67a9090de2e253e9e612e68a6436bf07cc9eb4bfb06b7d91f6a9ed58fc0de63d

Sharing

Copy URL

Twitter E-mail

General

Target

67a9090de2e253e9e612e68a6436bf07cc9eb4bfb06b7d91f6a9ed58fc0de63d
Size

590KB
MD5

4ecaa97f5baf4ae7ee12afc7b462e8c0
SHA1

9933170175a01bd711129913b7e7521d06b33d42
SHA256

67a9090de2e253e9e612e68a6436bf07cc9eb4bfb06b7d91f6a9ed58fc0de63d
SHA512

dc1fce5b0a64bcf78b994557ba733b7ef9497908387cac897ed817f970f88a98a4f5fc72242f4dccb0533afe67b7169680f8664425d6ab4f15c8cc41a01aa6b7
SSDEEP

12288:37Tg15x8XS3lRkRc4YFwjsWOfRg6gtPbcTTn7qxerx7zk:LcXxWS3/kRc4l6g6gtPbcHn7qk

Score

N/A

Malware Config

Signatures

Files

67a9090de2e253e9e612e68a6436bf07cc9eb4bfb06b7d91f6a9ed58fc0de63d
.exe windows x86

04d8ee76d0a182663f0fc26de23d4858

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
RegCloseKey
ConvertStringSecurityDescriptorToSecurityDescriptorW
CloseTrace
RegCreateKeyExW
OpenProcessToken
TraceMessage
ControlTraceW
EnableTrace
StartTraceW
CheckTokenMembership
GetTokenInformation
CreateWellKnownSid
RegOpenKeyExW
RegQueryValueExW
DuplicateToken

kernel32

GetLocaleInfoW
FormatMessageW
LoadLibraryW
GetProcAddress
FreeLibrary
CreateThread
Sleep
GetLocalTime
GetCalendarInfoW
GetModuleHandleW
LoadLibraryExW
GetVolumePathNameW
ExpandEnvironmentStringsW
MoveFileExW
CreateFileW
DeviceIoControl
FindFirstFileW
FindNextFileW
FindClose
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
GetStartupInfoA
InterlockedCompareExchange
InterlockedExchange
GetVolumeInformationW
GetDriveTypeW
CreateEventW
DeleteCriticalSection
SetEvent
InitializeCriticalSection
GetVolumeNameForVolumeMountPointW
GetDateFormatW
GetTimeFormatW
GetCurrentProcess
EnterCriticalSection
LeaveCriticalSection
SystemTimeToFileTime
FileTimeToSystemTime
WaitForSingleObject
InterlockedPopEntrySList
InitializeSListHead
RtlCaptureStackBackTrace
InterlockedPushEntrySList
InterlockedDecrement
InterlockedIncrement
CloseHandle
SetLastError
GetProcessHeap
HeapSetInformation
SetErrorMode
GetCommandLineW
RegisterApplicationRestart
GetFileAttributesW
DeleteFileW
CreateDirectoryW
GetLastError
LocalFree

gdi32

CreateCompatibleDC
SetLayout
SelectObject
DeleteDC
DeleteObject
GdiFlush
CreateDIBSection
SetTextColor
SetBkColor
ExtTextOutW
CreateFontIndirectW
GetDeviceCaps

user32

SetWindowTextW
EnumWindows
GetWindowTextW
GetDlgItemTextW
SetDlgItemTextW
SendMessageTimeoutW
RegisterWindowMessageW
DestroyWindow
SystemParametersInfoW
ReleaseDC
GetDC
SendMessageW
DialogBoxParamW
SetForegroundWindow
MessageBoxW
MoveWindow
GetWindowRect
GetClientRect
ClientToScreen
GetSystemMetrics
DestroyIcon
EndPaint
GetSysColor
MapWindowPoints
GetDlgItem
BeginPaint
SetFocus
SetWindowLongW
GetWindowLongW
ShowWindow
EndDialog
EnableWindow
PostMessageW
SetWindowPos
LoadImageW
LoadStringW
CheckDlgButton
IsDlgButtonChecked
InflateRect
DrawFrameControl
OffsetRect
SetTimer
GetSysColorBrush
KillTimer
GetDesktopWindow
ChangeWindowMessageFilter

msvcrt

memset
memmove
wcstok
_wtol
??2@YAPAXI@Z
_purecall
_vscwprintf
memcpy
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
exit
_acmdln
_initterm
_amsg_exit
__setusermatherr
__p__commode
__p__fmode
__set_app_type
?terminate@@YAXXZ
_except_handler4_common
_controlfp
_wcsicmp
??3@YAXPAX@Z
iswspace
_vsnwprintf
wcschr

shell32

CommandLineToArgvW
ShellExecuteExW
SHGetFileInfoW
SHGetStockIconInfo

ole32

CoCreateInstance
CoInitializeSecurity
CoInitializeEx
CoUninitialize
CoTaskMemAlloc
CoTaskMemFree
CoDisconnectObject

oleaut32

VariantInit
VariantTimeToSystemTime
SysFreeString
SysStringLen
SystemTimeToVariantTime
SysAllocString
VariantClear

comctl32

ImageList_Add
ImageList_AddMasked
ImageList_ReplaceIcon
ImageList_Create
ord345
InitCommonControlsEx
ord344
ImageList_Destroy

ntdll

RtlAllocateHeap
RtlFreeHeap
WinSqmAddToStream
EtwTraceMessage
RtlGetLastNtStatus

virtdisk

GetStorageDependencyInformation

sxshared

SxTracerDebuggerBreak
SxTracerGetThreadContextRetail
SxTracerShouldTrackFailure

Sections

.text
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 463KB - Virtual size: 462KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

04d8ee76d0a182663f0fc26de23d4858

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

msvcrt

shell32

ole32

oleaut32

comctl32

ntdll

virtdisk

sxshared

Sections

.text Size: 97KB - Virtual size: 97KB

.data Size: 5KB - Virtual size: 5KB

.rsrc Size: 463KB - Virtual size: 462KB

.reloc Size: 24KB - Virtual size: 27KB

.text
Size: 97KB - Virtual size: 97KB

.data
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 463KB - Virtual size: 462KB

.reloc
Size: 24KB - Virtual size: 27KB