GetActiveProcessorCount
GetSystemDefaultUILanguage
FreeLibrary
GetSystemDefaultLCID
GetUserGeoID
LoadLibraryW
GetLogicalProcessorInformationEx
GetProcAddress
GlobalMemoryStatusEx
GetProductInfo
GetSystemInfo
LocalFree
DeleteCriticalSection
CreateEventW
ResetEvent
EnterCriticalSection
HeapSetInformation
ReadFile
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
SetEvent
CreateFileMappingW
ReleaseMutex
GetThreadPriority
WaitForMultipleObjects
LockResource
GlobalFree
SetLastError
GetLongPathNameW
GetFileSizeEx
GetTempPathW
GetFileAttributesW
VirtualAlloc
DuplicateHandle
VirtualFree
UnmapViewOfFile
MapViewOfFile
GetFileSize
ExpandEnvironmentStringsW
LocalAlloc
Sleep
GetStartupInfoW
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SizeofResource
CreateDirectoryW
SetFilePointerEx
LoadLibraryExW
LoadResource
lstrlenW
GetModuleFileNameW
GetSystemDirectoryW
GetEnvironmentVariableW
GetLocalTime
FindClose
GetLastError
SetThreadPriority
CreateFileW
GetExitCodeProcess
GetVersionExW
WriteFile
GetCurrentThread
GetTickCount
GetModuleHandleW
WaitForSingleObject
CompareFileTime
MoveFileExW
SystemTimeToFileTime
CreateProcessW
FindFirstFileW
CreateMutexW
GetCommandLineW
FreeLibraryAndExitThread
FindResourceW
FreeResource
GetTempFileNameW
FileTimeToDosDateTime
CreateThread

user32

LoadStringW
MsgWaitForMultipleObjects
TranslateMessage
PeekMessageW
DispatchMessageW
GetSystemMetrics

msvcrt

memmove
ceilf
memcpy
memset
_vsnwprintf
towupper
wcschr
malloc
wcstok_s
_purecall
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
__set_app_type
_fmode
_commode
__setusermatherr
_amsg_exit
_initterm
_acmdln
exit
_cexit
_ismbblead
_exit
_XcptFilter
__C_specific_handler
__getmainargs
free
_callnewh
_wcsicmp
__CxxFrameHandler3
_wcsnicmp
_vsnprintf
realloc
wcstoul
wcsrchr
wcsstr

shlwapi

StrToIntExW
StrStrIW
PathFindFileNameW
PathCombineW
PathAppendW
PathRemoveExtensionW
ord437
PathFileExistsW

tdh

TdhGetPropertySize
TdhGetProperty

ole32

CoCreateGuid
StringFromGUID2

shell32

SHGetFolderPathW
SHGetFolderPathAndSubDirW
CommandLineToArgvW

winhttp

WinHttpGetIEProxyConfigForCurrentUser
WinHttpSendRequest
WinHttpWriteData
WinHttpConnect
WinHttpCloseHandle
WinHttpReadData
WinHttpSetStatusCallback
WinHttpCrackUrl
WinHttpGetProxyForUrl
WinHttpOpenRequest
WinHttpReceiveResponse
WinHttpSetTimeouts
WinHttpGetDefaultProxyConfiguration
WinHttpSetCredentials
WinHttpQueryHeaders
WinHttpSetOption
WinHttpOpen

wevtapi

EvtNext
EvtQuery
EvtRender
EvtCreateRenderContext
EvtClose

powrprof

PowerDeterminePlatformRole

ntdll

NtQuerySystemTime
RtlFreeHeap
RtlAllocateHeap

oleaut32

SysFreeString
SysAllocString

Sections

.text
Size: 249KB - Virtual size: 248KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vmp0
Size: 508KB - Virtual size: 1.8MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

764fa9804b6493c368379fc4afa56cea

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

msvcrt

shlwapi

tdh

ole32

shell32

winhttp

wevtapi

powrprof

ntdll

oleaut32

Sections

.text Size: 249KB - Virtual size: 248KB

.data Size: 512B - Virtual size: 11KB

.pdata Size: 6KB - Virtual size: 5KB

.rsrc Size: 29KB - Virtual size: 28KB

.reloc Size: 1024B - Virtual size: 528B

.vmp0 Size: 508KB - Virtual size: 1.8MB

.text
Size: 249KB - Virtual size: 248KB

.data
Size: 512B - Virtual size: 11KB

.pdata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 29KB - Virtual size: 28KB

.reloc
Size: 1024B - Virtual size: 528B

.vmp0
Size: 508KB - Virtual size: 1.8MB