ea9fec851f6a7d33631620ee7522ec4aafc5a4822cf718eb6a338e4aeea62c26

Sharing

Copy URL

Twitter E-mail

General

Target

ea9fec851f6a7d33631620ee7522ec4aafc5a4822cf718eb6a338e4aeea62c26
Size

103KB
MD5

1966c2ca4b6056c89a8ec49604b1e430
SHA1

63abb3a0c1bba0941d058a8480991fa8e11cd19c
SHA256

ea9fec851f6a7d33631620ee7522ec4aafc5a4822cf718eb6a338e4aeea62c26
SHA512

608e65d2918e5d8640666236fdeaf0134ebe7441d8d652bee4304db2232abad8b7673828a1b9b966f8fd48e85b22c8f735dc39a5ab74656aff77b664c63aa83d
SSDEEP

3072:/JEwi0Bd96Bu4TDKTpnTpj6Rux8VM09JJ6ZX0Dto:/JEwi0Bd96Bu43KTVpj6Rux87

Score

N/A

Malware Config

Signatures

Files

ea9fec851f6a7d33631620ee7522ec4aafc5a4822cf718eb6a338e4aeea62c26
.exe windows x86

b92284996b58e51158ace38adf33ea37

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegQueryValueExW
RegCloseKey
RegConnectRegistryW
LookupAccountSidW
CloseServiceHandle
EnumServicesStatusExW
OpenSCManagerW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken

kernel32

InterlockedDecrement
CloseHandle
OpenProcess
TerminateProcess
GetExitCodeProcess
InterlockedIncrement
LocalAlloc
lstrlenW
FormatMessageW
WriteConsoleW
GetStdHandle
FreeLibrary
GetProcAddress
LoadLibraryW
GetSystemDirectoryW
GetCurrentProcessId
GetCurrentProcess
GetComputerNameExW
GetCurrentThreadId
ReadFile
ReadConsoleW
ExitProcess
GetConsoleOutputCP
HeapReAlloc
HeapFree
HeapSize
HeapAlloc
GetProcessHeap
HeapValidate
WideCharToMultiByte
MultiByteToWideChar
CompareStringA
GetThreadLocale
CompareStringW
lstrlenA
GetFileType
GetConsoleMode
VerSetConditionMask
VerifyVersionInfoW
SetThreadUILanguage
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
InterlockedCompareExchange
Sleep
InterlockedExchange
LocalFree
GetLastError
SetLastError
SetConsoleMode
GetModuleFileNameW

msvcrt

_get_osfhandle
wcsstr
_fileno
_vsnwprintf
fflush
wcstod
wcstol
wcstok
_controlfp
_except_handler4_common
?terminate@@YAXXZ
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_CxxThrowException
wcstoul
_errno
wcschr
_wtoi64
memcpy
_wcsicmp
wcsrchr
??2@YAPAXI@Z
free
_wcsdup
__iob_func
??3@YAXPAX@Z
memset
__CxxFrameHandler3
fprintf
_memicmp

ntdll

RtlLargeIntegerToChar
RtlTimeToElapsedTimeFields

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

user32

IsHungAppWindow
GetWindow
FindWindowExW
GetWindowThreadProcessId
GetWindowLongW
CharUpperW
LoadStringW
wsprintfW
PostMessageW
EnumWindowStationsW
GetProcessWindowStation
OpenWindowStationW
SetProcessWindowStation
CloseWindowStation
EnumDesktopsW
GetThreadDesktop
OpenDesktopW
SetThreadDesktop
CloseDesktop
EnumWindows
GetWindowTextW

mpr

WNetGetLastErrorW
WNetCancelConnection2W
WNetAddConnection2W

ole32

CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoInitializeSecurity
CoInitializeEx
CoUninitialize

oleaut32

VariantChangeType
SysAllocStringByteLen
SysAllocString
VariantCopy
SysStringLen
VariantClear
VariantInit
SysFreeString

secur32

GetUserNameExW

ws2_32

WSAGetLastError
WSAStartup
GetNameInfoW
WSACleanup
FreeAddrInfoW
GetAddrInfoW

framedynos

??4CHString@@QAEABV0@ABV0@@Z
??4CHString@@QAEABV0@PBG@Z
?ReleaseBuffer@CHString@@QAEXH@Z
?GetBufferSetLength@CHString@@QAEPAGH@Z
?GetBuffer@CHString@@QAEPAGH@Z
??4CHString@@QAEABV0@PBD@Z
?GetData@CHString@@IBEPAUCHStringData@@XZ
?Left@CHString@@QBE?AV1@H@Z
?Find@CHString@@QBEHG@Z
?FindOneOf@CHString@@QBEHPBG@Z
?Compare@CHString@@QBEHPBG@Z
?Empty@CHString@@QAEXXZ
?Mid@CHString@@QBE?AV1@HH@Z
?Find@CHString@@QBEHPBG@Z
??YCHString@@QAEABV0@PBG@Z
??0CHString@@QAE@XZ
?Format@CHString@@QAAXPBGZZ
??YCHString@@QAEABV0@ABV0@@Z
??1CHString@@QAE@XZ
?Mid@CHString@@QBE?AV1@H@Z

netapi32

NetApiBufferFree
NetServerGetInfo

dbghelp

EnumerateLoadedModulesW64

shlwapi

StrChrW
StrChrIW
StrStrW
StrStrIW

Sections

.text
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

rteeawq
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b92284996b58e51158ace38adf33ea37

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

ntdll

version

user32

mpr

ole32

oleaut32

secur32

ws2_32

framedynos

netapi32

dbghelp

shlwapi

Sections

.text Size: 68KB - Virtual size: 68KB

.data Size: 1KB - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 30KB - Virtual size: 31KB

rteeawq Size: - Virtual size: 4KB

.text
Size: 68KB - Virtual size: 68KB

.data
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 30KB - Virtual size: 31KB

rteeawq
Size: - Virtual size: 4KB