504d627b1a970bebfe9509f5986dbeaac9c21a10f4aa3e7d162c39981c2c9e05

Sharing

Copy URL Twitter E-mail

General

Target

504d627b1a970bebfe9509f5986dbeaac9c21a10f4aa3e7d162c39981c2c9e05
Size

384KB
MD5

7c6287331927e5a3cf9c3ba1542e6510
SHA1

5dd545e7bc25e4e21d2494fbdd9b2eea561e430a
SHA256

504d627b1a970bebfe9509f5986dbeaac9c21a10f4aa3e7d162c39981c2c9e05
SHA512

6c01951afe162458a26f55b76c17b366b089f1c1410d212ed583a92f66361dbd7f59c56a82dae044c4268e492cfc0c64ed52661195aeb6652c6288751b814bec
SSDEEP

6144:mS5uX8+DTfIzDjO8IjfG+wqtNuUsuCiRQsFihhdxquxW:mS5t+DTfIzDjO8YfG+wqtNuUhTR5ChfQ

Score

N/A

Malware Config

Signatures

Files

504d627b1a970bebfe9509f5986dbeaac9c21a10f4aa3e7d162c39981c2c9e05
.exe windows x86

efc5f808f0c9a8bcca280816c5cc401e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

TraceMessage
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
EventRegister
EventWrite
EventUnregister
ConvertStringSidToSidW
RegSetValueExW
RevertToSelf
EventActivityIdControl

kernel32

CloseHandle
GetLastError
TlsFree
TlsAlloc
TlsSetValue
TlsGetValue
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
HeapSetInformation
GetSystemDirectoryW
EnterCriticalSection
LeaveCriticalSection
CreateFileW
WaitNamedPipeW
SetNamedPipeHandleState
GetCurrentProcessId
WriteFile
TransactNamedPipe
SetEvent
CreateEventW
LocalFree
InterlockedIncrement
InterlockedDecrement
WaitForSingleObject
ExpandEnvironmentStringsW
InterlockedCompareExchange
VerifyVersionInfoW
VerSetConditionMask
InitializeCriticalSection
InterlockedExchange
BindIoCompletionCallback
DeviceIoControl
GetOverlappedResult
SetEnvironmentVariableW
FreeLibrary
LoadLibraryExW
GetProcAddress
GetProcessHeap
HeapFree
HeapAlloc
GetCurrentThread
Sleep
ReadFile
FlushFileBuffers
SetThreadpoolThreadMinimum
SetThreadpoolThreadMaximum
CloseThreadpool
CreateThreadpool
CreateThreadpoolWait
SetThreadpoolWait
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait
WaitForMultipleObjects
CreateThread
RaiseException
LocalAlloc
LoadLibraryExA
RtlCaptureContext
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter

user32

GetSystemMetrics

msvcrt

_onexit
?terminate@@YAXXZ
_controlfp
_except_handler4_common
__dllonexit
memcmp
_unlock
_lock
wcsncmp
_initterm
__setusermatherr
memset
wcscpy_s
_vsnwprintf
_purecall
__p__fmode
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
memcpy
__p__commode
_XcptFilter
_wcsnicmp
_vsnprintf
_wcsicmp

ntdll

DbgPrintEx
NtQueryInformationFile
RtlNtStatusToDosError
NtSetInformationFile

rpcrt4

UuidFromStringW

ole32

CoUninitialize
CLSIDFromString
CoInitializeEx

wudfplatform

ShutdownPlatformLibrary
GetAndInitializePlatformObject
WudfWaitForDebugger
WudfIsKernelDebuggerPresent
WudfIsUserDebuggerPresent
InitializePlatformLibrary
WdfGetLpcInterface
WudfDebugBreakPoint

Exports

Exports

Microsoft_WDF_UMDF_Version

Sections

.text
Size: 175KB - Virtual size: 174KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vmp0
Size: 192KB - Virtual size: 1.3MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

efc5f808f0c9a8bcca280816c5cc401e

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

msvcrt

ntdll

rpcrt4

ole32

wudfplatform

Exports

Exports

Sections

.text Size: 175KB - Virtual size: 174KB

.data Size: 512B - Virtual size: 2KB

.idata Size: 4KB - Virtual size: 3KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 8KB - Virtual size: 8KB

.vmp0 Size: 192KB - Virtual size: 1.3MB

.text
Size: 175KB - Virtual size: 174KB

.data
Size: 512B - Virtual size: 2KB

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 8KB - Virtual size: 8KB

.vmp0
Size: 192KB - Virtual size: 1.3MB