c1c872a51c0af2b7ebe1e75a439cff063aca108ff69d52afe5d835732cb8b66c

Sharing

Copy URL Twitter E-mail

General

Target

c1c872a51c0af2b7ebe1e75a439cff063aca108ff69d52afe5d835732cb8b66c
Size

74KB
MD5

77c0c6403ed2eb2cf57402359d69a010
SHA1

905865bc8827182f5ba145e46ad46ba05224d202
SHA256

c1c872a51c0af2b7ebe1e75a439cff063aca108ff69d52afe5d835732cb8b66c
SHA512

d964ad5e057b16af58f50dd4106b6f5aba5dee21137164b71a9f89afea8c4a2aa368fca8a4b736c90c46ec27c8dc5e5b2438df37f742987e7a157b24279b15c5
SSDEEP

768:+xS7dz0KhpU7uavkSlDSKXURpgLcaQnd2wcbslfwHlJ+vz2KOKWKuHfgpeZM1q2P:OWwY5I+2HqfKqbmZHfzG1qFta4KJAxN

Score

N/A

Malware Config

Signatures

Files

c1c872a51c0af2b7ebe1e75a439cff063aca108ff69d52afe5d835732cb8b66c
.exe windows x86

29c62348034d79c9b244252c6f2cfdb5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegEnumValueW
RegQueryInfoKeyW
RegCloseKey
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegCreateKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegSaveKeyW
GetTokenInformation
I_QueryTagInformation

kernel32

LocalAlloc
GetTimeFormatW
GetDateFormatW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetSystemTimeAsFileTime
GetLastError
CompareStringOrdinal
GetModuleHandleW
FormatMessageW
lstrcmpiW
CloseHandle
GetCurrentProcess
DeleteFileW
FreeLibrary
LoadLibraryExW
lstrlenW
HeapSetInformation
GetFullPathNameW
GetTempPathW
SetConsoleCtrlHandler
GetProcAddress
LoadLibraryW
FindClose
FindNextFileW
FindFirstFileW
CopyFileW
LocalFree
RaiseException
LoadLibraryA
WriteConsoleW
ExitProcess
GetConsoleOutputCP
HeapReAlloc
HeapFree
HeapSize
HeapAlloc
GetProcessHeap
HeapValidate
WideCharToMultiByte
GetFileType
GetStdHandle
GetConsoleMode
SetThreadUILanguage
SetLastError
UnhandledExceptionFilter
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
InterlockedCompareExchange
Sleep
InterlockedExchange
GetLocalTime

msvcrt

fprintf
fflush
_controlfp
_except_handler4_common
?terminate@@YAXXZ
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_wcstoui64
_itow_s
_ui64tow_s
_wcsnicmp
_purecall
_CxxThrowException
_wtoi
memcpy
wcstoul
swprintf_s
wcscpy_s
wcscat_s
__CxxFrameHandler3
??2@YAPAXI@Z
??3@YAXPAX@Z
_wcsicmp
printf
memset
_vsnwprintf
__iob_func
wprintf
_memicmp
_get_osfhandle
_errno
_fileno

ntdll

RtlLoadString
RtlNtStatusToDosError
NtPowerInformation

user32

GetSystemMetrics
LoadStringW
SystemParametersInfoW

ws2_32

WSACleanup

shlwapi

PathIsDirectoryW
PathAppendW
SHDeleteKeyW
SHCopyKeyW

shell32

SHGetFolderPathAndSubDirW

rpcrt4

UuidFromStringW
UuidToStringW
RpcStringFreeW
UuidEqual

powrprof

PowerWriteSettingAttributes
PowerWritePossibleValue
PowerReadSecurityDescriptor
PowerWriteDescription
PowerRemovePowerSetting
PowerWriteSecurityDescriptor
PowerReadPossibleValue
PowerRestoreIndividualDefaultPowerScheme
PowerRestoreDefaultPowerSchemes
GetActivePwrScheme
ReadPwrScheme
PowerPolicyToGUIDFormat
PowerWriteFriendlyName
PowerWriteACDefaultIndex
PowerWriteDCDefaultIndex
PowerWriteValueIncrement
PowerWriteValueMax
PowerWriteValueMin
PowerDuplicateScheme
PowerReadSettingAttributes
PowerEnumerate
PowerReadValueMin
PowerReadValueMax
PowerReadValueIncrement
PowerReadValueUnitsSpecifier
PowerApplyPowerRequestOverride
GetPwrCapabilities
WriteGlobalPwrPolicy
WritePwrScheme
CallNtPowerInformation
EnumPwrSchemes
PowerGetActiveScheme
ReadGlobalPwrPolicy
DevicePowerEnumDevices
DevicePowerClose
DevicePowerOpen
DevicePowerSetDeviceState
PowerImportPowerScheme
PowerOpenUserPowerKey
PowerReadDCValueIndex
PowerReadACValueIndex
PowerSetActiveScheme
PowerWriteDCValueIndex
PowerWriteACValueIndex
PowerReplaceDefaultPowerSchemes
PowerReadFriendlyName
PowerReadPossibleFriendlyName
PowerDeleteScheme

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

29c62348034d79c9b244252c6f2cfdb5

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

ntdll

user32

ws2_32

shlwapi

shell32

rpcrt4

powrprof

Sections

.text Size: 50KB - Virtual size: 50KB

.data Size: 512B - Virtual size: 3KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 20KB - Virtual size: 23KB

.text
Size: 50KB - Virtual size: 50KB

.data
Size: 512B - Virtual size: 3KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 20KB - Virtual size: 23KB