c89b85a3d5b14c1c9b37553cf8f4645dcdc33c279a668d3c898ff6d9ef7fdfad

Sharing

Copy URL Twitter E-mail

General

Target

c89b85a3d5b14c1c9b37553cf8f4645dcdc33c279a668d3c898ff6d9ef7fdfad
Size

1.1MB
MD5

6ae04df14f58d6085bcd1722c4006485
SHA1

0e48d6c6d3941b1428154330893a70add7b30b2d
SHA256

c89b85a3d5b14c1c9b37553cf8f4645dcdc33c279a668d3c898ff6d9ef7fdfad
SHA512

5630307eaa7c1ed60babeeb4bfbf252d30dd861371f047cddc95f6f503a26507dd8075e4df7086ee244d9d46871ac680f1fb2c2f13ae8360b010d9a6fff3308b
SSDEEP

24576:q3vj2q2UjXCL69SnzyxvJuQo+SJ9fWxaN2xCi:qb2q2Uje69yzyVQNfWgN24i

Score

N/A

Malware Config

Signatures

Files

c89b85a3d5b14c1c9b37553cf8f4645dcdc33c279a668d3c898ff6d9ef7fdfad
.exe windows x64

053973c4b8e8b3ee492c91e8fc1d1f83

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetModuleHandleA
GetProcAddress
SetCurrentDirectoryW
LoadLibraryExW
lstrlenW
GetModuleFileNameW
TerminateProcess
GetCurrentProcess
GetTickCount
EnterCriticalSection
LeaveCriticalSection
SetInformationJobObject
WaitForSingleObject
SetLastError
GetLastError
InitializeCriticalSection
TerminateJobObject
SetEvent
GetQueuedCompletionStatus
ResetEvent
DuplicateHandle
GetCurrentThreadId
CreateThread
CreateEventW
CreateIoCompletionPort
DeleteCriticalSection
PostQueuedCompletionStatus
ResumeThread
SignalObjectAndWait
FreeLibrary
LoadLibraryW
WriteProcessMemory
MapViewOfFile
CreateFileMappingW
GetExitCodeProcess
GetThreadContext
AssignProcessToJobObject
UnregisterWaitEx
RegisterWaitForSingleObject
GetVersionExW
CreateJobObjectW
CreateMutexW
GetCurrentProcessId
GetModuleHandleW
VirtualFreeEx
VirtualAllocEx
VirtualProtectEx
CreateNamedPipeW
OpenEventW
SearchPathW
DebugBreak
WideCharToMultiByte
VirtualQuery
ReadProcessMemory
GetLongPathNameW
GetFileAttributesW
CreateFileW
QueryDosDeviceW
GetCurrentDirectoryW
ExpandEnvironmentStringsW
SetEnvironmentVariableW
ReleaseMutex
DeleteFileW
SetFilePointer
WriteFile
OutputDebugStringA
FormatMessageA
GetUserDefaultLangID
FormatMessageW
RtlCaptureStackBackTrace
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileTime
GetFileSize
UnmapViewOfFile
CompareFileTime
MoveFileExW
ReplaceFileW
CopyFileW
GetFileAttributesExW
RemoveDirectoryW
QueueUserWorkItem
CreateDirectoryW
GetFullPathNameW
FindNextFileW
FindFirstFileW
GetLogicalDriveStringsW
GetTempFileNameW
ReadFile
VirtualFree
VirtualAlloc
MultiByteToWideChar
GetStdHandle
AllocConsole
AttachConsole
OpenProcess
CreateToolhelp32Snapshot
GetSystemInfo
GetProcessIoCounters
VirtualQueryEx
HeapSetInformation
SetPriorityClass
Process32NextW
Process32FirstW
GetProcessHeaps
GetProcessId
GetProcessTimes
GetSystemTimeAsFileTime
SetHandleInformation
CreatePipe
RaiseException
IsDebuggerPresent
InitializeCriticalSectionAndSpinCount
TryEnterCriticalSection
GetCurrentThread
QueryPerformanceCounter
QueryPerformanceFrequency
LocalFileTimeToFileTime
SystemTimeToFileTime
GetSystemDirectoryW
GetWindowsDirectoryW
SetEndOfFile
SetFilePointerEx
FlushFileBuffers
SetFileTime
GetFileInformationByHandle
ReleaseSemaphore
CreateSemaphoreW
WaitNamedPipeW
WaitForMultipleObjects
TransactNamedPipe
SetNamedPipeHandleState
SizeofResource
LockResource
LoadResource
FindResourceW
GetLocaleInfoW
GetThreadLocale
WTSGetActiveConsoleSessionId
RtlUnwindEx
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetStartupInfoW
HeapFree
GetConsoleCP
GetConsoleMode
SetStdHandle
GetFileType
HeapReAlloc
HeapAlloc
GetProcessHeap
RtlPcToFileHeader
LCMapStringA
LCMapStringW
GetCPInfo
EncodePointer
DecodePointer
TlsAlloc
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStartupInfoA
HeapCreate
HeapDestroy
HeapSize
GetACP
GetOEMCP
IsValidCodePage
SetConsoleCtrlHandler
GetTimeZoneInformation
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FatalAppExitA
LoadLibraryA
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetDateFormatA
GetTimeFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
CreateFileA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetDriveTypeA
GetFullPathNameA
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetEnvironmentVariableW
GetTempPathW
LocalFree
SetUnhandledExceptionFilter
GetCommandLineW
CreateProcessW
CloseHandle
ExitProcess
FindClose
Sleep
LocalAlloc

user32

CloseDesktop
CloseWindowStation
UserHandleGrantAccess
CreateWindowStationW
GetProcessWindowStation
CreateDesktopW
SetProcessWindowStation
GetThreadDesktop
GetUserObjectInformationW
SetWindowLongPtrW
CharUpperW
WaitForInputIdle
MessageBoxW
wsprintfW
SystemParametersInfoW
GetClassNameW
GetKeyState
GetPropW
RemovePropW
SetPropW
GetWindowLongPtrW
GetDesktopWindow

advapi32

RegDisablePredefinedCache
SetSecurityInfo
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetTokenInformation
GetLengthSid
ConvertStringSidToSidW
OpenProcessToken
SetThreadToken
RevertToSelf
CreateProcessAsUserW
CreateRestrictedToken
DuplicateTokenEx
DuplicateToken
EqualSid
GetTokenInformation
LookupPrivilegeValueW
GetFileSecurityW
ConvertSecurityDescriptorToStringSecurityDescriptorW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
SetFileSecurityW
TraceEvent
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableFlags
GetTraceEnableLevel
GetSidSubAuthorityCount
GetSidSubAuthority
ConvertSidToStringSidW
RegDeleteValueW
RegNotifyChangeKeyValue
RegEnumKeyExW
RegQueryInfoKeyW
RegEnumValueW
SetEntriesInAclW
GetSecurityInfo
CreateWellKnownSid
CopySid

shell32

SHGetFolderPathW
ShellExecuteExW
CommandLineToArgvW
ShellExecuteW
SHFileOperationW

shlwapi

PathFileExistsW
SHStrDupW
SHDeleteEmptyKeyW
PathRemoveFileSpecW
SHDeleteKeyW
UrlCanonicalizeW

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

winmm

timeEndPeriod
timeGetTime
timeBeginPeriod

wtsapi32

WTSQueryUserToken

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

psapi

QueryWorkingSet
GetProcessMemoryInfo
GetMappedFileNameW

Exports

Exports

DumpProcess
SetActiveURL
SetClientId
SetExtensionID
SetGpuInfo
SetNumberOfViews

Sections

.text
Size: 850KB - Virtual size: 849KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 156KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

053973c4b8e8b3ee492c91e8fc1d1f83

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

shlwapi

userenv

winmm

wtsapi32

version

psapi

Exports

Exports

Sections

.text Size: 850KB - Virtual size: 849KB

.rdata Size: 156KB - Virtual size: 156KB

.data Size: 9KB - Virtual size: 22KB

.pdata Size: 59KB - Virtual size: 59KB

.rsrc Size: 27KB - Virtual size: 27KB

.reloc Size: 15KB - Virtual size: 33KB

.text
Size: 850KB - Virtual size: 849KB

.rdata
Size: 156KB - Virtual size: 156KB

.data
Size: 9KB - Virtual size: 22KB

.pdata
Size: 59KB - Virtual size: 59KB

.rsrc
Size: 27KB - Virtual size: 27KB

.reloc
Size: 15KB - Virtual size: 33KB