1293a6d7f233adef7e0eb2af3cf4cd8a72f41e9c79473114acb18d377b0889a7

Sharing

Copy URL

Twitter E-mail

General

Target

1293a6d7f233adef7e0eb2af3cf4cd8a72f41e9c79473114acb18d377b0889a7
Size

111KB
MD5

59bee717a41939d394a8f1472464aaa0
SHA1

e34501ffd1cb494f570bb9e775c580e51678368f
SHA256

1293a6d7f233adef7e0eb2af3cf4cd8a72f41e9c79473114acb18d377b0889a7
SHA512

ec4f126250b47622096ef7e0eb1e69c58912503bdfa76f89558a08ddc4c3f6ec8c7c83339a13d630dbba1d7b52c90b54a5124a4314f37efc5e821db865bfa1b7
SSDEEP

3072:XSkhbDTU5z9Ptpsm7Adbuw3SOUu7x3M1sb3n2VgMu2c:XUpsm7AdburM3MY3D

Score

N/A

Malware Config

Signatures

Files

1293a6d7f233adef7e0eb2af3cf4cd8a72f41e9c79473114acb18d377b0889a7
.exe windows x86

1101b5ccf082394a67f3b350d2a2714e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CopySid
GetLengthSid
IsValidSid
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
GetTokenInformation
AddAce
GetAce
GetAclInformation
AddAccessAllowedAce
InitializeAcl
EventRegister
EventUnregister
EventWrite
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
OpenProcessToken
OpenThreadToken
LookupAccountNameW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RevertToSelf
GetSecurityDescriptorLength
ImpersonateLoggedOnUser
ReportEventW
RegisterEventSourceW
DeregisterEventSource
RegEnumValueW
RegQueryValueExW
RegDeleteKeyExW
LookupAccountSidW
CreateWellKnownSid
ConvertStringSecurityDescriptorToSecurityDescriptorA

kernel32

GlobalUnlock
GlobalLock
MapViewOfFile
GlobalFree
GlobalAlloc
GetHandleInformation
SetErrorMode
GetCurrentProcessId
HeapSetInformation
RaiseException
InitializeCriticalSection
DeleteCriticalSection
SearchPathW
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
GetVersionExW
CreateFileW
CreateFileMappingW
FindResourceExW
WaitForSingleObject
ReleaseMutex
WaitForMultipleObjects
OutputDebugStringW
CopyFileA
DeleteFileA
FlushViewOfFile
GetLocalTime
CreateFileA
UnmapViewOfFile
FormatMessageW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetTimeFormatW
LocalFree
SetPriorityClass
SetLastError
ExpandEnvironmentStringsW
OutputDebugStringA
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
InterlockedCompareExchange
Sleep
lstrlenA
GetLastError
WideCharToMultiByte
InterlockedIncrement
InterlockedExchange
GetVersionExA
GetModuleFileNameW
SetEvent
GetProcessTimes
GetCurrentProcess
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
lstrcmpiW
LoadLibraryW
LeaveCriticalSection
EnterCriticalSection
lstrlenW
InterlockedDecrement
CloseHandle
GetModuleHandleW
GetProcAddress
GetCurrentThread
GetThreadTimes

msvcrt

_iob
fprintf
_wcsnicmp
_purecall
malloc
free
_itow_s
strncmp
wcsncmp
bsearch
_controlfp
_onexit
_lock
__dllonexit
_unlock
_errno
realloc
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_except_handler4_common
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
memcpy
_wtoi
memset
wcsncpy_s
_CxxThrowException
memcpy_s
__CxxFrameHandler3
_vsnwprintf
_ultow
_wcsicmp
_vsnprintf
strerror

user32

UnregisterClassA
LoadStringW
CharNextW

ole32

CoTaskMemAlloc
CoTaskMemFree
StringFromCLSID
CoTaskMemRealloc
CoUninitialize
CoReleaseMarshalData
CoMarshalInterface
CreateStreamOnHGlobal
CoGetMarshalSizeMax
CoInitializeSecurity
CoInitializeEx
CoCreateInstance

oleaut32

VarUI4FromStr

tquery

?ciDelete@@YGXPAX@Z
?ciNewNoThrow@@YGPAXI@Z

imm32

ImmDisableIME

msshooks

LoadMSSearchHooks

mscoree

LockClrVersion

shlwapi

SHRegGetValueW

Sections

.text
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

slxywle
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1101b5ccf082394a67f3b350d2a2714e

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

user32

ole32

oleaut32

tquery

imm32

msshooks

mscoree

shlwapi

Sections

.text Size: 75KB - Virtual size: 75KB

.data Size: 1KB - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 32KB - Virtual size: 33KB

slxywle Size: - Virtual size: 4KB

.text
Size: 75KB - Virtual size: 75KB

.data
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 32KB - Virtual size: 33KB

slxywle
Size: - Virtual size: 4KB