d71478ba925a1327bdc43d27b800880637af0f4e4b46fe6ecaf911727e79814b

General

Target

d71478ba925a1327bdc43d27b800880637af0f4e4b46fe6ecaf911727e79814b
Size

273KB
MD5

6c0399753719205fa7311fc088afd870
SHA1

93899494157f4edcc77fd666f4199b5a4f6e1815
SHA256

d71478ba925a1327bdc43d27b800880637af0f4e4b46fe6ecaf911727e79814b
SHA512

c913f1988f79a0e2e2b574e18bd507f4fd7e9490d946f5a242a4c85b97e2ea4a0a04e9608b23c8f46e597e32febe5346609db113bcb468c261bacdd9df217fe6
SSDEEP

6144:keIg852Ex3ypL6+D29DhuynP5tJ1EpiDi8dwVik5W86O7cyRe:keIjzipO6pynPvYiDiYwVE87FA

Score

N/A

Malware Config

Signatures

Files

d71478ba925a1327bdc43d27b800880637af0f4e4b46fe6ecaf911727e79814b
.exe windows x86

c40ff7edfd6e5049f4cb4373fee1f5f9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SleepEx
CreateFileA
GetProcAddress
OpenEventA
LCMapStringW
MapViewOfFile
GetSystemInfo
VirtualFree
ResetEvent
ReleaseSemaphore
ReadFile
SetFilePointer
OpenMutexA
GlobalAlloc
WriteFile
UnmapViewOfFile
GetTickCount
lstrlenA
CreateDirectoryA
WaitForSingleObject
CreateThread
CreateMutexA
CloseHandle
ReleaseMutex
CreateSemaphoreA
SetThreadPriority
GetUserDefaultLangID
CompareStringW
InterlockedIncrement
GetLastError
lstrcmpA
ReadFileEx
GetFileAttributesA
GetModuleFileNameA
lstrcpyA
SetEvent
FreeLibrary
InterlockedDecrement
WaitForSingleObjectEx
ExpandEnvironmentStringsA
SetEndOfFile
WaitForMultipleObjects
OpenFileMappingA
FindClose
LocalAlloc
GetDiskFreeSpaceA
GetModuleHandleA
EnterCriticalSection
GetCurrentProcessId
LeaveCriticalSection
RemoveDirectoryA
WriteFileEx
CreateEventA
FindNextFileA
OpenSemaphoreA
GlobalFindAtomA
LoadLibraryW
GetExitCodeThread
DeleteCriticalSection
GlobalFree
FindFirstFileA
GetFileSize

advapi32

GetLengthSid
RegisterEventSourceA
SetSecurityDescriptorDacl
RegDeleteValueA
FreeSid
RegCreateKeyExA
RegSetValueExA
InitializeAcl
ReportEventA
RegDeleteKeyA
RegOpenKeyExA
RegCloseKey
DeregisterEventSource
RegQueryValueExA
AllocateAndInitializeSid

msvcrt

fprintf
toupper
printf
isprint
_fullpath
strncmp
memmove
strncpy
vprintf
_strnicmp
fopen
_iob
rand
_itoa
_stricmp
wcslen
_makepath
fclose
_strupr
fflush
_ftol
_splitpath
sprintf

Sections

.text
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c40ff7edfd6e5049f4cb4373fee1f5f9

Headers

File Characteristics

Imports

kernel32

advapi32

msvcrt

Sections

.text Size: 140KB - Virtual size: 139KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 73KB - Virtual size: 73KB

.rsrc Size: 50KB - Virtual size: 49KB

.text
Size: 140KB - Virtual size: 139KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 73KB - Virtual size: 73KB

.rsrc
Size: 50KB - Virtual size: 49KB