043d56c1f198598808774024473dcb4bb6ac646e546266394d9504beb32252d8

Sharing

Copy URL Twitter E-mail

General

Target

043d56c1f198598808774024473dcb4bb6ac646e546266394d9504beb32252d8
Size

477KB
MD5

6031bd54d0c9fa53951603ed801b8560
SHA1

5b432e0eb412b0044688bfa73034791cea11e272
SHA256

043d56c1f198598808774024473dcb4bb6ac646e546266394d9504beb32252d8
SHA512

c902b6d02bc45e9470101b7d38887ba6c9b8e804647fc9fdae098ca0be98fd1fe9a0a0454434eaffc279b4ef2bcdb076e82f3801b402390d27473347179c4556
SSDEEP

6144:d1vxth3LAKZshsqe1yctsPo2jzkMQWlQVQ92q76mcfwutBNMEyq:/T5DyERIzktWlQVOR6mcfwuHqE

Score

N/A

Malware Config

Signatures

Files

043d56c1f198598808774024473dcb4bb6ac646e546266394d9504beb32252d8
.exe windows x86

9dabd690ce53d02c127be90f0e48ef62

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
WriteFile
CopyFileW
CreateEventA
GetFileAttributesW
ReadFile
CreateFileW
GetTempPathW
GetLastError
SetLastError
FindClose
OpenMutexA
LocalAlloc
RemoveDirectoryW
CreateMutexA
FindNextFileW
ReleaseMutex
CloseHandle
GetWindowsDirectoryW
DeleteFileW
LocalFree
GetSystemTime
lstrcpyW
ExpandEnvironmentStringsW
CreateProcessW
GetPrivateProfileStringW
GetPrivateProfileIntW
SystemTimeToTzSpecificLocalTime
WaitForSingleObject
TerminateProcess
FileTimeToSystemTime
GetShortPathNameA
GetCurrentDirectoryW
GetLongPathNameA
MoveFileW
ExpandEnvironmentStringsA
FreeLibrary
GetExitCodeProcess
ExitProcess
GetCommandLineW
CreateMutexW
MapViewOfFile
UnmapViewOfFile
SetErrorMode
WideCharToMultiByte
lstrcmpW
MultiByteToWideChar
lstrlenW
FlushFileBuffers
OpenMutexW
DisableThreadLibraryCalls
GlobalFree
lstrcmpiW
lstrcatW
GetCurrentThreadId
SetStdHandle
SetFilePointerEx
GetConsoleMode
GetConsoleCP
GetStringTypeW
LCMapStringW
LoadLibraryW
OutputDebugStringW
GetSystemTimeAsFileTime
GetProcessHeap
GetModuleHandleW
SetEvent
GetEnvironmentVariableW
CreateDirectoryW
HeapFree
GetCurrentProcess
MoveFileExW
SystemTimeToFileTime
InterlockedIncrement
HeapAlloc
SetEndOfFile
SetFilePointer
FindFirstFileW
GetFileSize
HeapReAlloc
GetCurrentProcessId
LoadLibraryExW
LeaveCriticalSection
EnterCriticalSection
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetModuleFileNameA
DeleteCriticalSection
InterlockedDecrement
InterlockedCompareExchange
Sleep
GetModuleHandleA
VirtualProtect
LoadLibraryA
GetModuleHandleExW
GetTickCount
GetTempPathA
IsDebuggerPresent
IsProcessorFeaturePresent
GetCommandLineA
RaiseException
RtlUnwind
GetProcAddress
HeapSize
GetStdHandle
GetModuleFileNameW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetFileType
WriteConsoleW

user32

PostMessageW
MessageBoxW
GetDesktopWindow
EnumWindows
ExitWindowsEx
GetWindowThreadProcessId
GetParent

ole32

CLSIDFromString
StringFromGUID2
CoInitializeEx
CoCreateInstance
CoTaskMemFree

advapi32

RegDeleteValueW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetNamedSecurityInfoW
AdjustTokenPrivileges
RegEnumValueW
LookupPrivilegeValueW
RegSetValueExW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
LookupAccountNameW
RegDeleteKeyW
RegQueryValueExW
RegCreateKeyExW

shell32

CommandLineToArgvW
ShellExecuteExW

oleaut32

SysAllocString
SysFreeString

netapi32

NetUserEnum
NetApiBufferFree

shlwapi

PathRemoveFileSpecW

Sections

.text
Size: 279KB - Virtual size: 279KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 26KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.jrdata
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9dabd690ce53d02c127be90f0e48ef62

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

advapi32

shell32

oleaut32

netapi32

shlwapi

Sections

.text Size: 279KB - Virtual size: 279KB

.rdata Size: 71KB - Virtual size: 70KB

.data Size: 26KB - Virtual size: 46KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 29KB - Virtual size: 29KB

.jrdata Size: 60KB - Virtual size: 60KB

.text
Size: 279KB - Virtual size: 279KB

.rdata
Size: 71KB - Virtual size: 70KB

.data
Size: 26KB - Virtual size: 46KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 29KB - Virtual size: 29KB

.jrdata
Size: 60KB - Virtual size: 60KB