8b636922aa65644c9875a015768d00d6e354c7733a4a8df28d88c9b19f326785

Sharing

Copy URL

Twitter E-mail

General

Target

8b636922aa65644c9875a015768d00d6e354c7733a4a8df28d88c9b19f326785
Size

664KB
MD5

81f91a1ef5cb62bdbbcef33ded53777b
SHA1

8100dd0898cd3f9c34010a28dd27af0d79db47af
SHA256

8b636922aa65644c9875a015768d00d6e354c7733a4a8df28d88c9b19f326785
SHA512

4045878c2e7a18bc41411d0eb06539ae62cb8b2e9634747831629f26bdd4c2dc1da21e105fcd5aee44ba690247d3c9c39efaa1b22cf3e2c681e77b3c65c33b2d
SSDEEP

3072:HcJNZOwbC7cC7p0U2aC8bQ0UsdJgjZPHtaS/t+d3:+ZOwbC7cC7yjB8n2j9Hta7d3

Score

N/A

Malware Config

Signatures

Files

8b636922aa65644c9875a015768d00d6e354c7733a4a8df28d88c9b19f326785
.exe windows x86

9c86e01db993b89fa0cec91776a5f9d2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathRemoveFileSpecW

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
InterlockedIncrement
GetCommandLineW
LocalFree
GetModuleFileNameW
OutputDebugStringW
InterlockedDecrement
SetErrorMode
InterlockedExchange
GetDriveTypeW
Sleep
DecodePointer
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
EncodePointer
GetStartupInfoW
HeapSetInformation
InterlockedCompareExchange

user32

PostQuitMessage
TranslateMessage
GetMessageW
DispatchMessageW

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

shell32

CommandLineToArgvW

ole32

FreePropVariantArray
CoCreateInstance
CoUninitialize
CoInitialize
CoRegisterClassObject
CoRevokeClassObject

oleaut32

SysFreeString
SysStringByteLen
SysAllocStringByteLen
SysAllocString

msvcp100

?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z

msvcr100

_invoke_watson
_onexit
_lock
__dllonexit
_unlock
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
_controlfp_s
__CxxFrameHandler3
_wspawnlp
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABV01@@Z
memmove
memcpy
wcsncpy
??_V@YAXPAX@Z
??3@YAXPAX@Z
??2@YAPAXI@Z
_swprintf
_wcsnicmp
wcsncat
_CxxThrowException
memset
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
exit
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_commode
_fmode
__set_app_type
_except_handler4_common
_crt_debugger_hook

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 635KB - Virtual size: 636KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9c86e01db993b89fa0cec91776a5f9d2

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

user32

advapi32

shell32

ole32

oleaut32

msvcp100

msvcr100

Sections

.text Size: 14KB - Virtual size: 13KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 635KB - Virtual size: 636KB

.text
Size: 14KB - Virtual size: 13KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 635KB - Virtual size: 636KB