f3cdccaa6119b95f02518724fa4e49be9d4d7a123a597b2f3b1ddb408605345a

Sharing

Copy URL Twitter E-mail

General

Target

f3cdccaa6119b95f02518724fa4e49be9d4d7a123a597b2f3b1ddb408605345a
Size

313KB
MD5

50efb3ea9000c3cbc2a0ffe633b26961
SHA1

129a08b043f73290bfde6812f06b564b2437f301
SHA256

f3cdccaa6119b95f02518724fa4e49be9d4d7a123a597b2f3b1ddb408605345a
SHA512

82eeae162e2bef5292460a4df0a500d748f3b8ed2a26d263140fe13fcb2754acb3abe1abc3d026b63d618e70d8c5f7db3be5c2542590d8279fa867baaa944fec
SSDEEP

6144:LHSNmst0N44RvDNMA5zHz7cJZIoT+n/IiLByJxbDMC+euJr2dogmMNX:GNltYLpz5zHz+ZIoqn/IiLByxbDMC+eT

Score

N/A

Malware Config

Signatures

Files

f3cdccaa6119b95f02518724fa4e49be9d4d7a123a597b2f3b1ddb408605345a
.exe windows x86

d254b62f670827c90376fa30e7f7f8ef

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

TraceEvent
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
FreeSid
CreateProcessAsUserW
CreateRestrictedToken
LogonUserW
GetUserNameW
OpenProcessToken
RegCloseKey
ReadEventLogW
RegQueryValueExW
RegOpenKeyExW
CloseEventLog
GetNumberOfEventLogRecords
GetOldestEventLogRecord
OpenEventLogW
CloseServiceHandle
QueryServiceStatusEx
OpenServiceW
OpenSCManagerW
RegEnumValueW
RegEnumKeyExW
CheckTokenMembership
IsValidSid
AllocateAndInitializeSid

kernel32

CreateEventW
UnhandledExceptionFilter
GetSystemTimeAsFileTime
Sleep
ExpandEnvironmentStringsW
LoadLibraryExW
FileTimeToLocalFileTime
FileTimeToSystemTime
DeleteFileW
SetFileAttributesW
HeapFree
HeapAlloc
GetFileInformationByHandle
FileTimeToDosDateTime
MultiByteToWideChar
WideCharToMultiByte
GetSystemPowerStatus
GetFileAttributesW
CreateTimerQueueTimer
SetFilePointerEx
WriteFile
GetModuleHandleW
GetSystemDirectoryW
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
InterlockedCompareExchange
InterlockedExchange
FindFirstFileW
FindNextFileW
FindClose
CopyFileW
CreateDirectoryW
CreateFileW
TerminateProcess
DeleteTimerQueueTimer
GetSystemTime
GetCurrentProcess
WaitForSingleObject
GetExitCodeProcess
SetEvent
InterlockedIncrement
GetCommandLineW
GetTickCount
GetLocalTime
GetDateFormatW
GetTimeFormatW
SetLastError
GetLastError
CloseHandle
SetErrorMode
FormatMessageW
InterlockedDecrement
LoadLibraryW
GetProcAddress
FreeLibrary
LocalAlloc
LocalFree

msvcrt

??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
malloc
free
??0exception@@QAE@XZ
swscanf
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABQBD@Z
fclose
iswspace
feof
fgetws
__RTDynamicCast
towlower
__dllonexit
_errno
_wfopen
?terminate@@YAXXZ
_vsnprintf
__doserrno
_wopen
_read
_write
_close
_lseek
_wremove
_wtempnam
memcpy
_lock
_onexit
wprintf
__CxxFrameHandler3
memcpy_s
_CxxThrowException
memmove_s
_purecall
_getch
iswprint
swscanf_s
wcstoul
vwprintf
wcschr
wcsstr
memset
_vsnwprintf
_except_handler4_common
_controlfp
wcsrchr
_unlock
printf
_wcsicmp
memmove

ole32

CoInitializeEx
StringFromGUID2
CoUninitialize
CoCreateInstance

oleaut32

SysAllocString
SysFreeString

rpcrt4

UuidFromStringW

userenv

LoadUserProfileW
CreateEnvironmentBlock
DestroyEnvironmentBlock
UnloadUserProfile

mpclient

MpUtilsExportFunctions
MpConfigDelValue
MpConfigIteratorOpen
MpConfigIteratorEnum
MpConfigIteratorClose
MpConfigGetValueAlloc
MpUpdateStart
MpManagerVersionQuery
MpManagerOpen
MpScanStart
MpCleanOpen
MpCleanStart
MpConfigOpen
MpConfigClose
MpScanResult
MpConfigGetValue
MpHandleClose
MpConfigUninitialize
MpConfigInitialize
MpFreeMemory
MpClientUtilExportFunctions

cabinet

ord11
ord14
ord13
ord10

Sections

.text
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vmp0
Size: 160KB - Virtual size: 420KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d254b62f670827c90376fa30e7f7f8ef

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

ole32

oleaut32

rpcrt4

userenv

mpclient

cabinet

Sections

.text Size: 136KB - Virtual size: 135KB

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 12KB - Virtual size: 12KB

.vmp0 Size: 160KB - Virtual size: 420KB

.text
Size: 136KB - Virtual size: 135KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 12KB - Virtual size: 12KB

.vmp0
Size: 160KB - Virtual size: 420KB