e40dbfa3c887378b2185358a4451ab0d02abbf48c1241b7ea6f976dd5d44647c

Sharing

Copy URL Twitter E-mail

General

Target

e40dbfa3c887378b2185358a4451ab0d02abbf48c1241b7ea6f976dd5d44647c
Size

362KB
MD5

6d61971759573b0f5618460801fb22b0
SHA1

3dddb47e1a1f389864bffe0218c48bb683506b0d
SHA256

e40dbfa3c887378b2185358a4451ab0d02abbf48c1241b7ea6f976dd5d44647c
SHA512

08deda2c033aead4eda79ea5e3e36f08944ee9ad0eec569e82b385c3c2a773341399ac9a74a82bb63a249357345d9e2f23a0a9e32817b3ab4cc8a2f15cd3945b
SSDEEP

3072:/0JdOUZV6E47Dh1+u2tTnaucs85Gq6KN5VzRa2oGSbbUae6pEnJrwru+ix:KdO4V6E4+u21nBO5VzRa2EFeEEnNw

Score

N/A

Malware Config

Signatures

Files

e40dbfa3c887378b2185358a4451ab0d02abbf48c1241b7ea6f976dd5d44647c
.exe windows x86

f617cbd35165add2e47ad0eba6ebf6c9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

QueryServiceStatus
OpenThreadToken
OpenServiceW
OpenSCManagerW
LookupPrivilegeValueW
GetTokenInformation
DeleteService
CreateServiceW
SetServiceStatus
SetSecurityDescriptorDacl
SetEntriesInAclW
RegisterServiceCtrlHandlerW
RegSetValueExW
RegEnumKeyW
InitializeSecurityDescriptor
StartServiceCtrlDispatcherW
OpenProcessToken
FreeSid
AllocateAndInitializeSid
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

pdh

PdhBrowseCountersHW
PdhBrowseCountersW
PdhCalculateCounterFromRawValue
PdhCloseLog
PdhCloseQuery
PdhCollectQueryDataEx
PdhComputeCounterStatistics
PdhConnectMachineW
PdhCreateSQLTablesW
PdhEnumMachinesHW
PdhEnumMachinesW
PdhEnumObjectItemsHW
PdhEnumObjectItemsW
PdhEnumObjectsHW
PdhEnumObjectsW
PdhExpandCounterPathW
PdhExpandWildCardPathHW
PdhExpandWildCardPathW
PdhFormatFromRawValue
PdhGetCounterInfoW
PdhGetCounterTimeBase
PdhGetDataSourceTimeRangeH
PdhGetDataSourceTimeRangeW
PdhGetDefaultPerfCounterHW
PdhGetFormattedCounterArrayW
PdhGetFormattedCounterValue
PdhGetLogFileSize
PdhGetLogSetGUID
PdhGetRawCounterArrayW
PdhGetRawCounterValue
PdhLookupPerfIndexByNameW
PdhLookupPerfNameByIndexW
PdhMakeCounterPathW
PdhOpenLogW
PdhOpenQueryW
PdhOpenQueryH
PdhParseCounterPathW
PdhParseInstanceNameW
PdhReadRawLogRecord
PdhRemoveCounter
PdhSelectDataSourceW
PdhSetCounterScaleFactor
PdhSetDefaultRealTimeDataSource
PdhSetLogSetRunID
PdhSetQueryTimeRange
PdhUpdateLogFileCatalog
PdhUpdateLogW
PdhEnumLogSetNamesW

psapi

InitializeProcessForWsWatch
GetModuleInformation
GetModuleFileNameExW
GetModuleBaseNameW
GetMappedFileNameW
GetDeviceDriverFileNameW
GetDeviceDriverBaseNameW
EnumProcesses
EnumPageFilesW
EnumDeviceDrivers
EmptyWorkingSet
GetWsChanges

winscard

SCardRemoveReaderFromGroupW
SCardReleaseStartedEvent
SCardStatusW
SCardTransmit
SCardLocateCardsByATRW
SCardLocateCardsA
SCardListReadersW
SCardListReaderGroupsW
SCardIsValidContext
SCardIntroduceReaderGroupW
SCardGetStatusChangeW
SCardForgetReaderGroupW
SCardControl
SCardConnectW
SCardCancel
SCardState
SCardGetAttrib

kernel32

CreateFileW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
SetStdHandle
SetFilePointer
WriteConsoleW
CloseHandle
GetStringTypeW
MultiByteToWideChar
LCMapStringW
FlushFileBuffers
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
HeapReAlloc
GetLocaleInfoW
InterlockedExchange
FreeLibrary
SetConsoleCtrlHandler
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapSize
FatalAppExitA
HeapFree
Sleep
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
HeapDestroy
HeapCreate
GetCurrentThread
InterlockedDecrement
GetLastError
GetCurrentThreadId
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameW
WriteFile
ExitProcess
GetModuleHandleW
GetProcAddress
RtlUnwind
RaiseException
HeapAlloc
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetFileType
InitializeCriticalSectionAndSpinCount
GetStdHandle
SetHandleCount
GetCurrentProcess
TerminateProcess
DecodePointer
EncodePointer
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
HeapSetInformation
GetCommandLineW
GetSystemInfo
VirtualProtect
IsProcessorFeaturePresent
TlsAlloc
TlsGetValue
FindFirstFileW
FindNextFileW
FindClose
LoadLibraryW
WaitForSingleObject
IsBadReadPtr
GlobalFree
GlobalAlloc
QueryPerformanceFrequency
GlobalLock
MoveFileExW
GetCurrentProcessId
GetFileTime
FindCloseChangeNotification
FindNextChangeNotification
FindFirstChangeNotificationW
DeviceIoControl

Sections

.text
Size: 139KB - Virtual size: 139KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 169KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f617cbd35165add2e47ad0eba6ebf6c9

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

pdh

psapi

winscard

kernel32

Sections

.text Size: 139KB - Virtual size: 139KB

.rdata Size: 25KB - Virtual size: 24KB

.data Size: 11KB - Virtual size: 169KB

.text
Size: 139KB - Virtual size: 139KB

.rdata
Size: 25KB - Virtual size: 24KB

.data
Size: 11KB - Virtual size: 169KB