d9ff8dfd3f4e2a2e2299977eb33ab78653ce87f15ef987b2f5ad125fee2717e3

Sharing

Copy URL Twitter E-mail

General

Target

d9ff8dfd3f4e2a2e2299977eb33ab78653ce87f15ef987b2f5ad125fee2717e3
Size

172KB
MD5

4d0f61a83e2bb10904486caa29834f7f
SHA1

9ec4a2cfaffb10a82e4ca75a28a372db4d0a0402
SHA256

d9ff8dfd3f4e2a2e2299977eb33ab78653ce87f15ef987b2f5ad125fee2717e3
SHA512

9317d77337db82ba7e6ea99a006be8cfa4b45141d4f246fe8f6b1235751ad0e8bf2eb7ab054bf2ec81ae52491aee682cbdcf96eea9cf4b31c67ddc23c2959fa0
SSDEEP

3072:lFjv+WfqqYE1YWitQ8bOe4DGH9upwTj/7NmastkpFlSK1tk3Ft8:lFj45PWKDOe4DGH9mONmaJpFl91wFt8

Score

N/A

Malware Config

Signatures

Files

d9ff8dfd3f4e2a2e2299977eb33ab78653ce87f15ef987b2f5ad125fee2717e3
.exe windows x86

10b553f8689c8aaa15ecc6f54d30ec9d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateToolhelp32Snapshot
GetCurrentThreadId
GetDiskFreeSpaceExA
GetDriveTypeA
GlobalMemoryStatusEx
GetSystemInfo
GetComputerNameA
GetModuleFileNameA
CopyFileA
SetErrorMode
GetTickCount
GetLocalTime
GetCurrentProcessId
GetCurrentProcess
SetStdHandle
LCMapStringW
LCMapStringA
FlushFileBuffers
LocalReAlloc
OpenProcess
TerminateProcess
WaitForMultipleObjects
LocalAlloc
ReadFile
LocalFree
GetProcessHeap
HeapAlloc
CreateThread
lstrcmpiA
lstrcatA
DeleteFileA
lstrcpyA
MultiByteToWideChar
CreateProcessA
GetVersionExA
lstrlenA
InterlockedExchange
FreeLibrary
ResetEvent
GetLastError
CloseHandle
VirtualAlloc
Sleep
VirtualFree
DeleteCriticalSection
LoadLibraryA
GetProcAddress
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
GetStringTypeA
SetFilePointer
RtlUnwind
RaiseException
TlsSetValue
TlsGetValue
ExitThread
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapFree
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
TlsAlloc
SetLastError
SetUnhandledExceptionFilter
GetEnvironmentVariableA
HeapDestroy
HeapCreate
HeapReAlloc
IsBadWritePtr
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
WriteFile
IsBadReadPtr
IsBadCodePtr
InterlockedDecrement
InterlockedIncrement

user32

GetWindowTextA
ExitWindowsEx
PostMessageA
OpenDesktopA
GetThreadDesktop
GetUserObjectInformationA
OpenInputDesktop
SetThreadDesktop
CloseDesktop
IsWindowVisible
GetWindowThreadProcessId
wsprintfA
MessageBoxA

advapi32

RegEnumKeyExA
RegOpenKeyA
GetTokenInformation
LookupAccountSidA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegDeleteKeyA
RegDeleteValueA
RegQueryValueExA
RegEnumValueA
RegOpenKeyExA
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAccessAllowedAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegSetKeySecurity
FreeSid
OpenSCManagerA
DeleteService
CloseServiceHandle
OpenEventLogA
ClearEventLogA
CloseEventLog
RegCreateKeyExA
RegSetValueExA
RegCloseKey

netapi32

NetUserAdd
NetLocalGroupAddMembers

wtsapi32

WTSQuerySessionInformationA
WTSFreeMemory

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

10b553f8689c8aaa15ecc6f54d30ec9d

Headers

File Characteristics

Imports

kernel32

user32

advapi32

netapi32

wtsapi32

Sections

.text Size: 100KB - Virtual size: 99KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 24KB - Virtual size: 33KB

.rsrc Size: 36KB - Virtual size: 36KB

.text
Size: 100KB - Virtual size: 99KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 24KB - Virtual size: 33KB

.rsrc
Size: 36KB - Virtual size: 36KB