fba60b7f260a98aac4abc813c3c0e41843d469c5316c1a5fd1da620ae25d2447

Sharing

Copy URL

Twitter E-mail

General

Target

fba60b7f260a98aac4abc813c3c0e41843d469c5316c1a5fd1da620ae25d2447
Size

201KB
MD5

489673e2796af80f09fdb78957525500
SHA1

3ef14bac629bbba80d6ea39756e84cf6f2df1acd
SHA256

fba60b7f260a98aac4abc813c3c0e41843d469c5316c1a5fd1da620ae25d2447
SHA512

befe9587abf6e2bdcf5b7a441692b10c79d66a28b95f58807bf23aa7efd2f4b42285a8b86b8bd554145221b7e7eeaa7225209978245727a387f62100312ae40e
SSDEEP

3072:7pSias14D85sqiTj5F20/pgn+Os1GxKnCfMPhDZAhtfGgNpb+RJwK29:7p7as144KxrdynHs1ZnCfKsvNp6RJ

Score

N/A

Malware Config

Signatures

Files

fba60b7f260a98aac4abc813c3c0e41843d469c5316c1a5fd1da620ae25d2447
.exe windows x86

ebab9061163ff9140a058a29916db154

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_vsnwprintf
_CxxThrowException
__CxxFrameHandler3
wcsrchr
memset
free
memcpy_s
isspace
_wtol
_onexit
_lock
__dllonexit
_unlock
_controlfp
_except_handler4_common
?terminate@@YAXXZ
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
_memicmp
_get_osfhandle
_errno
_fileno
fflush
fprintf
__iob_func
wcstod
wcstoul
wcstol
_purecall
memcpy
_iob
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_callnewh
malloc
_wtoi
iswdigit
wcstok
_ultow
wcschr
iswpunct
iswspace
wcspbrk

api-ms-win-core-console-l1-1-0

WriteConsoleW
SetConsoleMode
GetConsoleMode
ReadConsoleW

api-ms-win-core-datetime-l1-1-0

GetDateFormatW
GetTimeFormatW

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-file-l1-1-0

CreateFileW
ReadFile
CompareFileTime
SetFilePointer
GetFileSizeEx
WriteFile

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-interlocked-l1-1-0

InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange

api-ms-win-core-libraryloader-l1-1-0

LoadStringW
GetProcAddress
FreeLibrary
LoadLibraryExA
GetModuleHandleA

api-ms-win-core-localization-l1-1-0

GetLocaleInfoW

api-ms-win-core-localregistry-l1-1-0

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

api-ms-win-core-misc-l1-1-0

Sleep
LocalFree
lstrlenW

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
SystemTimeToFileTime
GetLocalTime

api-ms-win-security-base-l1-1-0

CreateWellKnownSid
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority

ntdll

EtwTraceMessage
WinSqmAddToStream
RtlNtStatusToDosError
RtlCreateVirtualAccountSid
RtlInitUnicodeString
WinSqmIsOptedIn

user32

CharUpperW
MessageBeep

ole32

IIDFromString
CoUninitialize
StringFromGUID2
CoCreateGuid
CoCreateInstance
CoInitializeSecurity
CoInitializeEx

oleaut32

VarBstrCat
SysAllocStringByteLen
SysStringByteLen
VariantTimeToSystemTime
SysFreeString
SysAllocString
VariantClear
SysAllocStringLen
GetErrorInfo
SysStringLen
VariantChangeType
VariantInit

shlwapi

StrRChrIW
StrChrW
StrStrIW
StrChrIW
StrStrW

kernel32

HeapAlloc
HeapSize
GetProcessHeap
HeapValidate
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
DebugBreak
WideCharToMultiByte
CompareStringA
LeaveCriticalSection
DeleteCriticalSection
InterlockedIncrement
RegDeleteKeyExW
DeleteFileTransactedW
DeleteFileW
RegSetValueExW
ExpandEnvironmentStringsW
UnregisterWait
GetComputerNameExW
FileTimeToSystemTime
GetThreadLocale
CompareStringW
lstrlenA
GetModuleFileNameW
ExitProcess
GetConsoleOutputCP
HeapReAlloc
HeapFree
GetFileType
VerSetConditionMask
VerifyVersionInfoW
FormatMessageW
SetThreadUILanguage
DelayLoadFailureHook
GetComputerNameW

ktmw32

CommitTransaction
RollbackTransaction
CreateTransaction

Sections

.text
Size: 138KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

rbxreee
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ebab9061163ff9140a058a29916db154

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

api-ms-win-core-console-l1-1-0

api-ms-win-core-datetime-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-libraryloader-l1-1-0

api-ms-win-core-localization-l1-1-0

api-ms-win-core-localregistry-l1-1-0

api-ms-win-core-misc-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-security-base-l1-1-0

ntdll

user32

ole32

oleaut32

shlwapi

kernel32

ktmw32

Sections

.text Size: 138KB - Virtual size: 137KB

.data Size: 24KB - Virtual size: 24KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 35KB - Virtual size: 36KB

rbxreee Size: - Virtual size: 4KB

.text
Size: 138KB - Virtual size: 137KB

.data
Size: 24KB - Virtual size: 24KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 35KB - Virtual size: 36KB

rbxreee
Size: - Virtual size: 4KB