29a230c248b10f8a50e2c3e1b2e45842667d8c4e75d063bbcfe393bd9120daf3

Sharing

Copy URL Twitter E-mail

General

Target

29a230c248b10f8a50e2c3e1b2e45842667d8c4e75d063bbcfe393bd9120daf3
Size

39KB
MD5

1c81250810d3bd0293a94404f38e66a0
SHA1

a056f9028fb6082aa60323bbfac97a6c5d43a92b
SHA256

29a230c248b10f8a50e2c3e1b2e45842667d8c4e75d063bbcfe393bd9120daf3
SHA512

ee1eee8fa88ae0fe1f49cd6048c1ed4feeb221f8160448ccd20d708f8535b6656e510c2036010fc4bd4fac49ae9a6a01c436b083261b08a222ea7e92c959b71e
SSDEEP

768:7ojbjqkHDKF/BWbT63Q2z/aDnkSqt3rm8sTM6hdpQvo:kHj3DW/BWb+nyDnkSC7zsT7mg

Score

N/A

Malware Config

Signatures

Files

29a230c248b10f8a50e2c3e1b2e45842667d8c4e75d063bbcfe393bd9120daf3
.exe windows x86

5d029e86305e38cdce0c809c2a7a3120

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
GetCommandLineW
SetErrorMode
VirtualFree
OpenEventW
GetEnvironmentVariableW
HeapReAlloc
CreateProcessW
HeapAlloc
SystemTimeToFileTime
HeapFree
CreateDirectoryW
SetFileTime
WideCharToMultiByte
ReadProcessMemory
FreeLibrary
FlushFileBuffers
ReadFile
MultiByteToWideChar
GetTempPathW
GetFileSizeEx
OpenMutexW
GetLastError
VirtualProtect
GetFileTime
GetVolumeNameForVolumeMountPointW
DeleteFileW
SetFileAttributesW
WTSGetActiveConsoleSessionId
VirtualAlloc
CreateFileW
WriteFile
GetModuleHandleW
LoadLibraryW
LocalFree
GetSystemTime
lstrcmpiA
LoadLibraryA
GetProcAddress
ExpandEnvironmentStringsW
GetCurrentThread
SetEvent
CreateMutexW
GetFileAttributesExW
CloseHandle
WaitForMultipleObjects
CreateEventW
lstrcmpiW
GetFileAttributesW
Sleep
ReleaseMutex
GetTickCount
WaitForSingleObject

user32

CharToOemW
CharUpperW

advapi32

ConvertSidToStringSidW
RegOpenKeyExW
RegCloseKey
IsWellKnownSid
OpenProcessToken
OpenThreadToken
GetTokenInformation
RegCreateKeyExW
RegQueryValueExW
CreateProcessAsUserW
SetNamedSecurityInfoW
LookupPrivilegeValueW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
AdjustTokenPrivileges
EqualSid

shlwapi

StrCmpNIW
wvnsprintfA
PathRemoveBackslashW
PathUnquoteSpacesW
PathAddExtensionW
PathCombineW
PathSkipRootW
PathAddBackslashW
PathIsDirectoryW
wvnsprintfW
UrlUnescapeA
PathIsURLW
PathRemoveFileSpecW

shell32

ShellExecuteW
SHGetFolderPathW
CommandLineToArgvW

ole32

CLSIDFromString
CoUninitialize
CoInitializeEx

wininet

InternetQueryOptionA
InternetSetOptionA
InternetOpenA
HttpOpenRequestA
InternetCrackUrlA
InternetConnectA
HttpSendRequestA
InternetReadFile
HttpQueryInfoA
InternetCloseHandle

netapi32

NetApiBufferFree
NetUserEnum
NetUserGetInfo

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5d029e86305e38cdce0c809c2a7a3120

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

shell32

ole32

wininet

netapi32

Sections

.text Size: 32KB - Virtual size: 31KB

.data Size: 512B - Virtual size: 6KB

.idata Size: 3KB - Virtual size: 3KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 32KB - Virtual size: 31KB

.data
Size: 512B - Virtual size: 6KB

.idata
Size: 3KB - Virtual size: 3KB

.reloc
Size: 1KB - Virtual size: 1KB