8ed52bdae3d2293876a3677c070617b2068707df59b9c5a3a4c18dd7fd1aa279

Sharing

Copy URL

Twitter E-mail

General

Target

8ed52bdae3d2293876a3677c070617b2068707df59b9c5a3a4c18dd7fd1aa279
Size

21KB
MD5

414e186f949810cbdccf179f7364ac60
SHA1

209b76b1cae3696a9dae71ffb1deb48e138c2af0
SHA256

8ed52bdae3d2293876a3677c070617b2068707df59b9c5a3a4c18dd7fd1aa279
SHA512

ca070747e485fdcd48f5c93e2ebfdef25ff3e64b7929c80bf75889b0f537623c223f2942be31abd3522238e5e44d3a6829ffaa27823c7febc62cf490187f826f
SSDEEP

384:euxr4OtZM8XIBElc9c5R1x1cQ4LstCo1Fd6nSHxA+V70NWSuLqGwcKVfg:XcOtZM8479c5Rv1cQ8ox6SeYQPGwcKg

Score

N/A

Malware Config

Signatures

Files

8ed52bdae3d2293876a3677c070617b2068707df59b9c5a3a4c18dd7fd1aa279
.exe windows x86

9f54afacad3cafbe55d4698c1de6b95f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

PerfStopProvider
PerfSetCounterSetInfo
PerfStartProvider
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
SetThreadToken
RevertToSelf
OpenThreadToken

kernel32

GetProcessAffinityMask
IsDebuggerPresent
SetErrorMode
GetSystemTimeAsFileTime
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
InterlockedCompareExchange
Sleep
InterlockedExchange
SetConsoleTitleW
GetFullPathNameW
ExpandEnvironmentStringsW
GetProcAddress
LoadLibraryW
GetLastError
GetConsoleOutputCP
SetThreadPreferredUILanguages
GetCurrentProcessId
GetCurrentThread
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CloseHandle
LocalFree
GetCurrentProcess

msvcrt

_controlfp
_ultow
swprintf_s
_wsetlocale
_vsnwprintf
_except_handler4_common
wprintf
towupper
_getwch
_wcsicmp
wcstoul
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_initterm
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit

ntdll

RtlTimeToTimeFields
RtlSystemTimeToLocalTime
NtQuerySystemTime

user32

LoadStringW

ole32

CoInitializeSecurity
CoUninitialize
CoInitializeEx
CoCreateInstance

iisutil

InitializeSdFromProcessToken
?Append@STRU@@QAEJPBG@Z
?Copy@STRU@@QAEJPBG@Z
?Copy@STRU@@QAEJPBGK@Z
PuDbgPrintError
?Resize@STRU@@QAEJK@Z
?QueryStr@STRU@@QAEPAGXZ
?QuerySizeCCH@STRU@@QBEIXZ
PuDbgPrint
??1STRU@@QAE@XZ
??0STRU@@QAE@PAGK@Z
MakePathCanonicalizationProof
??0STRU@@QAE@XZ
PuLoadDebugFlagsFromRegStr

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

aqnzjkl
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9f54afacad3cafbe55d4698c1de6b95f

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

ntdll

user32

ole32

iisutil

Sections

.text Size: 13KB - Virtual size: 13KB

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 29KB

aqnzjkl Size: - Virtual size: 4KB

.text
Size: 13KB - Virtual size: 13KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 29KB

aqnzjkl
Size: - Virtual size: 4KB