0e039a2e973f3871310a311f0ab7e8dd8097786609ab60d706cabe396042e7f6

Sharing

Copy URL Twitter E-mail

General

Target

0e039a2e973f3871310a311f0ab7e8dd8097786609ab60d706cabe396042e7f6
Size

301KB
MD5

6efd69d660fbce3108ba351d38483fe0
SHA1

b429028a55965d382d9106bbb0a587c541126c84
SHA256

0e039a2e973f3871310a311f0ab7e8dd8097786609ab60d706cabe396042e7f6
SHA512

a91b379fd3a55db216f11e5880b3b38d179579bb1d0dddb5cce55914f04c8d3705dcb91fd3575c868f264a04b311864b8d7ac29c28cb79a8d7e8134ab128b015
SSDEEP

6144:okUiQdfTAnNX8+O4qPcrV2oX7IaAXGO0pH:sfTAnlOKRhMvGdH

Score

N/A

Malware Config

Signatures

Files

0e039a2e973f3871310a311f0ab7e8dd8097786609ab60d706cabe396042e7f6
.exe windows x86

fd7510d52f66b05a6b96334e67ea8cd7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
CryptGenRandom
CryptAcquireContextW
CryptReleaseContext
RegQueryValueExW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
GetTokenInformation
RegEnumKeyExW
EventUnregister
EventWrite

kernel32

LocalFree
FormatMessageW
Sleep
HeapFree
HeapReAlloc
HeapAlloc
GetProcessHeap
GetCurrentProcess
lstrlenW
WideCharToMultiByte
GlobalFree
ReadFile
CreateFileW
GetWindowsDirectoryW
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
FreeLibrary
GetProcAddress
LoadLibraryW
InterlockedIncrement
GetFullPathNameW
CreateMutexW
ReleaseMutex
SetEvent
InterlockedDecrement
OutputDebugStringA
SetLastError
FindClose
FindNextFileW
FindFirstFileW
WriteFile
SetEndOfFile
SetFilePointer
GetTempPathW
GetCommandLineW
InterlockedExchange
HeapSize
HeapDestroy
GetVersionExA
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetSystemWindowsDirectoryW
GetModuleFileNameW
GetFileAttributesW
CreateDirectoryW
CreateEventW
CreateThread
CloseHandle
GetLastError
FindResourceExW
InterlockedCompareExchange
SetUnhandledExceptionFilter
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetEnvironmentVariableW
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
DeleteFileW
CompareFileTime
SetFileTime
MoveFileExW
GetSystemTime
GetFileAttributesExW
FindResourceW
LoadResource
LockResource
SizeofResource
MultiByteToWideChar

user32

UnregisterClassA

msvcrt

_cexit
_exit
??1type_info@@UAE@XZ
_vsnprintf
wcsspn
wcsstr
_XcptFilter
wcscspn
__wgetmainargs
_vscprintf
wcsrchr
??2@YAPAXI@Z
_wtoi
memcpy
_resetstkoflw
_ftol2
calloc
vswprintf_s
_vscwprintf
exit
vsprintf_s
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_initterm
_amsg_exit
free
malloc
_wcsicmp
wcstoul
_wcsnicmp
wcschr
memset
memmove_s
_CxxThrowException
memcpy_s
_vsnwprintf
??_V@YAXPAX@Z
__CxxFrameHandler3
??_U@YAPAXI@Z
??3@YAXPAX@Z
_controlfp
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
_except_handler4_common
iswdigit

shell32

SHFileOperationW

ole32

CoInitializeSecurity
CoUninitialize
CoGetMalloc
CoCreateInstance
CoInitializeEx

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

userenv

UnloadUserProfile

spwizui

SPInstallFailed
SPInstallSucceeded

sperror

GetErrorDescription

sqmapi

SqmStartUpload
SqmEndSession
SqmIsWindowsOptedIn
SqmSet
SqmSetMachineId
SqmWriteSharedMachineId
SqmCreateNewId
SqmReadSharedMachineId
SqmSetString
SqmSetAppId
SqmSetEnabled
SqmGetSession
SqmAddToStreamV
SqmWaitForUploadComplete

winbrand

BrandingFormatString

Sections

.text
Size: 244KB - Virtual size: 243KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 52KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

xzeasnd
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fd7510d52f66b05a6b96334e67ea8cd7

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

msvcrt

shell32

ole32

version

userenv

spwizui

sperror

sqmapi

winbrand

Sections

.text Size: 244KB - Virtual size: 243KB

.data Size: 1KB - Virtual size: 3KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 52KB - Virtual size: 53KB

xzeasnd Size: - Virtual size: 4KB

.text
Size: 244KB - Virtual size: 243KB

.data
Size: 1KB - Virtual size: 3KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 52KB - Virtual size: 53KB

xzeasnd
Size: - Virtual size: 4KB