77e9a3cad9614c42a4f23b1ab67e0eaf0c19d6180d5ca4ed5bde13dcc8239c84

Sharing

Copy URL

Twitter E-mail

General

Target

77e9a3cad9614c42a4f23b1ab67e0eaf0c19d6180d5ca4ed5bde13dcc8239c84
Size

247KB
MD5

4b904423f2f7b54585cbe734f9fcb9f9
SHA1

2147131b52b08c38ae9ab6d0f233de0e3c9887b5
SHA256

77e9a3cad9614c42a4f23b1ab67e0eaf0c19d6180d5ca4ed5bde13dcc8239c84
SHA512

abe507d34c0afcb561a9dca33663d2f976f0ac1b735f9bb90f6aa6510b35f9ade8b1e443379ec0ae68e658dce27a2277c5c5dd7afe5dcc05ce45a9e647d28ab0
SSDEEP

6144:KaH7iaH7TaH7BaH7QaH7GaH7UjaomLPwuP:JbBbebobbb9b23mZ

Score

N/A

Malware Config

Signatures

Files

77e9a3cad9614c42a4f23b1ab67e0eaf0c19d6180d5ca4ed5bde13dcc8239c84
.exe windows x86

ed4425cf217058da6bdf611263e571dd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset
_vsnwprintf
wcschr
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_initterm
_amsg_exit
wcsrchr
toupper
memmove
memcpy
_wcsicmp
_vsnprintf
_resetstkoflw
swscanf
_controlfp
?terminate@@YAXXZ
_except_handler4_common
__set_app_type
__p__fmode
__p__commode
__setusermatherr

ntdll

EtwEventRegister
EtwEventUnregister
EtwTraceMessage
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwRegisterTraceGuidsW
EtwUnregisterTraceGuids
RtlNtStatusToDosError
NtSetInformationFile
NtQueryInformationFile
DbgPrintEx
NtQueryInformationProcess
EtwEventWrite
WinSqmSetDWORD
WinSqmSetString
WinSqmEndSession
WinSqmStartSession
RtlUpcaseUnicodeString
RtlInitUnicodeStringEx
NtQuerySystemInformation

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetLastError
SetErrorMode
SetUnhandledExceptionFilter

api-ms-win-core-file-l1-1-0

FileTimeToSystemTime
WriteFile
CreateFileW

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-interlocked-l1-1-0

InterlockedCompareExchange
InterlockedExchange

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-libraryloader-l1-1-0

FreeLibrary
GetProcAddress
GetModuleHandleW
LoadLibraryExA
GetModuleHandleA

api-ms-win-core-localregistry-l1-1-0

RegCloseKey
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW

api-ms-win-core-memory-l1-1-0

MapViewOfFile
UnmapViewOfFile

api-ms-win-core-misc-l1-1-0

lstrcmpiW
lstrlenW
LocalAlloc
LocalFree
Sleep

api-ms-win-core-processthreads-l1-1-0

ExitProcess
OpenProcessToken
SetThreadToken
OpenThreadToken
GetCurrentProcess
ExitThread
GetCurrentThreadId
CreateThread
TerminateProcess
GetExitCodeThread
GetCurrentProcessId

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-synch-l1-1-0

SetEvent
OpenEventW
WaitForMultipleObjectsEx
CreateEventW
OpenProcess
ReleaseMutex
WaitForSingleObjectEx
CreateMutexW

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-security-base-l1-1-0

CheckTokenMembership
DuplicateTokenEx
GetTokenInformation
FreeSid
IsValidSid
AllocateAndInitializeSid
InitializeAcl
AdjustTokenPrivileges
GetKernelObjectSecurity
CopySid
GetLengthSid
EqualSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAceEx

setupapi

SetupDiSetDevicePropertyW
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW
pSetupDiGetStrongNameForDriverNode
SetupDiGetDriverInfoDetailW
SetupDiGetSelectedDriverW
CM_Get_DevNode_Status
SetupDiCallClassInstaller
SetupDiSetDriverInstallParamsW
SetupDiGetDriverInstallParamsW
SetupDiEnumDriverInfoW
SetupDiGetClassPropertyW
SetupDefaultQueueCallbackW
SetupOpenInfFileW
SetupDiGetINFClassW
SetupFindNextMatchLineW
SetupDiDestroyDriverInfoList
SetupDiGetDeviceInstanceIdW
SetupDiSetSelectedDriverW
SetupDiSetDeviceInstallParamsW
SetupDiGetDeviceInstallParamsW
pGetDriverPackageHash
SetupGetInfDriverStoreLocationW
SetupDiInstallClassW
SetupDiSetClassPropertyW
pSetupStringFromGuid
SetupDiReportAdditionalSoftwareRequested
SetupDiReportGenericDriverInstalled
SetupDiReportPnPDeviceProblem
pSetupDiCrimsonLogDeviceInstall
SetupCloseFileQueue
SetupUninstallNewlyCopiedInfs
SetupTermDefaultQueueCallback
SetupGetFileQueueFlags
SetupPromptReboot
SetupCommitFileQueueW
SetupInitDefaultQueueCallbackEx
SetupScanFileQueueW
SetupSetFileQueueFlags
SetupOpenFileQueue
CM_Set_DevNode_Problem
SetupDiReportDriverNotFoundError
SetupDiOpenDevRegKey
SetupDiBuildDriverInfoList
SetupCopyOEMInfW
SetupInstallLogCloseEventGroup
pSetupSetGlobalFlags
pSetupGetGlobalFlags
SetupInstallLogCreateEventGroup
SetupDiGetClassInstallParamsW
SetupDiSetClassInstallParamsW
SetupVerifyInfFileW
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiGetClassDevsExW
CM_Setup_DevNode
SetupDiRemoveDevice
SetupFindFirstLineW
SetupGetStringFieldW
SetupDiGetActualModelsSectionW
SetupGetFieldCount
SetupFindNextLine
SetupCloseInfFile
pSetupSetDriverPackageRestorePoint
pSetupValidateDriverPackage
SetupGetNonInteractiveMode
SetupSetThreadLogToken
SetupDiCreateDeviceInfoList
SetupDiOpenDeviceInfoW
pSetupDiBuildInfoDataFromStrongName
SetupDiReportDeviceInstallError
SetupDiGetDevicePropertyW
SetupDiDestroyDeviceInfoList
SetupGetThreadLogToken
SetupWriteTextLog
pSetupDoLastKnownGoodBackup

kernel32

CompareStringW
GetThreadLocale
HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap
RegEnumValueW
FlushFileBuffers
SetFilePointer
GetVersionExW
GetLocalTime
GetFileSize
DeleteFileW
GetFileInformationByHandle
CreateHardLinkW
FindClose
FindNextFileW
SetFileAttributesW
lstrcmpW
FindFirstFileW
MoveFileExW
GetCommandLineA
CreateFileMappingW
SetEndOfFile
CreateDirectoryW
GetFileAttributesW
GetFullPathNameW
LoadLibraryExW
GetCurrentThread
GetModuleFileNameA
GetSystemWindowsDirectoryW
RaiseException
FileTimeToLocalFileTime
lstrlenA
WideCharToMultiByte
DelayLoadFailureHook
GetSystemWow64DirectoryW
LoadLibraryW
GetCommandLineW
LCMapStringW

Sections

.text
Size: 237KB - Virtual size: 237KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ucbtmof
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ed4425cf217058da6bdf611263e571dd

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ntdll

api-ms-win-core-debug-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-libraryloader-l1-1-0

api-ms-win-core-localregistry-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-misc-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-security-base-l1-1-0

setupapi

kernel32

Sections

.text Size: 237KB - Virtual size: 237KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 6KB - Virtual size: 34KB

ucbtmof Size: - Virtual size: 4KB

.text
Size: 237KB - Virtual size: 237KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 34KB

ucbtmof
Size: - Virtual size: 4KB