0158b6397c05613675831a4b3e81153e18652cb459a83e8d77bdd078582e3ad7

Sharing

Copy URL Twitter E-mail

General

Target

0158b6397c05613675831a4b3e81153e18652cb459a83e8d77bdd078582e3ad7
Size

5.2MB
MD5

44b3705163fb3eefa68ad04f7a1ddffd
SHA1

3c0e31318e043fd749a0cee0a1ec201dcb723f7e
SHA256

0158b6397c05613675831a4b3e81153e18652cb459a83e8d77bdd078582e3ad7
SHA512

c28bf92c4486d823867d34cba9c5a1e160e770762c52aa7c683af1b764b5cb824f6f9ec4894f0a4e809d998973eaae9856cbc1d841d8212f87397ecf8fd5451b
SSDEEP

98304:lvoHuFTZhyLLjpa4Wsd+DjiC3klTWmXjaQke1MQIH9Tc:lqEdsjAiC3kcmu5VQ+Nc

Score

N/A

Malware Config

Signatures

Files

0158b6397c05613675831a4b3e81153e18652cb459a83e8d77bdd078582e3ad7
.exe windows x86

179d4249606354216d00397210be5d46

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetThreadContext
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

wtsapi32

WTSSendMessageW

user32

GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW

Exports

Exports

ӞC��8��b�/��qT��q�p9]��84y��Z��֙wb��K%��;&�ȱ�V5�m��1 �X[n�,8I�C�P��B�t��}��u��ɛ�D�&�ƽ��7x��b��۠d�1ؑ=I��_e�s�MG ĩ)��>7D0�ђ��]2�۟��ѿ 9g ��0.��?�Wg ��[��D�_��Z��\��-�ʿII`�fc#�y�]#��zd'�� sL\��rFGC7A�ԃ�L�.0vC�mwi�)�G[@�ޥFҵ,�Y��e�nS��a�NܧO��>�oY��/��G|��wa�S//Y赯�X|��x�^�Ce��3�,�n�Z��⨱5W�cf�A�$��"C�_'zId3��"��'P�$�� ֎�wy��6A��"=��z%Ŀ�nlS��M��y ��]�j��2�<m��(�y�YfS��`�:�TP��\o�I�% ��غz'B.��۟�3�)o�u�xg��*��i��ۻJ�� *�;�3z��H0;��K�o6u"<G70D��d��1�� w�\xAp�VY��.��`�m�@��ua)|�1H��6��c�ֹ�/އsM98bl�>�1A�?�^D�{�-e�)��0l(�m�(cY�6��X�-�6��`#Ͻ��(��J9/pV�r⫲�%�$.��Hd��B8 V��e�Ԏ��-}��p�G#��<j$�Vs@D�Z3�Uo5z�Z9×��C�0��U= ��3�._a!GCj��<�U��NY_�&�� K�2�!M\��:��O<١�W��N�f�Y�D� �XG��i��}�8C��S��q`��- X�$�hJd��r�D��6�tM��U,��?)Z ��״�>1��q��dU�J=��l+��P�/=�O��m\��tt�3dm&�f�g��fyٌTy��L/�S��n�3�/c��r3�>B2'��ш�AWF�?U�px�tƎK��[;D�j�!�te��>]��8 H��V2N/`6�wj��l�}WUa��I��A�O)��P�9��6��.�8ԙ �VI�'��򛓶G�֫H0駦��:��#��@�:!h�fOu'�N��-؏id.q\�IR�4�u�[D:�� ,�qQ��m��l|l�H�.�[[��sl��o��m�kN��M��sL�uR��g$�Z�G��`�� b�C�]�x*�?��j��z��?C��3��0��lB�a�`g��1%rbK�Jd��G�}gÂz��p�U�w՞C�l�zHI��ZN��C��7��b6��پo�)�Vq��N2�u\��!�� yw+L`u+�Q��G�%/�k�[M9E#u��L�oG�"�T< ��\`��@��]�nmt��;�k�Z��Պt��>]ы��TY ��|��`��'�e��گr)y�E4 ��\�S@I1�L�Z(�;z� 0��Q{8_뽰��`�G�΄�X��2�y�]#��eVy�dE`��(�ۧ@k��J�չ=4�F.�rq �� ]�e��+��jDk�9O��g��vN�(UK�&�L��#޲�O*3��]��U<�� Ra�so�=_39?KX�$s��DM��-�� y�9@��ϧ�7��9�z�?��~V~�gf:+��ꀂ��\vWqI ��1�^ t'�G�d�&kQ��xl�UX��:;C�sJVs��D�}��c��+R�S@/C�k��ڐFnc�=�,��̠�}��'��ކx1j�y��|T s��gN�8�:�J�e[ąk)�:^��E0�[�0�䤙�+]��.0PUL[ �hm�t!�@�$�Y+��^�� ,��2p��VAQ��9�@��Xu��U��N_sm��~�&��ԃG�V�L�=�y:�F�2��ൗ��^ڮ��5�A�l�%�C�ӭ�z��op�M��̻?�f�2�?<A�l J32�&Ng�m��ì�u��V��+�w�ۑݙ�(�Qk��u��.�-U�3��m�)0Y9}^�N ��m[Ks��gs'�Z�ҋ�ƆM6��ϥ!{п�D��엻�q@��uW<e�{+)�˛f��d�c�Adl��>^��)+��,��n8g`#��BZW3p�`�G��܉^��P �K�X�� hX N-�zy�fQd딒�M��(a��7M��)�� qB&�dV��z,@y �$xR��2�� l�!�*��+��Jz@�'�"̌�ٳ�$��ܯ�ŗ�;)�Y��w�M��Иh9�H��7�ݩ��?MU�� 2��~�z"�@h�;>�L��ӒV1w.o�j��=�D($Qx{>�]�4��tz��|'�ni��圯�HIp�� z�i��C��j°%P�ah��S�p�j�=��%�ԉ�B��;��fJ��J��cMb~X;K;W� � J��W�_9��x�V��X�0��`[ ��`Vj��d��m�&��w4~��|)Y�#(� 1��C_6��P�4�EQ��r䔪�$��$M�3�i��}xb"c�u�> !�W��؅cY ��"�cOO��*��l֛Ioõ&��t&,�H�Ui�H�L=��ɵ�H�շ�L�}'@�=�C\��A��/n�P�8�J��K�Y��x� ]IL�TsGxP�Ȇ齀�W��O��$м�Ӊs�Dk�T��g��*��YS�;�%��k{��1�\M|t7�h��2��)��H��aw�~�L�p7t ��r_�%]��L�f��@n$�.�n��r�?�8��K��F��/rWW�}͕�p�4��U � �x�R�-'dv�� kX�;n��)ȫ�̼��y�z��!T�

Sections

.text
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PEPY.exe
Size: - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PEPY.exe
Size: 5.2MB - Virtual size: 5.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 434B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

179d4249606354216d00397210be5d46

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

wtsapi32

user32

Exports

Exports

Sections

.text Size: - Virtual size: 32KB

.rdata Size: - Virtual size: 12KB

.data Size: - Virtual size: 1.8MB

PEPY.exe Size: - Virtual size: 2.8MB

PEPY.exe Size: 5.2MB - Virtual size: 5.2MB

.rsrc Size: 512B - Virtual size: 434B

.text
Size: - Virtual size: 32KB

.rdata
Size: - Virtual size: 12KB

.data
Size: - Virtual size: 1.8MB

PEPY.exe
Size: - Virtual size: 2.8MB

PEPY.exe
Size: 5.2MB - Virtual size: 5.2MB

.rsrc
Size: 512B - Virtual size: 434B