b45fe5bb89b6158a2d96cfe6a3c5a2b19525d7aef74e049d049af3d377986020

Sharing

Copy URL

Twitter E-mail

General

Target

b45fe5bb89b6158a2d96cfe6a3c5a2b19525d7aef74e049d049af3d377986020
Size

139KB
MD5

043afa623936894cd51b384360f507d0
SHA1

98a0ffffaa7e072eae5cffd865b15d4fd5c839fe
SHA256

b45fe5bb89b6158a2d96cfe6a3c5a2b19525d7aef74e049d049af3d377986020
SHA512

e55b96e23a8ddfc914328f9fd94d649a7f53fbf8cce98032326d25ae81586dde6a38279a25359f51ffbc0efdcdea0ad70fd63940a9dd45d19d55b23544dffa26
SSDEEP

3072:YkB1vUZfhcaqExFltGvNLJ+R7Y5IMTB9jPh8fvy9s:Y618ZfsvN1cUfTJwvyG

Score

N/A

Malware Config

Signatures

Files

b45fe5bb89b6158a2d96cfe6a3c5a2b19525d7aef74e049d049af3d377986020
.exe windows x86

6390cce81012bdffd3ad199754551426

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegSetValueExW
RegCreateKeyExW
LookupAccountNameW
FreeSid
LookupAccountSidW
AllocateAndInitializeSid
LsaFreeMemory
LsaClose
LsaQueryInformationPolicy
LsaOpenPolicy
ConvertStringSidToSidW
InitializeAcl
BuildSecurityDescriptorW
BuildTrusteeWithNameW
AddAccessAllowedAce
GetLengthSid
AddAce
GetSecurityDescriptorDacl
IsWellKnownSid
ConvertSidToStringSidW
GetSidSubAuthority
CopySid
GetSidLengthRequired
GetSidSubAuthorityCount
LsaLookupNames
SetThreadToken
OpenThreadToken
GetTokenInformation
RegisterEventSourceW
ReportEventW
DeregisterEventSource
LogonUserW
LsaRetrievePrivateData
LsaStorePrivateData
LsaRemoveAccountRights
LsaEnumerateAccountRights
LsaAddAccountRights
IsValidSecurityDescriptor
GetSecurityDescriptorLength
OpenProcessToken
CreatePrivateObjectSecurityEx
DestroyPrivateObjectSecurity
BuildTrusteeWithSidW
RegConnectRegistryW

kernel32

LoadLibraryExA
InterlockedCompareExchange
FreeLibrary
GetProcAddress
DelayLoadFailureHook
HeapSetInformation
GetModuleFileNameW
MoveFileExW
OpenEventW
SetEvent
GetWindowsDirectoryA
GetLastError
CreateFileA
CreateFileW
GetFileSize
CloseHandle
SetFilePointer
GetLocalTime
WriteFile
lstrlenW
lstrlenA
GetVersionExA
InitializeCriticalSectionAndSpinCount
OutputDebugStringW
IsDebuggerPresent
GetCurrentThread
GetThreadContext
DebugBreak
CreateDirectoryW
CreateProcessW
WaitForSingleObject
GetExitCodeProcess
SetFileAttributesW
DeleteFileW
GetModuleHandleW
FindResourceW
LoadResource
InterlockedExchange
Sleep
SetUnhandledExceptionFilter
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
InterlockedIncrement
InterlockedDecrement
RegOpenKeyExW
RegFlushKey
RegDeleteValueW
RegDeleteTreeW
RegQueryValueExW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
ExpandEnvironmentStringsW
GetWindowsDirectoryW
LoadLibraryW
FindClose
FindNextFileW
FindFirstFileW
LocalFree
LocalAlloc
LocalSize
LocalReAlloc
GetComputerNameW
CompareStringW
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
LoadLibraryExW
FormatMessageW
LockResource

msvcrt

__CxxFrameHandler3
wcsrchr
_wcsnicmp
free
_vsnwprintf
malloc
_waccess
_local_unwind4
_wstrtime
_wcsicmp
realloc
_wstrdate
memcpy
_onexit
_lock
__dllonexit
_unlock
_controlfp
?terminate@@YAXXZ
_except_handler4_common
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
exit
_XcptFilter
_exit
_cexit
__getmainargs
_strtime
_stricmp
clock
wcsstr
memset
wcstombs
wcschr

user32

CharPrevA
CharNextA
IsCharAlphaW
CharPrevW
CharNextW
LoadStringW
SetWindowPos
MapWindowPoints
GetClientRect
GetWindowRect
GetDesktopWindow
SetThreadDesktop
OpenDesktopW
SetProcessWindowStation
OpenWindowStationW
GetThreadDesktop
GetProcessWindowStation
DialogBoxParamW
EndDialog
SetDlgItemTextW
CloseWindowStation
CloseDesktop
IsCharAlphaNumericW

ole32

CoTaskMemRealloc
CLSIDFromString
CoUninitialize
CoInitializeEx
CoCreateInstance
CoGetObjectContext
CoTaskMemFree
StringFromGUID2
CoTaskMemAlloc

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantClear

version

VerQueryValueW

Exports

Exports

?GetRegNodeDispenser@@YGJPAPAUIRegNodeDispenser@@@Z

Sections

.text
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6390cce81012bdffd3ad199754551426

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

user32

ole32

oleaut32

version

Exports

Exports

Sections

.text Size: 112KB - Virtual size: 112KB

.data Size: 512B - Virtual size: 31KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 24KB - Virtual size: 27KB

.text
Size: 112KB - Virtual size: 112KB

.data
Size: 512B - Virtual size: 31KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 24KB - Virtual size: 27KB