8a9d9c3e817c83562ebfcbb93bb41b8be6e067d679cd7d0c8e0d0310f0b045e1

Sharing

Copy URL Twitter E-mail

General

Target

8a9d9c3e817c83562ebfcbb93bb41b8be6e067d679cd7d0c8e0d0310f0b045e1
Size

525KB
MD5

6b421a3330898c466bb9e0bbb60a26c0
SHA1

6597105fed0d4853804c7e65d71d68e45cbdd582
SHA256

8a9d9c3e817c83562ebfcbb93bb41b8be6e067d679cd7d0c8e0d0310f0b045e1
SHA512

99027ca7dce03536eafb1bdf81a5bf97eb2ec97cb8881e00d35d732b080218aec55d2aaec3004f3e9ee2fe5eba8bbf1bee7a288f498e183dc4fdf9674579d0be
SSDEEP

6144:P/BfTCab1M5OsgJMXRJepGU0Tf0ZxKG9UF/4APqyukVXYw6600NvthO7mnQ3:xC2M3gJMXRoG5OZyBXF0CnOuQ

Score

N/A

Malware Config

Signatures

Files

8a9d9c3e817c83562ebfcbb93bb41b8be6e067d679cd7d0c8e0d0310f0b045e1
.exe windows x64

383b05d47d1e548350126d2c6a55ef0c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegEnumKeyW
RegCreateKeyExW
RegQueryValueExW
RegQueryInfoKeyW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegEnumValueW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegSetValueExW
OpenThreadToken
EqualSid
ConvertStringSidToSidW
SetNamedSecurityInfoW
LookupPrivilegeValueW
GetAce
ImpersonateSelf
GetSecurityInfo
GetNamedSecurityInfoW
SetEntriesInAclW
RevertToSelf
AdjustTokenPrivileges
CreateWellKnownSid
CloseServiceHandle
OpenProcessToken
OpenSCManagerW
OpenServiceW
GetTokenInformation
StartServiceW
ChangeServiceConfigW
QueryServiceStatusEx
ControlService
ConvertSidToStringSidW

kernel32

QueryFullProcessImageNameW
OpenProcess
LoadLibraryW
Sleep
MultiByteToWideChar
lstrlenW
GetLastError
GetProcAddress
CreateEventW
GetModuleHandleW
CloseHandle
LocalFree
WaitForSingleObject
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
CreateThread
WideCharToMultiByte
WaitForMultipleObjects
FindFirstFileW
GetCurrentThread
GetFileAttributesW
CreateFileW
FindClose
LocalAlloc
FindNextFileW
lstrlenA
GetSystemTime
SetFilePointer
GetCurrentProcess
WriteFile
CompareStringW
GetLocalTime
GetCurrentThreadId
GetWindowsDirectoryW
GetCurrentProcessId
GetTickCount64
CreateProcessW
CopyFileW
GetModuleFileNameW
GetTempPathW
FreeLibrary
LoadLibraryExA
DelayLoadFailureHook
SetEvent
CreateDirectoryW
GetEnvironmentVariableW
OpenEventW
ReleaseMutex
OpenMutexW
CreateMutexW
DeleteFileW
FlushFileBuffers
OutputDebugStringW
CompareFileTime
MoveFileExW
SetEndOfFile
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetStartupInfoW

msvcrt

_fmode
__set_app_type
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
??1type_info@@UEAA@XZ
_callnewh
_CxxThrowException
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBD@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
_commode
wcschr
_resetstkoflw
_purecall
_vsnwprintf
iswspace
iswdigit
_wtoi
wcsncpy_s
memcpy_s
towlower
malloc
_wcsdup
_wcslwr_l
__setusermatherr
__wgetmainargs
??0exception@@QEAA@XZ
__C_specific_handler
wcsncat_s
wcscat_s
wcscpy_s
swscanf
wcsncmp
_wcslwr_s_l
iswpunct
memcpy
_XcptFilter
_exit
exit
_cexit
__CxxFrameHandler3
_initterm
memmove_s
_amsg_exit
wcsstr
wcstol
wprintf_s
free
_wcsicmp
_wcmdln
memset

user32

LoadStringW
CharLowerBuffW

ole32

CoCreateInstance
CoUninitialize
StringFromGUID2
CoTaskMemAlloc
CoCreateGuid
StringFromIID
CoTaskMemFree
CoSetProxyBlanket
CLSIDFromString
StringFromCLSID
CoInitializeEx

slc

SLClose
SLInstallProofOfPurchase
SLOpen
SLGetPKeyInformation
SLConsumeWindowsRight

slcext

SLActivateProduct

oleaut32

VariantCopyInd
VariantChangeType
VarBstrCmp
VariantInit
SafeArrayCopy
SafeArrayGetUBound
SysFreeString
SysStringByteLen
SafeArrayGetVartype
SafeArrayLock
SysAllocStringLen
VarBstrCat
SafeArrayCreate
SafeArrayUnlock
SafeArrayDestroy
SysAllocStringByteLen
VariantCopy
VariantClear
SafeArrayGetLBound
SysStringLen
SysAllocString

wmdrmsdk

WMDRMCreateProvider

ws2_32

inet_addr
WSAStringToAddressW
GetNameInfoW

shlwapi

PathFindFileNameW
PathCombineW
UrlGetPartW

iphlpapi

GetAdaptersInfo

propsys

PSUnregisterPropertySchema
PSRegisterPropertySchema

Sections

.text
Size: 274KB - Virtual size: 273KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 240KB - Virtual size: 464KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

383b05d47d1e548350126d2c6a55ef0c

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

user32

ole32

slc

slcext

oleaut32

wmdrmsdk

ws2_32

shlwapi

iphlpapi

propsys

Sections

.text Size: 274KB - Virtual size: 273KB

.data Size: 1KB - Virtual size: 3KB

.pdata Size: 7KB - Virtual size: 6KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 240KB - Virtual size: 464KB

.text
Size: 274KB - Virtual size: 273KB

.data
Size: 1KB - Virtual size: 3KB

.pdata
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 240KB - Virtual size: 464KB