4567c0f85a09a75a48984e782135596a4af97e802ae121ce6ad09148c09e05de

Sharing

Copy URL

Twitter E-mail

General

Target

4567c0f85a09a75a48984e782135596a4af97e802ae121ce6ad09148c09e05de
Size

198KB
MD5

60c82d3cd54c26fa854a0000ab570630
SHA1

b6a0dd79e00493dedb811355c496059842877f64
SHA256

4567c0f85a09a75a48984e782135596a4af97e802ae121ce6ad09148c09e05de
SHA512

db65f9a444f972c8b2297da4c51449665efa15f3b3185d8d97f8611cd3b126482b5e298c34868faa8d1571e584faa6a984722e33509b9ed7132b7f1d7b6ae999
SSDEEP

3072:z/4uZasR9jCsVKULaUVWp1zHjn+py4fKRvdn+DV736ZlKA9:7zRR9jCs0ULaU29qfKRl+ZW9

Score

N/A

Malware Config

Signatures

Files

4567c0f85a09a75a48984e782135596a4af97e802ae121ce6ad09148c09e05de
.exe windows x86

0cc953d47a8dcc7655e182edcc80d049

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

TraceMessage
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
LookupAccountSidW
ConvertSidToStringSidW
RegOpenKeyExW
RegDeleteValueW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCreateKeyExW
GetSecurityInfo
RegDeleteKeyExW
RegSetValueExW
RegEnumKeyW
RegQueryValueExW
RegQueryInfoKeyW
RegEnumKeyExW
GetSecurityDescriptorLength
GetSecurityDescriptorControl
IsValidSecurityDescriptor
MakeSelfRelativeSD
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
AddAce
MapGenericMask
GetAce
InitializeAcl
GetAclInformation
GetSecurityDescriptorDacl
RegCloseKey

kernel32

GetStartupInfoW
Wow64RevertWow64FsRedirection
Wow64DisableWow64FsRedirection
GetCommandLineW
IsWow64Process
lstrcmpW
WideCharToMultiByte
CreateProcessW
ExpandEnvironmentStringsW
LoadLibraryW
GetProcAddress
FreeLibrary
DeleteCriticalSection
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
OutputDebugStringA
InterlockedCompareExchange
Sleep
InterlockedExchange
WaitForSingleObject
GetFullPathNameW
SetThreadLocale
LocaleNameToLCID
GetThreadLocale
CreateFileW
GetFileSize
ReadFile
GetModuleHandleW
GetFileType
GetConsoleMode
WriteConsoleW
WriteFile
FileTimeToSystemTime
HeapSetInformation
SetThreadUILanguage
FormatMessageW
LocalFree
GetCurrentProcess
CloseHandle
GetLastError
GetStdHandle
lstrcmpiW
MultiByteToWideChar
InterlockedDecrement
InterlockedIncrement
CompareStringW
HeapAlloc
GetProcessHeap
HeapFree
SystemTimeToTzSpecificLocalTime
InitializeCriticalSectionAndSpinCount

msvcrt

_wtoi
_itow_s
towupper
??0exception@@QAE@ABV0@@Z
_vsnwprintf
__CxxFrameHandler3
??0exception@@QAE@XZ
_wcsnicmp
memcpy
setlocale
wcschr
_wcsicmp
memcpy_s
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABQBD@Z
_CxxThrowException
memmove_s
_onexit
_purecall
_lock
__dllonexit
_unlock
_controlfp
_except_handler4_common
?terminate@@YAXXZ
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
fflush
fgetwc
wprintf
swscanf
_iob
memset

oleaut32

SysStringLen
VariantInit
VariantClear
SysAllocString
SysAllocStringLen
SysFreeString

ole32

CoCreateInstance
CoInitialize
CoUninitialize

rpcrt4

RpcStringFreeW
UuidToStringW
UuidFromStringW
UuidCreate

credui

CredUICmdLinePromptForCredentialsW

wevtapi

EvtCreateRenderContext
EvtNext
EvtUpdateBookmark
EvtArchiveExportedLog
EvtExportLog
EvtClearLog
EvtOpenLog
EvtOpenPublisherMetadata
EvtOpenEventMetadataEnum
EvtNextEventMetadata
EvtGetObjectArraySize
EvtOpenPublisherEnum
EvtNextPublisherId
EvtSeek
EvtSetChannelConfigProperty
EvtOpenChannelConfig
EvtOpenChannelEnum
EvtGetExtendedStatus
EvtRender
EvtGetLogInfo
EvtGetObjectArrayProperty
EvtGetChannelConfigProperty
EvtGetEventMetadataProperty
EvtGetPublisherMetadataProperty
EvtNextChannelPath
EvtOpenSession
EvtClose
EvtCreateBookmark
EvtQuery
EvtSaveChannelConfig
EvtFormatMessage

ntdll

EtwTraceMessage
RtlGetVersion

Sections

.text
Size: 158KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0cc953d47a8dcc7655e182edcc80d049

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

oleaut32

ole32

rpcrt4

credui

wevtapi

ntdll

Sections

.text Size: 158KB - Virtual size: 158KB

.data Size: 2KB - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 34KB - Virtual size: 35KB

.text
Size: 158KB - Virtual size: 158KB

.data
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 34KB - Virtual size: 35KB