f1c6a47ac95ce77c9794dab6056f49738a84cf9e443350ccecc5918829b2c195

Sharing

Copy URL

Twitter E-mail

General

Target

f1c6a47ac95ce77c9794dab6056f49738a84cf9e443350ccecc5918829b2c195
Size

244KB
MD5

796f5aaf5dbdbcff4a04358e45f28920
SHA1

4695faa6d9c02fdb02cd91629e8b3eca2f14fa56
SHA256

f1c6a47ac95ce77c9794dab6056f49738a84cf9e443350ccecc5918829b2c195
SHA512

f6770a548c83aa950408490e45d3289e1d22d5eca567e4e637b135fb7085f78fe26663d7c4fdc7df83575030a1c1015d51b0980d9550509ebf33335c6fee7815
SSDEEP

6144:hKxMcnHkSbJCtBvwYkbvzXRrhWeW835EkbroAx:+HZYBo3h3fh

Score

N/A

Malware Config

Signatures

Files

f1c6a47ac95ce77c9794dab6056f49738a84cf9e443350ccecc5918829b2c195
.exe windows x86

5b526f62ae8f014848243b28f1bcc500

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlUnwind
memmove

shlwapi

StrStrW
PathAddExtensionW
PathAppendW
StrCpyW
StrSpnW
StrChrW
PathSkipRootW

kernel32

MultiByteToWideChar
LoadLibraryW
CreateMutexW
OutputDebugStringW
GetModuleHandleW
Sleep
lstrlenW
GetUserDefaultUILanguage
lstrcmpA
GetTickCount
LocalAlloc
LocalFree
GetModuleFileNameW
HeapSize
EnterCriticalSection
GetStringTypeW
LeaveCriticalSection
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
HeapCreate
InterlockedDecrement
GetCurrentThreadId
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
DeleteCriticalSection
lstrcpynA
VirtualQuery
HeapAlloc
HeapFree
HeapReAlloc
GetCommandLineA
HeapSetInformation
GetStartupInfoW
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
EncodePointer
DecodePointer
GetProcAddress
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType

user32

GetMessageW
PostQuitMessage
GetWindowDC
GetFocus
DialogBoxParamW
LoadCursorW
BeginPaint
TranslateMessage
SetCursor
LoadIconW
EndPaint
GetCursorPos
ShowWindow
CreateWindowExW
MessageBoxW
UpdateWindow
GetScrollPos
DefWindowProcW
DispatchMessageW
PrintWindow
GetDlgItem
ReleaseDC
GetClientRect
RegisterClassExW
LoadMenuW

gdi32

GetTextAlign
CreateBitmap
SetTextAlign
TextOutW
CreateCompatibleDC

Sections

.text
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 512B - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 173KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5b526f62ae8f014848243b28f1bcc500

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

shlwapi

kernel32

user32

gdi32

Sections

.text Size: 41KB - Virtual size: 40KB

.rdata Size: 17KB - Virtual size: 17KB

.data Size: 4KB - Virtual size: 7KB

.bss Size: 512B - Virtual size: 188B

.rsrc Size: 173KB - Virtual size: 172KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 41KB - Virtual size: 40KB

.rdata
Size: 17KB - Virtual size: 17KB

.data
Size: 4KB - Virtual size: 7KB

.bss
Size: 512B - Virtual size: 188B

.rsrc
Size: 173KB - Virtual size: 172KB

.reloc
Size: 6KB - Virtual size: 6KB