a8df061e49eb52cbb4a00d988475006dd8c863e9e485c4826f688fea9483cd8b

Sharing

Copy URL Twitter E-mail

General

Target

a8df061e49eb52cbb4a00d988475006dd8c863e9e485c4826f688fea9483cd8b
Size

853KB
MD5

101a31e79fe44d689e9405ead78563b0
SHA1

c698c557e4fff235f37efd44ad488186a5efa707
SHA256

a8df061e49eb52cbb4a00d988475006dd8c863e9e485c4826f688fea9483cd8b
SHA512

a6b369f54b27a1c6a7737520d62d9dfec304f599c10a14a19fdd1615ebd75ab34e8bb7f633c9bcad54f2155ffbc992ab16d4efd78a733badec355a51df4742d0
SSDEEP

24576:6GbXXfdxt4dEiDiOecKKCcLUYj0o/pakAVZ13N1Vj:6GbnfdXwkcLlj0upazPN

Score

N/A

Malware Config

Signatures

Files

a8df061e49eb52cbb4a00d988475006dd8c863e9e485c4826f688fea9483cd8b
.exe windows x64

084ab71c073fc285a0aa3c0e20a40cc2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

DeleteFileW
GetCurrentProcessId
GetVolumeInformationW
DeleteTimerQueueEx
LCMapStringW
SetFileValidData
GetTimeFormatW
GetDateFormatW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
CloseHandle
GetSystemTime
VirtualQueryEx
GetModuleFileNameW
SetConsoleCtrlHandler
GetSystemPowerStatus
ResumeThread
SetThreadPriority
SleepEx
ReadFileScatter
WriteFileGather
GetFileAttributesW
FlushFileBuffers
GetFileInformationByHandle
RemoveDirectoryW
CreateDirectoryW
GetFileAttributesExW
GetVolumeNameForVolumeMountPointW
GetDiskFreeSpaceExW
GetVolumePathNameW
CreateMutexW
GetSystemWindowsDirectoryW
FindNextFileW
GetModuleHandleA
GetSystemInfo
DeviceIoControl
LocalAlloc
FindClose
GetDiskFreeSpaceW
GetProcAddress
GetLastError
GetFileSizeEx
CreateFileW
GetProcessHeap
GetTickCount
HeapFree
MoveFileExW
LoadLibraryExW
HeapAlloc
GetDriveTypeW
CopyFileExW
FindFirstFileW
Sleep
SetUnhandledExceptionFilter
GetModuleHandleW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
SetEndOfFile
SetFilePointerEx
VirtualFree
WriteFile
ReadFile
GetOverlappedResult
VirtualAlloc
CreateEventW
GetFileSize
GetQueuedCompletionStatus
WaitForSingleObject
SetEvent
WaitForSingleObjectEx
GetCurrentThread
IsProcessorFeaturePresent
SetThreadPriorityBoost
PostQueuedCompletionStatus
CreateIoCompletionPort
CreateThread
FormatMessageW
LocalFree
TlsGetValue
FreeLibrary
SetHandleInformation
TlsSetValue
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
ReleaseSemaphore
EnterCriticalSection
GetExitCodeThread
GetProcessAffinityMask
QueryPerformanceFrequency
DeleteCriticalSection
DuplicateHandle
ReleaseMutex
GetVersionExA
TlsAlloc
TlsFree
HeapDestroy
HeapSetInformation
SetLastError
GetNativeSystemInfo
GlobalMemoryStatusEx
VirtualProtect
CreateFileMappingW
MapViewOfFileEx
UnmapViewOfFile
IsWow64Process
DebugBreak
CreateEventA
GetLocalTime
OutputDebugStringA

msvcrt

?terminate@@YAXXZ
_onexit
__dllonexit
_unlock
_lock
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_snwscanf_s
_getch
wcscpy_s
_wtol
wcscat_s
_wfullpath
swscanf_s
_purecall
_vsnwprintf
_wmakepath_s
_wcsupr_s
wcstol
_wsplitpath_s
swprintf_s
printf
wprintf
malloc
free
_wcsicmp
wcschr
iswascii
fwprintf
_iob
_strnicmp
isprint
_vsnprintf
strcspn
strtoul
strrchr
wcsrchr
iswalpha
_wcsnicmp
_mbspbrk
atol
vprintf
memcmp
memcpy
memset

esent

JetGetDatabaseFileInfoW
JetRestore2W
JetInit4W
JetSetSystemParameterW
JetInit
JetBackupW
JetGetLogFileInfoW
JetCompactW
JetTerm2
JetGetSystemParameterW
JetDetachDatabaseW
JetEndSession
JetBeginSessionW
JetDBUtilitiesW

Sections

.text
Size: 262KB - Virtual size: 262KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 564KB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

084ab71c073fc285a0aa3c0e20a40cc2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

esent

Sections

.text Size: 262KB - Virtual size: 262KB

.data Size: 7KB - Virtual size: 140KB

.pdata Size: 10KB - Virtual size: 9KB

.idata Size: 6KB - Virtual size: 6KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 564KB - Virtual size: 1.9MB

.text
Size: 262KB - Virtual size: 262KB

.data
Size: 7KB - Virtual size: 140KB

.pdata
Size: 10KB - Virtual size: 9KB

.idata
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 564KB - Virtual size: 1.9MB