c642621330782990698a627fbe24ad154d59e473243ce60d7c6a5d216a426d0e

Sharing

Copy URL Twitter E-mail

General

Target

c642621330782990698a627fbe24ad154d59e473243ce60d7c6a5d216a426d0e
Size

548KB
MD5

63dd828d61477f8f76aa8a309bfc0390
SHA1

2e540fb0cd37fd55fb4fe65e3a1e6967ccf3b6d3
SHA256

c642621330782990698a627fbe24ad154d59e473243ce60d7c6a5d216a426d0e
SHA512

674a43f205e319f6f84c8a0b6628ebf47c79217dac940a28efb090fd0d448b29b0631a10132562e8129bec30db232cf4cec6397d2248052c2f02b4a20bd1951d
SSDEEP

12288:JYFspGqJtygevFrkAYQb2yQWdYLDQJi37WDtYoADmXhSp:JVjyNnLQWeqVHSp

Score

N/A

Malware Config

Signatures

Files

c642621330782990698a627fbe24ad154d59e473243ce60d7c6a5d216a426d0e
.exe windows x86

9aa054fb2c031461d9ed3a067526ee96

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLocalTime
GetCurrentDirectoryW
WaitForMultipleObjects
ReleaseMutex
InitializeCriticalSectionAndSpinCount
GetVolumeInformationW
CreateMutexW
ReadProcessMemory
ConnectNamedPipe
WaitForSingleObject
GetThreadPriority
InterlockedDecrement
GetLastError
WriteFile
DeleteFileW
GetSystemTimeAsFileTime
GetSystemDirectoryW
HeapAlloc
GetSystemPowerStatus
RemoveDirectoryW
LocalAlloc
GetFileAttributesW
GetDiskFreeSpaceW
SwitchToThread
GetProcAddress
CreateEventW
SetUnhandledExceptionFilter
SetErrorMode
WaitForSingleObjectEx
FlushViewOfFile
ResetEvent
GetLogicalDrives
LoadLibraryExW
GetVersionExW
FormatMessageW
SetFilePointer
PeekNamedPipe
GetThreadLocale
GetTickCount
DeleteCriticalSection
GetCurrentThread
LocalFree
VirtualUnlock
GetCurrentProcessId
WideCharToMultiByte
IsDBCSLeadByteEx
GetComputerNameW
SetThreadLocale
SetLastError
MapViewOfFile
GetOverlappedResult
SetProcessWorkingSetSize
WriteFileEx
HeapSize
CompareFileTime
SetNamedPipeHandleState
GetLongPathNameW
ReadFile
FreeLibrary
GetSystemInfo
OpenFileMappingW
GlobalLock
LocalFileTimeToFileTime
CreateFileMappingW
OpenEventW
SetPriorityClass
GetCPInfo
SetEvent
InterlockedIncrement
HeapFree
TransactNamedPipe
OpenProcess
ExpandEnvironmentStringsW
FlushFileBuffers
UnmapViewOfFile
SleepEx
GetCalendarInfoW
WaitForMultipleObjectsEx
VirtualFree
GlobalAlloc
CreateDirectoryW
EnterCriticalSection
CreateNamedPipeW
FoldStringW
IsValidLocale
GetDiskFreeSpaceExW
SetFileAttributesW
CompareStringW
GetModuleFileNameW
DuplicateHandle
CreateThread
QueryDosDeviceW
GetStringTypeW
SetEndOfFile
CloseHandle
GetFileAttributesExW
InterlockedExchange
LeaveCriticalSection
HeapCreate
FindNextFileW
SearchPathW
ReadFileEx
GetThreadTimes
MultiByteToWideChar
GetFileSize
SetThreadPriority
WaitNamedPipeW
QueueUserAPC
ResumeThread
lstrlenA
HeapDestroy
CancelIo
SystemTimeToFileTime
GetSystemDefaultLCID
GlobalFree
IsBadWritePtr
GetExitCodeProcess
TryEnterCriticalSection
FileTimeToSystemTime
FindClose
CreateFileW
SetCurrentDirectoryW
GetDriveTypeW
DisconnectNamedPipe
GetSystemTime
GetACP
QueryPerformanceCounter
GlobalUnlock
LCMapStringW
LoadLibraryA
GetUserDefaultLCID
GetCurrentProcess
FindFirstFileW
GetLocaleInfoW
GetOEMCP
DeviceIoControl

advapi32

RegConnectRegistryW
LsaOpenSecret
SetSecurityDescriptorOwner
GetNamedSecurityInfoW
LsaOpenPolicy
RegisterServiceCtrlHandlerExW
ImpersonateNamedPipeClient
RegDeleteValueW
GetLengthSid
ImpersonateLoggedOnUser
ChangeServiceConfigW
QueryServiceStatus
OpenThreadToken
LsaSetSecret
RegQueryInfoKeyW
RevertToSelf
RegEnumKeyExW
RegEnumKeyW
LsaRetrievePrivateData
ReportEventW
RegQueryValueExW
RegOpenKeyExW
InitializeSecurityDescriptor
OpenSCManagerW
RegSetValueExW
SetNamedSecurityInfoW
LsaNtStatusToWinError
CopySid
SetSecurityDescriptorDacl
LogonUserW
SetFileSecurityW
SetSecurityDescriptorSacl
RegCreateKeyExW
SetSecurityDescriptorGroup
AccessCheck
AllocateAndInitializeSid
RegDeleteKeyW
QueryServiceConfigW
AddAccessAllowedAce
RegOpenKeyW
LsaCreateSecret
FreeSid
OpenServiceW
GetUserNameW
SetServiceStatus
RegOpenKeyA
RegisterEventSourceW
StartServiceW
RegCloseKey
GetSecurityDescriptorLength
RegEnumValueW
InitializeAcl
CloseServiceHandle
AddAce
DeregisterEventSource
ControlService
LsaClose
LsaFreeMemory

msvcrt

_wfopen
iswalpha
strncpy
__CxxFrameHandler
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
mbstowcs
free
fgets
_itow
_strnicmp
iswspace
toupper
isalpha
wcscat
isdigit
memmove
??1type_info@@UAE@XZ
_CxxThrowException
wcschr
wcslen
isxdigit
_wcsnicmp
_wcslwr
realloc
wcstombs
strtoul
wcsrchr
_ftol
qsort
wcscpy
wcstol
??3@YAXPAX@Z
fclose
_wcsicmp
wcstod
?terminate@@YAXXZ
_wcsupr
_ultow
wcstoul
_except_handler3
towlower
_initterm
wcsncpy
_stricmp
wcscspn
strcspn
wcscmp
_wsplitpath
iswdigit
malloc
__dllonexit
_adjust_fdiv
wcsspn
wcsncmp
towupper
sprintf
strchr
swscanf
_onexit
bsearch
swprintf
_errno
wcsstr

user32

RegisterDeviceNotificationW
PeekMessageW
DispatchMessageW
TranslateMessage
wsprintfW
GetLastInputInfo
MsgWaitForMultipleObjects
UnregisterDeviceNotification

ole32

StgOpenStorage
StgPropertyLengthAsVariant
StringFromGUID2
CreateStreamOnHGlobal
PropSysAllocString
CoFileTimeNow
StgConvertVariantToProperty
CoTaskMemAlloc
CoUninitialize
CoFreeUnusedLibraries
CLSIDFromString
CoGetClassObject
PropVariantClear
PropSysFreeString
CreateBindCtx
CoCreateInstance
CoInitializeEx
CoTaskMemFree
CoSetProxyBlanket
FreePropVariantArray
PropVariantCopy
GetClassFile
StgConvertPropertyToVariant

ntdll

NtNotifyChangeDirectoryFile
NtQuerySystemInformation
RtlInitUnicodeString
NtQueryVolumeInformationFile
RtlNtStatusToDosError
NtOpenThreadToken
NtQuerySecurityObject
NtOpenProcessToken
RtlCaptureStackBackTrace
RtlUnicodeStringToOemString
NtDeviceIoControlFile
NtWaitForSingleObject
NtFsControlFile
NtDuplicateToken
RtlInitAnsiString
NtSetInformationFile
NtClose
RtlQueryRegistryValues
NtOpenKey
NtQueryInformationFile
NtQuerySystemTime
NtQueryDirectoryFile
NtNotifyChangeKey
RtlFreeHeap
NtCreateFile
RtlUpcaseUnicodeChar
RtlDosPathNameToNtPathName_U
NtQueryInformationToken
NtQueryInformationProcess
NtCancelIoFile
RtlOemStringToUnicodeString
NtCreateEvent
NtOpenFile

rpcrt4

CStdStubBuffer_QueryInterface
NdrCStdStubBuffer_Release
CStdStubBuffer_AddRef
CStdStubBuffer_Invoke
IUnknown_QueryInterface_Proxy
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_DebugServerRelease
NdrDllGetClassObject
CStdStubBuffer_Disconnect
NdrDllUnregisterProxy
NdrDllRegisterProxy
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
UuidFromStringW
CStdStubBuffer_Connect
CStdStubBuffer_DebugServerQueryInterface
NdrOleFree
NdrOleAllocate

shell32

SHGetDesktopFolder
SHBindToParent

Sections

.9618ds
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.B^br5
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.@#RFER
Size: 175KB - Virtual size: 175KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.N^UHQt
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.h46asrg
Size: 178KB - Virtual size: 178KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.64h4aer
Size: 130KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9aa054fb2c031461d9ed3a067526ee96

Headers

File Characteristics

Imports

kernel32

advapi32

msvcrt

user32

ole32

ntdll

rpcrt4

shell32

Sections

.9618ds Size: 2KB - Virtual size: 1KB

.B^br5 Size: 512B - Virtual size: 2B

.@#RFER Size: 175KB - Virtual size: 175KB

.N^UHQt Size: 59KB - Virtual size: 59KB

.h46asrg Size: 178KB - Virtual size: 178KB

.64h4aer Size: 130KB - Virtual size: 129KB

.9618ds
Size: 2KB - Virtual size: 1KB

.B^br5
Size: 512B - Virtual size: 2B

.@#RFER
Size: 175KB - Virtual size: 175KB

.N^UHQt
Size: 59KB - Virtual size: 59KB

.h46asrg
Size: 178KB - Virtual size: 178KB

.64h4aer
Size: 130KB - Virtual size: 129KB