1cada7b346992ce77276805faae0f6c811d9f34c701838d2a1d655056bb1a178

Sharing

Copy URL

Twitter E-mail

General

Target

1cada7b346992ce77276805faae0f6c811d9f34c701838d2a1d655056bb1a178
Size

180KB
MD5

6467ce7e13d5df33ecc53a054d6f63e0
SHA1

9111070a31c295d3b8b39eb93ae7488c48060fda
SHA256

1cada7b346992ce77276805faae0f6c811d9f34c701838d2a1d655056bb1a178
SHA512

dd4439d3f0783d24e716c9fb8cfbe3034c4f41d5928c6bd8ed80c0aed453707208b3377195914540976b44ce652c4daa3ef1e03754229c0f72834358d5c4d1bf
SSDEEP

3072:mBKvV9Wd/IuccCxqz0n9iouSgpIWAftl7IenZhNuDrJcHXoJXzEic6OBfRNiMA:E29A/IhHxqwnAU65Aftl7tPNorJcCzRz

Score

N/A

Malware Config

Signatures

Files

1cada7b346992ce77276805faae0f6c811d9f34c701838d2a1d655056bb1a178
.exe windows x64

066aee023b4f62e28bcf1e4947ed046b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

TraceMessage
RegCreateKeyExW
GetTraceEnableFlags
RegQueryInfoKeyW
GetTraceLoggerHandle
RegDeleteValueW
UnregisterTraceGuids
RegEnumValueW
RegOpenKeyExW
GetTraceEnableLevel
RegEnumKeyExW
RegCloseKey
RegisterTraceGuidsW
RegSetValueExW
RegQueryValueExW

kernel32

EnterCriticalSection
GetCurrentThreadId
DeleteFileW
GetCommandLineW
lstrlenA
VirtualQuery
FindResourceW
FreeLibrary
LoadResource
LoadLibraryExW
WaitForSingleObject
SetEvent
InitializeCriticalSection
LoadLibraryW
GetCurrentProcess
SizeofResource
SetLastError
HeapDestroy
lstrcpynW
GetModuleFileNameW
MultiByteToWideChar
GetProcAddress
VirtualAlloc
CreateEventW
GetSystemInfo
lstrcmpiW
lstrcatW
VirtualProtect
DeleteCriticalSection
CloseHandle
lstrcpyW
CreateThread
GetLastError
RaiseException
FlushInstructionCache
GlobalUnlock
lstrlenW
lstrcmpW
LeaveCriticalSection
GlobalAlloc
GetModuleHandleW
GetVersionExW
GlobalLock
CompareStringW
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
Sleep
HeapAlloc
HeapFree
VirtualFree
GetProcessHeap
InterlockedPopEntrySList
InterlockedPushEntrySList
GetStartupInfoW
SetUnhandledExceptionFilter
ExpandEnvironmentStringsW

gdi32

DeleteDC
GetDeviceCaps
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectW
GetStockObject
CreateSolidBrush
BitBlt

user32

PostMessageW
UnregisterClassW
SetCapture
IsChild
FillRect
RegisterWindowMessageW
GetWindowTextLengthW
DestroyWindow
EndPaint
DispatchMessageW
PostThreadMessageW
CharPrevW
CharNextW
GetMessageW
SetParent
GetWindowLongPtrW
GetFocus
CreateAcceleratorTableW
SetFocus
BeginPaint
GetClassInfoExW
wsprintfW
GetDC
RegisterClassExW
SetClassLongPtrW
InvalidateRect
GetWindowLongW
GetWindowTextW
GetClassNameW
ReleaseDC
GetDlgItem
SetWindowLongW
RedrawWindow
GetDesktopWindow
GetSysColor
GetParent
InvalidateRgn
GetClientRect
LoadCursorW
SetWindowPos
ShowWindow
CreateWindowExW
ReleaseCapture
SetWindowLongPtrW
SendMessageW
SetWindowTextW
CallWindowProcW
DefWindowProcW
GetWindow
IsWindow

msvcrt

_cexit
memcmp
memset
_vsnwprintf
wcspbrk
wcsrchr
?terminate@@YAXXZ
__set_app_type
_fmode
_commode
__setusermatherr
_amsg_exit
_initterm
_wcmdln
exit
memcpy
_exit
_XcptFilter
__C_specific_handler
__wgetmainargs
realloc
malloc
free
??2@YAPEAX_K@Z
??3@YAXPEAX@Z
??_V@YAXPEAX@Z
??_U@YAPEAX_K@Z
wcschr

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

ole32

CoCreateInstance
OleLockRunning
CLSIDFromProgID
StringFromCLSID
CLSIDFromString
CoRegisterClassObject
CoRevokeClassObject
CoInitialize
CoTaskMemRealloc
CoUninitialize
CoTaskMemAlloc
CoTaskMemFree
OleUninitialize
OleInitialize
CreateStreamOnHGlobal

oleaut32

RegisterTypeLi
SysAllocString
VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
SysFreeString
OleCreateFontIndirect
SysAllocStringLen
VariantClear
SysStringLen

shell32

SHCreateItemFromIDList
SHParseDisplayName
ord155

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 52KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

bawrsat
Size: 55KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

fqhxmae
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

066aee023b4f62e28bcf1e4947ed046b

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

msvcrt

ntdll

ole32

oleaut32

shell32

Sections

.text Size: 64KB - Virtual size: 63KB

.data Size: 1024B - Virtual size: 2KB

.pdata Size: 2KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 52KB - Virtual size: 53KB

bawrsat Size: 55KB - Virtual size: 56KB

fqhxmae Size: - Virtual size: 4KB

.text
Size: 64KB - Virtual size: 63KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 52KB - Virtual size: 53KB

bawrsat
Size: 55KB - Virtual size: 56KB

fqhxmae
Size: - Virtual size: 4KB