5beee36a1fddc9b00e69c58bd5a9d0f6f447c25a5c89111d58e717a188910a68

Sharing

Copy URL

Twitter E-mail

General

Target

5beee36a1fddc9b00e69c58bd5a9d0f6f447c25a5c89111d58e717a188910a68
Size

538KB
MD5

91118ba21ce0e44c7248df122f81e712
SHA1

4a0205e96e13412e5beff67a2c4504a693e581e1
SHA256

5beee36a1fddc9b00e69c58bd5a9d0f6f447c25a5c89111d58e717a188910a68
SHA512

6109f816c4c291bf69b593694e28cdbf7968a694918f50ef3a0d1aa3feba916f2d6377422cbe5740c4043b1384e5b106089fda064f5a17da19c3f9891277dab2
SSDEEP

6144:GJgqV8jLJZw1rOt9pdYamXnrdbMKw7w1rOt9pdYamXnrdbMKwOeQbB4FX:GJUS5OLpdNIrd4Ds5OLpdNIrd4DOe

Score

N/A

Malware Config

Signatures

Files

5beee36a1fddc9b00e69c58bd5a9d0f6f447c25a5c89111d58e717a188910a68
.exe windows x64

fc16d9175abe9f0be80e693c9e8bfbd7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegCreateKeyExW
RegDeleteValueW
AllocateAndInitializeSid
FreeSid
CheckTokenMembership
RegCloseKey
RegSetValueExW
RegCreateKeyW
RegSetValueExA
RegQueryValueExA
RegQueryValueExW
RegDeleteKeyW
RegCreateKeyA
RegOpenKeyExA
RegEnumValueW
RegOpenKeyExW
CopySid
EqualSid
InitializeSecurityDescriptor
ConvertStringSidToSidW
SetSecurityDescriptorDacl
SetEntriesInAclW
CreateWellKnownSid
GetTraceEnableFlags
GetTraceLoggerHandle
TraceEvent
UnregisterTraceGuids
GetTraceEnableLevel
RegisterTraceGuidsW
RegOpenCurrentUser
RegOverridePredefKey
AddMandatoryAce
GetLengthSid
GetSecurityDescriptorSacl
IsValidSid
SetSecurityInfo
InitializeAcl
GetAce
GetKernelObjectSecurity
GetSidSubAuthorityCount
GetSidSubAuthority
GetTokenInformation
OpenProcessToken

kernel32

SetFileAttributesA
GetExitCodeThread
lstrcmpiW
DeleteCriticalSection
DuplicateHandle
CloseHandle
DeleteFileW
DeleteFileA
CreateThread
GetFullPathNameW
lstrcmpA
CreateDirectoryExA
WideCharToMultiByte
CopyFileW
GetFileAttributesA
MultiByteToWideChar
FindFirstFileA
RemoveDirectoryA
FindClose
LocalAlloc
FindNextFileA
GetTempPathA
LocalFree
SetEvent
CreateEventW
HeapSetInformation
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetStartupInfoW
Sleep
HeapAlloc
HeapFree
WaitForSingleObject
GetModuleHandleW
GetProcessHeap
GetLastError
EnterCriticalSection
GetProcAddress
SetProcessShutdownParameters
lstrlenA
FreeLibrary
CreateProcessW
lstrcmpiA
lstrlenW
LoadLibraryExW
GetCurrentProcess
InitializeCriticalSection
OpenProcess
LoadLibraryW
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
VirtualAlloc
GetCurrentThread
GetVersionExA
GetTickCount
GetThreadContext
SetThreadContext
CreateFileW
GetFileAttributesW
LeaveCriticalSection
GetModuleFileNameW
DeactivateActCtx
ActivateActCtx
ReleaseActCtx
CreateActCtxW
SetLastError
ResumeThread
VirtualQuery
VirtualFree
FlushInstructionCache
VirtualProtect
SuspendThread

user32

PostQuitMessage
CharNextW
LoadStringW

msvcrt

?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
__set_app_type
_fmode
_commode
__setusermatherr
_amsg_exit
_initterm
_wcmdln
exit
rand_s
memcpy_s
memset
_cexit
_exit
_XcptFilter
__C_specific_handler
__wgetmainargs
wcstok
_wcsnicmp
iswascii
iscntrl
_vsnprintf
iswcntrl
wcschr
_vsnwprintf
wcsrchr
memcpy

ntdll

NtFreeVirtualMemory
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

psapi

GetModuleBaseNameW

ole32

CoRevokeClassObject
CoInitializeEx
CoInitializeSecurity
StringFromGUID2
CoGetCallContext
CoTaskMemAlloc
CoImpersonateClient
CoTaskMemFree
CoRevertToSelf
CoInitialize
CoUninitialize
CoCreateInstance
CoRegisterClassObject

oleaut32

SysFreeString
RegisterTypeLibForUser
UnRegisterTypeLi
RegisterTypeLi
SysAllocString
UnRegisterTypeLibForUser
SysStringLen

rpcrt4

UuidToStringW
UuidCreate
RpcStringFreeW

urlmon

CoInternetSetFeatureEnabled
CoInternetCreateSecurityManager
ord107
Extract
CompatFlagsFromClsid

wintrust

CryptCATAdminReleaseContext
CryptCATAdminAddCatalog
CryptCATAdminReleaseCatalogContext
CryptCATAdminAcquireContext

iertutil

ord200
ord172
ord201
ord658
ord650

shlwapi

SHRegGetValueW

Sections

.text
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 404KB - Virtual size: 403KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

��bew
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fc16d9175abe9f0be80e693c9e8bfbd7

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

msvcrt

ntdll

psapi

ole32

oleaut32

rpcrt4

urlmon

wintrust

iertutil

shlwapi

Sections

.text Size: 61KB - Virtual size: 61KB

.data Size: 1KB - Virtual size: 3KB

.pdata Size: 2KB - Virtual size: 1KB

.rsrc Size: 404KB - Virtual size: 403KB

.reloc Size: 29KB - Virtual size: 30KB

���bew Size: - Virtual size: 4KB

.text
Size: 61KB - Virtual size: 61KB

.data
Size: 1KB - Virtual size: 3KB

.pdata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 404KB - Virtual size: 403KB

.reloc
Size: 29KB - Virtual size: 30KB

��bew
Size: - Virtual size: 4KB