f4817441c397dc98c359e03244d9de3ef631560396d902c542c44c60603ed1a0

Sharing

Copy URL

Twitter E-mail

General

Target

f4817441c397dc98c359e03244d9de3ef631560396d902c542c44c60603ed1a0
Size

572KB
MD5

5c848dd2a3b489d32edc173358a6af7e
SHA1

52955f9db32c14cc165e2a4149d73c8601344411
SHA256

f4817441c397dc98c359e03244d9de3ef631560396d902c542c44c60603ed1a0
SHA512

2ea7d20510fee0693e14277d7b862f62f4e5c3495329b0c4bb240d0f008a1699df5c3ba807852283105be36937d1a205d2266e91cbf43ad3e20e3a4f2ce0e952
SSDEEP

6144:D5SRtTdG58bGRJbgLLTFUDZRwFPR+zuPaAhEM2C7d8JhC:12hdG5UCJUTKRwpoCPah7CH

Score

N/A

Malware Config

Signatures

Files

f4817441c397dc98c359e03244d9de3ef631560396d902c542c44c60603ed1a0
.exe windows x86

ea9ae270fe1f12674261a2f78c308069

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapSize
HeapReAlloc
HeapAlloc
HeapDestroy
lstrlenA
GetVersionExW
GetProcessHeap
HeapFree
WideCharToMultiByte
GetCommandLineW
SetEvent
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
CreateEventW
CreateThread
GetCurrentThreadId
GetModuleHandleW
Sleep
GetCurrentThread
GetCurrentProcess
GetModuleFileNameW
WaitForSingleObject
CloseHandle
lstrcmpiW
DeleteCriticalSection
InitializeCriticalSection
RaiseException
lstrlenW
GetFileAttributesW
LoadLibraryExW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetLastError
FreeLibrary
GetProcAddress
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
LoadLibraryA
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
LCMapStringW
LCMapStringA
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStdHandle
HeapCreate
ExitProcess
IsValidCodePage
EnterCriticalSection
LeaveCriticalSection
GetVersionExA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
WaitForMultipleObjects
WaitForMultipleObjectsEx
GetTickCount
GetLocalTime
GetCurrentProcessId
OutputDebugStringW
WriteFile
CreateFileW
SetFilePointer
FlushFileBuffers
lstrcpyW
lstrcatW
CreateMutexW
OpenMutexW
ReleaseMutex
GetSystemDirectoryW
GetSystemInfo
VirtualAlloc
VirtualFree
InterlockedExchangeAdd
TerminateProcess
SetUnhandledExceptionFilter
CreateSemaphoreW
ReleaseSemaphore
RtlUnwind
UnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoW
GetSystemTimeAsFileTime
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCPInfo
GetOEMCP

user32

IsWindowUnicode
GetMessageA
DispatchMessageA
MsgWaitForMultipleObjectsEx
PeekMessageW
UnregisterClassA
CharNextW
LoadStringW
CharUpperW
PostThreadMessageW
MessageBoxW
DispatchMessageW
TranslateMessage
GetMessageW

advapi32

RegEnumValueW
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
OpenThreadToken
OpenProcessToken
RegEnumKeyExW
SetServiceStatus
RegisterEventSourceW
ReportEventW
DeregisterEventSource
GetTokenInformation
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
IsValidSid
GetLengthSid
CopySid
RegQueryInfoKeyW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
CreateServiceW
ChangeServiceConfig2W
ControlService
DeleteService
StartServiceW
OpenSCManagerW
OpenServiceW
CloseServiceHandle

shell32

SHGetSpecialFolderPathW

ole32

CoInitializeSecurity
StringFromGUID2
CoInitialize
CoUninitialize
CoTaskMemFree
CoRegisterClassObject
CoRevokeClassObject
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance

oleaut32

SysFreeString
SysStringLen
SysAllocString
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr

shlwapi

PathAddBackslashW

Sections

.text
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 360KB - Virtual size: 356KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ea9ae270fe1f12674261a2f78c308069

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

Sections

.text Size: 136KB - Virtual size: 135KB

.rdata Size: 64KB - Virtual size: 62KB

.data Size: 8KB - Virtual size: 15KB

.rsrc Size: 360KB - Virtual size: 356KB

.text
Size: 136KB - Virtual size: 135KB

.rdata
Size: 64KB - Virtual size: 62KB

.data
Size: 8KB - Virtual size: 15KB

.rsrc
Size: 360KB - Virtual size: 356KB