ff11895eb7690c0001812c27cfeb928d1a3610649814850df966e287a1b7d9e7

Sharing

Copy URL Twitter E-mail

General

Target

ff11895eb7690c0001812c27cfeb928d1a3610649814850df966e287a1b7d9e7
Size

474KB
MD5

2d0ffbb2e6d6db05cf0e9ea967bda102
SHA1

452b20fd29ebcfea282153e1d9dcffcc2194f179
SHA256

ff11895eb7690c0001812c27cfeb928d1a3610649814850df966e287a1b7d9e7
SHA512

e6eb0c34b040ffa37343796be75a980e980d3a59ee0f09047d02b251d31588f04841bb19e350e2333a8ed210201684d549b35a3ae9ae6cda383c551edd6e8aeb
SSDEEP

6144:rZHOz6A1etZJj6OL9+vf+UIqZWUbtyA/nAtZqRCbI8jq2z9t/eNXqkNTNT+:t6l1YZJ6weP1ZW6tyuAtHbP3/ypNTw

Score

N/A

Malware Config

Signatures

Files

ff11895eb7690c0001812c27cfeb928d1a3610649814850df966e287a1b7d9e7
.exe windows x86

0e1c16c4e37c604f760c92399c2e92f3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExA
RegQueryValueExA
RegSetValueExA
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExA
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegSetKeySecurity
SetNamedSecurityInfoW
GetSecurityDescriptorDacl
RegDeleteValueW
RegOpenKeyW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
RegisterTraceGuidsW
RegCloseKey

kernel32

GetTickCount
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
VirtualAlloc
VirtualProtect
VirtualFree
HeapAlloc
GetModuleHandleW
MultiByteToWideChar
GetModuleFileNameA
GetVersionExA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetProcessHeap
HeapFree
InterlockedDecrement
InterlockedIncrement
GetLastError
UnhandledExceptionFilter
CreateFileA
CloseHandle
GetModuleHandleA
GetSystemTimeAsFileTime
GetProcAddress
CreateFileMappingA
MapViewOfFile
SetLastError
InterlockedExchange
LoadLibraryA
DeviceIoControl
FreeEnvironmentStringsA
FreeEnvironmentStringsW
lstrlenA
lstrlenW
GetEnvironmentStrings
GetEnvironmentStringsW
GetDiskFreeSpaceA
GlobalMemoryStatus
GetLocalTime
GetSystemInfo
WaitForSingleObject
ResumeThread
SetThreadPriority
SetThreadAffinityMask
CreateThread
GetProcessAffinityMask
ReadFile
WriteFile
FreeLibrary
WideCharToMultiByte
CreateFileW
LocalFree
GetFileAttributesW
LoadLibraryW
SetFileAttributesW
FindClose
RemoveDirectoryW
FindNextFileW
DeleteFileW
FindFirstFileW
CreateDirectoryW
GetWindowsDirectoryW
Sleep
InterlockedCompareExchange
GetFileSize
OutputDebugStringA
UnmapViewOfFile
LocalAlloc
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
ExitProcess
GetSystemTime
SetEvent
CreateEventA
TlsSetValue
TlsGetValue
TlsAlloc
TlsFree
GetVersion

mscat32

CryptCATCatalogInfoFromContext
CryptCATAdminEnumCatalogFromHash
CryptCATAdminAcquireContext
CryptCATAdminReleaseContext

msvcrt

_adjust_fdiv
_initterm
free
wcsrchr
_wcsnicmp
wcscmp
_vsnprintf
_except_handler3
wcsncpy
strrchr
memmove
_purecall
??2@YAPAXI@Z
??3@YAXPAX@Z
wcslen
wcsncmp
malloc
_vsnwprintf
wcscpy
_wcsicmp
__CxxFrameHandler

ole32

CoCreateGuid
StringFromCLSID
CoTaskMemFree
CLSIDFromString

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 876B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 2KB - Virtual size: 13B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aadata
Size: 2KB - Virtual size: 484B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.iq
Size: 78KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.o99pa
Size: 2KB - Virtual size: 138B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.o9code
Size: 2KB - Virtual size: 202B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aao
Size: 2KB - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.obb2
Size: 2KB - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.obb3
Size: 2KB - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hoo2
Size: 2KB - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hoo00
Size: 2KB - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.oooa
Size: 80KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hoo4
Size: 2KB - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hoo3
Size: 2KB - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.obb6
Size: 2KB - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.haa
Size: 2KB - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.obb
Size: 78KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.a0a0
Size: 2KB - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.obb4
Size: 2KB - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.obb5
Size: 2KB - Virtual size: 6B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.haah
Size: 78KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.1a1a
Size: 2KB - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.4141
Size: 2KB - Virtual size: 103B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hoo
Size: 2KB - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.sef
Size: 78KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hjgk
Size: 2KB - Virtual size: 11B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hjgk0
Size: 2KB - Virtual size: 11B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 2KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 416B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0e1c16c4e37c604f760c92399c2e92f3

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

mscat32

msvcrt

ole32

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 2KB - Virtual size: 876B

.tls Size: 2KB - Virtual size: 13B

.aadata Size: 2KB - Virtual size: 484B

.iq Size: 78KB - Virtual size: 76KB

.o99pa Size: 2KB - Virtual size: 138B

.o9code Size: 2KB - Virtual size: 202B

.aao Size: 2KB - Virtual size: 188B

.obb2 Size: 2KB - Virtual size: 512B

.obb3 Size: 2KB - Virtual size: 512B

.hoo2 Size: 2KB - Virtual size: 1000B

.hoo00 Size: 2KB - Virtual size: 1000B

.oooa Size: 80KB - Virtual size: 78KB

.hoo4 Size: 2KB - Virtual size: 1000B

.hoo3 Size: 2KB - Virtual size: 1000B

.obb6 Size: 2KB - Virtual size: 200B

.haa Size: 2KB - Virtual size: 100B

.obb Size: 78KB - Virtual size: 76KB

.a0a0 Size: 2KB - Virtual size: 512B

.obb4 Size: 2KB - Virtual size: 256B

.obb5 Size: 2KB - Virtual size: 6B

.haah Size: 78KB - Virtual size: 76KB

.1a1a Size: 2KB - Virtual size: 36B

.4141 Size: 2KB - Virtual size: 103B

.hoo Size: 2KB - Virtual size: 1000B

.sef Size: 78KB - Virtual size: 76KB

.hjgk Size: 2KB - Virtual size: 11B

.hjgk0 Size: 2KB - Virtual size: 11B

.CRT Size: 2KB - Virtual size: 8B

.rsrc Size: 18KB - Virtual size: 16KB

.reloc Size: 2KB - Virtual size: 416B

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 2KB - Virtual size: 876B

.tls
Size: 2KB - Virtual size: 13B

.aadata
Size: 2KB - Virtual size: 484B

.iq
Size: 78KB - Virtual size: 76KB

.o99pa
Size: 2KB - Virtual size: 138B

.o9code
Size: 2KB - Virtual size: 202B

.aao
Size: 2KB - Virtual size: 188B

.obb2
Size: 2KB - Virtual size: 512B

.obb3
Size: 2KB - Virtual size: 512B

.hoo2
Size: 2KB - Virtual size: 1000B

.hoo00
Size: 2KB - Virtual size: 1000B

.oooa
Size: 80KB - Virtual size: 78KB

.hoo4
Size: 2KB - Virtual size: 1000B

.hoo3
Size: 2KB - Virtual size: 1000B

.obb6
Size: 2KB - Virtual size: 200B

.haa
Size: 2KB - Virtual size: 100B

.obb
Size: 78KB - Virtual size: 76KB

.a0a0
Size: 2KB - Virtual size: 512B

.obb4
Size: 2KB - Virtual size: 256B

.obb5
Size: 2KB - Virtual size: 6B

.haah
Size: 78KB - Virtual size: 76KB

.1a1a
Size: 2KB - Virtual size: 36B

.4141
Size: 2KB - Virtual size: 103B

.hoo
Size: 2KB - Virtual size: 1000B

.sef
Size: 78KB - Virtual size: 76KB

.hjgk
Size: 2KB - Virtual size: 11B

.hjgk0
Size: 2KB - Virtual size: 11B

.CRT
Size: 2KB - Virtual size: 8B

.rsrc
Size: 18KB - Virtual size: 16KB

.reloc
Size: 2KB - Virtual size: 416B