0f974a43884a320df3536871d7119e20eea12146235434d60f07835a209948f5

Sharing

Copy URL

Twitter E-mail

General

Target

0f974a43884a320df3536871d7119e20eea12146235434d60f07835a209948f5
Size

332KB
MD5

669fbe2e31be01b2f411e94c6e4ffc80
SHA1

ff043ed058fad1203ffdea7a438836fbae263916
SHA256

0f974a43884a320df3536871d7119e20eea12146235434d60f07835a209948f5
SHA512

711727e5a6579ad73904dadedd53241d17215a6855de07a2549aafdfb0526cbaffaba2443e891bb1078502257d5a564ed5181f801c363925fa224de1c7c9e5e9
SSDEEP

6144:3eguX491HkoRQAznRzuRHbHcTBYLJdHNkJVoK:zm491EuQknhuRHjN0IK

Score

N/A

Malware Config

Signatures

Files

0f974a43884a320df3536871d7119e20eea12146235434d60f07835a209948f5
.exe windows x86

05d03490d68714fac1e1318b781534a1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateEventW
WaitForMultipleObjects
GetCurrentProcessId
OpenProcess
TerminateThread
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
CreateFileW
DeviceIoControl
GetCurrentThread
GetCurrentProcess
GetVersionExW
GetSystemDirectoryW
lstrcatW
lstrcpyW
LoadLibraryW
InitializeCriticalSection
lstrcpynW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
lstrlenA
MultiByteToWideChar
FreeLibrary
GetShortPathNameW
GetProcessHeap
HeapAlloc
HeapFree
GetModuleFileNameW
GetTickCount
lstrlenW
GetCommandLineW
lstrcmpiW
GetCurrentThreadId
Sleep
SetConsoleCtrlHandler
CreateThread
CloseHandle
GetModuleHandleW
GetProcAddress
GetLastError
LocalAlloc
SetFilePointerEx
GetFileSizeEx
TlsGetValue
OpenThread
TlsSetValue
GetEnvironmentVariableW
TlsAlloc
SetEnvironmentVariableW
TlsFree
ReleaseMutex
CreateMutexW
GetFileSize
LocalFree
SetFilePointer
ReadFile
GetACP
FormatMessageW
GetSystemTime
lstrcmpA
SetLastError
GetFileType
InterlockedCompareExchange
WaitForSingleObject
GetStartupInfoW
CreateFileA
GetSystemTimeAsFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
OutputDebugStringW

user32

PeekMessageW
DispatchMessageW
PostThreadMessageW
CharNextW
LoadStringW

advapi32

RegQueryValueExA
StartServiceW
ConvertStringSecurityDescriptorToSecurityDescriptorW
AllocateAndInitializeSid
FreeSid
LookupPrivilegeValueW
AdjustTokenPrivileges
CreateProcessAsUserW
DuplicateTokenEx
RegQueryValueExW
GetTokenInformation
OpenThreadToken
OpenProcessToken
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
GetLengthSid
CopySid
RegEnumValueW
RegQueryInfoKeyW
RegEnumKeyExW
RegCreateKeyExW
RegDeleteKeyW
QueryServiceObjectSecurity
GetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetServiceObjectSecurity
StartServiceCtrlDispatcherW
ControlService
DeleteService
CreateServiceW
ChangeServiceConfig2W
ChangeServiceConfigW
RegDeleteValueW
RegSetValueExW
RegisterServiceCtrlHandlerExW
SetServiceStatus
RegisterEventSourceW
ReportEventW
DeregisterEventSource
RegOpenKeyExW
RegCloseKey
OpenSCManagerW
OpenServiceW
CloseServiceHandle
GetNamedSecurityInfoW
BuildExplicitAccessWithNameW
SetEntriesInAclW
SetNamedSecurityInfoW
GetExplicitEntriesFromAclW
GetTrusteeNameW
EqualSid
DeleteAce
LookupAccountSidW

ole32

CoInitialize
CoInitializeSecurity
CoUninitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoRegisterClassObject
CoRevokeClassObject
CoCreateInstance
CoTaskMemFree

oleaut32

SysStringLen
SysAllocStringLen
RegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
VarUI4FromStr

shlwapi

SHSetValueW
PathFileExistsW
PathAppendW
PathIsDirectoryW
PathRemoveFileSpecW
SHDeleteValueW
SHGetValueW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

wtsapi32

WTSSendMessageW
WTSEnumerateSessionsW
WTSFreeMemory

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

rpcrt4

RpcAsyncCompleteCall
NdrAsyncServerCall
RpcMgmtStopServerListening
RpcServerUnregisterIf
RpcServerUseProtseqEpW
RpcServerRegisterIfEx
RpcServerListen
NdrServerCall2

psapi

GetModuleFileNameExW

crypt32

CryptMsgClose
CryptMsgUpdate
CryptMsgOpenToDecode
CertOpenStore
CertGetCertificateContextProperty
CertGetNameStringW
CertCloseStore

wintrust

WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain

msvcrt

__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_XcptFilter
_exit
?terminate@@YAXXZ
_onexit
__dllonexit
_vsnprintf
_except_handler3
_controlfp
??1type_info@@UAE@XZ
memset
__CxxFrameHandler
_putws
_vsnwprintf
memcpy
wcslen
free
malloc
realloc
??2@YAPAXI@Z
memcmp
wcscpy
_snwprintf
_wcsicmp
wcsncmp
_purecall
wcscmp
memmove
_CxxThrowException
wcsncpy
_errno
wcstok
strerror
wcsrchr
wcschr
swprintf
strncpy
qsort
memchr
_wcslwr
swscanf
tolower
wcscat
__set_app_type

Sections

.text
Size: 104KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

fkuec
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 148KB - Virtual size: 148KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

05d03490d68714fac1e1318b781534a1

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

version

wtsapi32

userenv

rpcrt4

psapi

crypt32

wintrust

msvcrt

Sections

.text Size: 104KB - Virtual size: 102KB

.rdata Size: 20KB - Virtual size: 17KB

.data Size: 16KB - Virtual size: 15KB

.rsrc Size: 24KB - Virtual size: 21KB

fkuec Size: 8KB - Virtual size: 4KB

Size: 148KB - Virtual size: 148KB

.text
Size: 104KB - Virtual size: 102KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 16KB - Virtual size: 15KB

.rsrc
Size: 24KB - Virtual size: 21KB

fkuec
Size: 8KB - Virtual size: 4KB