a97f6b1c55c76fa0dce793a6597d2520ac9077cffe7abdfbae23ec8f4c3f3f13

Sharing

Copy URL Twitter E-mail

General

Target

a97f6b1c55c76fa0dce793a6597d2520ac9077cffe7abdfbae23ec8f4c3f3f13
Size

170KB
MD5

1861f4bc990b371ae2289af516936d70
SHA1

152bf765c80f64552759609bc4b75672b79d1411
SHA256

a97f6b1c55c76fa0dce793a6597d2520ac9077cffe7abdfbae23ec8f4c3f3f13
SHA512

e31b2ea26049b9684e35bc813beaae5f346daff88fb11076139e3248139949a570013a56035902fa6edc28f2ec1445530d4c6e9276e74ee2569a1024023070cd
SSDEEP

3072:WdK7YFshIxpIFnN2MSPWGdNOCEvIfxmjHHDXCnzF5Qn4BNFusvFFRVd:WQ7YFtAGhEKsjHL4xPFNb

Score

N/A

Malware Config

Signatures

Files

a97f6b1c55c76fa0dce793a6597d2520ac9077cffe7abdfbae23ec8f4c3f3f13
.exe windows x86

1a16d1b3988c58f85caa16730bac4ae7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetUnhandledExceptionFilter
OutputDebugStringA
GetModuleHandleA
Sleep
InterlockedExchange
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
LoadLibraryW
GetProcAddress
FreeLibrary
FormatMessageW
GetStdHandle
GetFileType
GetConsoleMode
WriteConsoleW
GetConsoleOutputCP
WideCharToMultiByte
GetProcessHeap
HeapAlloc
WriteFile
HeapFree
GetModuleFileNameW
GetLastError
InterlockedCompareExchange
SetLastError
UnhandledExceptionFilter
LoadLibraryExW
QueryDosDeviceW
LocalFree
GetFileAttributesW
GetVolumeInformationW
GetVolumePathNameW
SetFileAttributesW
FindClose
FindNextFileW
FindFirstFileW
CreateFileW
GetCurrentThread
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetFileSizeEx
GetLocaleInfoW
DeviceIoControl
CopyFileExW
GetFullPathNameW
CreateDirectoryW
GetVersionExW
GetCurrentProcess
SearchPathW
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
LoadResource
FindResourceExW

msvcrt

bsearch
wcsstr
strncmp
wcsncmp
ungetc
_isatty
_write
_lseeki64
_fileno
_wcsnicmp
__pioinfo
__badioinfo
realloc
wcstombs
ferror
wctomb
_itoa
_snprintf
localeconv
isxdigit
isleadbyte
mbtowc
isdigit
calloc
fwprintf
fflush
_read
wcsrchr
_controlfp
?terminate@@YAXXZ
iswctype
free
malloc
memcpy
memset
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_iob
__mb_cur_max
wcschr
_vsnwprintf
_wcsupr
_wcslwr
_errno
_wsetlocale
_wcsicmp
wcstoul

imagehlp

CheckSumMappedFile

shlwapi

PathRemoveBackslashW

ntdll

NtAllocateUuids
NtOpenSymbolicLinkObject
NtQuerySymbolicLinkObject
RtlGetVersion
NtResetEvent
LdrGetDllHandle
RtlInitAnsiString
LdrGetProcedureAddress
NtDeleteKey
NtCreateFile
NtSaveKey
NtSetValueKey
NtQueryValueKey
NtDeleteValueKey
NtCreateKey
NtSetSecurityObject
RtlAllocateAndInitializeSid
RtlLengthSid
RtlCreateAcl
RtlAddAccessAllowedAceEx
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlLengthSecurityDescriptor
RtlSetOwnerSecurityDescriptor
NtOpenThreadToken
NtOpenProcessToken
NtAdjustPrivilegesToken
NtLoadKey
NtUnloadKey
NtQueryAttributesFile
NtQueryKey
NtEnumerateKey
NtOpenKey
RtlFreeUnicodeString
RtlStringFromGUID
RtlAllocateHeap
RtlFreeHeap
NtSetInformationFile
LdrFindResource_U
LdrAccessResource
NtQueryInformationFile
NtOpenProcess
NtQueryInformationProcess
NtSetInformationThread
NtOpenFile
NtCreateEvent
NtDeviceIoControlFile
NtWaitForSingleObject
NtQueryInformationThread
NtClose
NtQuerySystemInformation
RtlNtStatusToDosError
RtlCompareMemory
RtlUnwind
RtlInitUnicodeString
RtlGUIDFromString
RtlFreeSid

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

advapi32

LookupPrivilegeValueW
OpenThreadToken
SetNamedSecurityInfoW
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
GetSecurityDescriptorControl
ConvertStringSecurityDescriptorToSecurityDescriptorW
AdjustTokenPrivileges
ConvertSidToStringSidW
GetTokenInformation
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
OpenProcessToken

Sections

.text
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

kadmimf
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1a16d1b3988c58f85caa16730bac4ae7

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

imagehlp

shlwapi

ntdll

version

advapi32

Sections

.text Size: 129KB - Virtual size: 129KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 5KB - Virtual size: 4KB

.reloc Size: 34KB - Virtual size: 35KB

kadmimf Size: - Virtual size: 4KB

.text
Size: 129KB - Virtual size: 129KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 5KB - Virtual size: 4KB

.reloc
Size: 34KB - Virtual size: 35KB

kadmimf
Size: - Virtual size: 4KB