49327d74d84a839d08f0f2a031f917aaf082b5ddb7f7a85f209783da920b6468

Sharing

Copy URL Twitter E-mail

General

Target

49327d74d84a839d08f0f2a031f917aaf082b5ddb7f7a85f209783da920b6468
Size

20KB
MD5

6f0fa9613cd9d366ae38d4a56e34f68d
SHA1

912e33972521f3a7a0b6a3ae1eb0bd8ec69c547b
SHA256

49327d74d84a839d08f0f2a031f917aaf082b5ddb7f7a85f209783da920b6468
SHA512

0c6169f11a3cea9245b870942d81661eb17db87bf17df1d6b7a81c03b03b0f881c7405eebbaf5797f91b45ac61fb00d09600dc86f6c4b11a5f270021c5cb4def
SSDEEP

384:wwvemZ77+0hzaQAXU31rkyzFJy7C3oGKsozsEDPaKTlGOB:wwvLYGl/Hw7zsEDPa6B

Score

N/A

Malware Config

Signatures

Files

49327d74d84a839d08f0f2a031f917aaf082b5ddb7f7a85f209783da920b6468
.exe windows x86

1dcc627aceacd3502d521f91cee49b84

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wtsapi32

WTSEnumerateSessionsA
WTSFreeMemory

kernel32

CreateEventA
GetCurrentThreadId
GetTickCount
WaitForMultipleObjects
ExitProcess
GetSystemTimeAsFileTime
GetVersionExA
GetLastError
OutputDebugStringA
CreateToolhelp32Snapshot
Process32First
Process32Next
ProcessIdToSessionId
lstrcpyA
GetCurrentProcessId
WaitForSingleObject
OpenProcess
GetCurrentThread
GetCurrentProcess
CloseHandle
TerminateProcess
SetErrorMode
CreateProcessA
SetEvent
SetConsoleCtrlHandler
GetModuleHandleA
LocalFree
GetProcAddress
Sleep
GetModuleFileNameA
AllocConsole
GetStdHandle
GlobalAlloc
GlobalFree
FormatMessageA
QueryPerformanceCounter

user32

RegisterWindowMessageA
BroadcastSystemMessageA
RegisterClassA
CreateWindowExA
DefWindowProcA
DestroyWindow

advapi32

OpenSCManagerA
RegCreateKeyExA
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
StartServiceA
RegDeleteValueA
OpenServiceA
ControlService
QueryServiceStatus
DeleteService
CreateServiceA
CloseServiceHandle
ChangeServiceConfig2A
RegDeleteKeyA
RegCreateKeyA
RegSetValueExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegisterEventSourceA
ReportEventA
DeregisterEventSource
SetServiceStatus
GetUserNameA
LookupAccountNameA
IsValidSid
GetLengthSid
CopySid

msvcr71

_onexit
_controlfp
_strdup
__dllonexit
_strlwr
_purecall
??_U@YAPAXI@Z
??_V@YAXPAX@Z
_mbscmp
_mbslen
fprintf
_iob
_fdopen
_open_osfhandle
setvbuf
_mbsrchr
_mbsicmp
sprintf
strstr
free
malloc
__CxxFrameHandler
??3@YAXPAX@Z
__security_error_handler
_except_handler3
_c_exit
_exit
_XcptFilter
_cexit
exit
__p___initenv
_amsg_exit
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1dcc627aceacd3502d521f91cee49b84

Headers

File Characteristics

Imports

wtsapi32

kernel32

user32

advapi32

msvcr71

Sections

.text Size: 11KB - Virtual size: 11KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 104B

.rsrc Size: 2KB - Virtual size: 2KB

.text
Size: 11KB - Virtual size: 11KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 104B

.rsrc
Size: 2KB - Virtual size: 2KB