87e820b5deb1f32a0e6fd54f61e810dbcb3e4db8636f9a430e56157fc9d174ce

Sharing

Copy URL Twitter E-mail

General

Target

87e820b5deb1f32a0e6fd54f61e810dbcb3e4db8636f9a430e56157fc9d174ce
Size

586KB
MD5

1c0f0bdf6bed7f15424224005d0435b1
SHA1

9cb020a91047f34d42f69a0f320a589f1808efdd
SHA256

87e820b5deb1f32a0e6fd54f61e810dbcb3e4db8636f9a430e56157fc9d174ce
SHA512

c2714100e2e05efde4f2587e4ff2d4174f2408ed8f5d58df2345046b11d89fb1fc377bd2978a9a3b2c4c38a04ef55d62ce991b5f69cfd3b85b07b87656fdbe75
SSDEEP

12288:Y/RMShXnfaupmdQLvZRI3YyZBdyNNCRkYNG:Y/RMSNnfaEmdNIyhyNNCWp

Score

N/A

Malware Config

Signatures

Files

87e820b5deb1f32a0e6fd54f61e810dbcb3e4db8636f9a430e56157fc9d174ce
.exe windows x64

67e55574cfe2534556efefcc7837b885

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

TraceMessage
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
RegCloseKey
RegQueryValueExW
RegOpenKeyExW

kernel32

Sleep
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetLastError
GetModuleHandleW
CompareStringW
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
HeapSetInformation
SetUnhandledExceptionFilter
GetCurrentProcessId

user32

RegisterClassExW
CreateWindowExW
UnregisterClassW
PostQuitMessage
GetMessageW
DestroyWindow
DefWindowProcW
LoadStringW
DispatchMessageW
TranslateMessage
LoadIconW

msvcrt

_exit
_XcptFilter
__C_specific_handler
__wgetmainargs
_vsnwprintf
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
?terminate@@YAXXZ
__set_app_type
_fmode
_cexit
__setusermatherr
_amsg_exit
_initterm
exit
_commode
memset

ntdll

WinSqmAddToStream
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

shell32

Shell_NotifyIconW

comctl32

ord345

ole32

CoInitializeSecurity
CoUninitialize
CoCreateInstance
CoInitialize
CoInitializeEx

oleaut32

SysAllocString
VariantInit
SysFreeString

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 302B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vmp0
Size: 500KB - Virtual size: 1.8MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

67e55574cfe2534556efefcc7837b885

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

msvcrt

ntdll

shell32

comctl32

ole32

oleaut32

Sections

.text Size: 14KB - Virtual size: 13KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 512B - Virtual size: 372B

.rsrc Size: 70KB - Virtual size: 69KB

.reloc Size: 512B - Virtual size: 302B

.vmp0 Size: 500KB - Virtual size: 1.8MB

.text
Size: 14KB - Virtual size: 13KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 512B - Virtual size: 372B

.rsrc
Size: 70KB - Virtual size: 69KB

.reloc
Size: 512B - Virtual size: 302B

.vmp0
Size: 500KB - Virtual size: 1.8MB