2ac54cde31cb68af651ffd40ee80d5ec39853a4037ba634cd269f4251940ae97

Sharing

Copy URL Twitter E-mail

General

Target

2ac54cde31cb68af651ffd40ee80d5ec39853a4037ba634cd269f4251940ae97
Size

95KB
MD5

0242b637f78ebf3cc64add4c25fb30e0
SHA1

b0e1b85adfc8fcb0791cb7e5372389b365edf9ce
SHA256

2ac54cde31cb68af651ffd40ee80d5ec39853a4037ba634cd269f4251940ae97
SHA512

a11d75a2b876a8d8e10c567cca3121d32c319ca07d2ddbbb9d789a9232c8e0e9505ae86961640de5aabc3d7c97ad9c9a106b7611734d51d78c5b6467cb734f25
SSDEEP

1536:ld8C0bIEJ+zlrJHH0eXivEiWsFM3HjDz01NK/rBwp:c7J+5JHH0/wsO3HjU1+rip

Score

N/A

Malware Config

Signatures

Files

2ac54cde31cb68af651ffd40ee80d5ec39853a4037ba634cd269f4251940ae97
.exe windows x86

64460b729ea096efba239c17bcc67ab0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

TraceMessage
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
NotifyServiceStatusChangeW
OpenServiceW
CloseServiceHandle
OpenSCManagerW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclW
CreateWellKnownSid
RegSetKeyValueW
RegGetValueW
RegDeleteKeyValueW

kernel32

OpenEventW
ProcessIdToSessionId
GetCurrentProcessId
HeapSetInformation
InterlockedExchange
InterlockedIncrement
SetEvent
ConnectNamedPipe
GetOverlappedResult
ReadFile
WriteFile
LocalFree
CreateEventW
CreateNamedPipeW
WaitForMultipleObjects
WTSGetActiveConsoleSessionId
Sleep
DeviceIoControl
ResetEvent
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
GetStartupInfoA
InterlockedCompareExchange
CloseHandle
GetLastError
DisconnectNamedPipe
LocalAlloc
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InterlockedDecrement
WaitForSingleObject
CreateSemaphoreW
ReleaseSemaphore
FreeLibrary
CreateThread
GetModuleHandleW
FreeLibraryAndExitThread
TlsAlloc
TlsFree
GetSystemInfo
GetModuleHandleExW
OpenThread
SwitchToThread
TlsGetValue
TlsSetValue

user32

UnregisterClassW
DispatchMessageW
PeekMessageW
MsgWaitForMultipleObjectsEx
PostThreadMessageW
SetDisplayConfig
DisplayConfigGetDeviceInfo
EnumDisplaySettingsW
GetDisplayConfigBufferSizes
QueryDisplayConfig
OpenInputDesktop
SetThreadDesktop
InvalidateRect
CreateWindowExW
KillTimer
GetShellWindow
PostMessageW
GetClassInfoExW
LoadCursorW
RegisterClassExW
GetWindowLongW
SetWindowLongW
SetTimer
SendInput
DefWindowProcW
PostQuitMessage
DestroyWindow

msvcrt

_purecall
_controlfp
_except_handler4_common
?terminate@@YAXXZ
_lock
__dllonexit
_unlock
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
memmove
realloc
memcpy
malloc
free
calloc
_vsnwprintf
??2@YAPAXI@Z
??3@YAXPAX@Z
memset
_onexit
_ftol2_sse

wtsapi32

WTSFreeMemory
WTSRegisterSessionNotification
WTSQuerySessionInformationW

dwmapi

ord102
DwmIsCompositionEnabled

ntdll

NtCreateFile
NtClose
RtlInitUnicodeString

Sections

.text
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

64460b729ea096efba239c17bcc67ab0

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

msvcrt

wtsapi32

dwmapi

ntdll

Sections

.text Size: 69KB - Virtual size: 69KB

.data Size: 512B - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 23KB - Virtual size: 26KB

.text
Size: 69KB - Virtual size: 69KB

.data
Size: 512B - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 23KB - Virtual size: 26KB