7cd490568b1e9566e477fef551990353585c253bb941f0ac29bdb84ac295c472

Sharing

Copy URL Twitter E-mail

General

Target

7cd490568b1e9566e477fef551990353585c253bb941f0ac29bdb84ac295c472
Size

841KB
MD5

54c014b1fbab4672f44cc73876ebb4b0
SHA1

32ff1f61e648ba7c38e3288c632a9764da2d1024
SHA256

7cd490568b1e9566e477fef551990353585c253bb941f0ac29bdb84ac295c472
SHA512

cc6e4d59c29aa2eb307f2988d76152cffb2bbb76daf40e8f4bc7bc7bfe8a7bd063216bc60fe08bf7793934828d7486a89a4e22f96242cc784635c4c3d1e9d3a8
SSDEEP

12288:9C1+WfjOZdaiAeIu4LEcIFHSnwIbg1L8V69zk:9Aj+dAlEcIMnwIbg146

Score

N/A

Malware Config

Signatures

Files

7cd490568b1e9566e477fef551990353585c253bb941f0ac29bdb84ac295c472
.exe windows x64

9cb2af2716db50a4dbe0548f4ce9d1ef

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

shlwapi

PathFileExistsW
PathFileExistsA
PathAppendA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

ws2_32

htonl
htons

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

setupapi

CM_Get_Parent
SetupDiCallClassInstaller
CM_Get_Device_IDA
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces
CM_Reenumerate_DevNode
CM_Locate_DevNodeA
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyA
SetupDiGetClassDevsA
SetupDiEnumDeviceInfo
SetupDiGetDeviceInstallParamsA

kernel32

GetProcessHeap
Sleep
CreateProcessA
CreateToolhelp32Snapshot
Process32First
ProcessIdToSessionId
Process32Next
OpenProcess
VerSetConditionMask
VerifyVersionInfoA
GetFileAttributesW
SetFileAttributesW
DeleteFileW
FindFirstFileW
FindNextFileW
CreateDirectoryW
CopyFileW
FindClose
CreateDirectoryA
RemoveDirectoryW
GetDiskFreeSpaceA
GetLogicalDriveStringsA
GetDriveTypeA
Process32FirstW
Process32NextW
DeviceIoControl
GetCommandLineA
GetCommandLineW
LocalFree
lstrcmpiA
OutputDebugStringA
CreateSemaphoreA
SetEvent
LocalAlloc
SetConsoleCtrlHandler
GetExitCodeProcess
CreateEventA
CreateThread
GetTickCount
WaitForMultipleObjects
ResetEvent
FindFirstFileA
GetPrivateProfileStringA
TerminateProcess
GetLocalTime
GetTempPathA
GetFileSize
DeleteFileA
GetFileAttributesA
SetFileAttributesA
CopyFileA
Thread32First
Thread32Next
GetVolumeNameForVolumeMountPointA
lstrlenA
FindNextFileA
GetWindowsDirectoryA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
ReadFile
SetFilePointer
FlushFileBuffers
GetConsoleMode
GetConsoleCP
DeleteCriticalSection
SetLastError
GetCurrentProcess
HeapFree
HeapAlloc
LoadLibraryA
CreateFileA
FreeLibrary
GetModuleFileNameA
GetProcAddress
GetModuleHandleA
WaitForSingleObject
CloseHandle
GetLastError
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetStringTypeA
GetStringTypeW
SetEndOfFile
GetCurrentThreadId
GetFileType
SetHandleCount
LeaveCriticalSection
EnterCriticalSection
HeapSize
FlsAlloc
FlsFree
FlsSetValue
FlsGetValue
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
HeapReAlloc
GetStartupInfoA
RaiseException
RtlPcToFileHeader
RtlUnwindEx
HeapSetInformation
HeapCreate
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
EncodePointer
DecodePointer

user32

CharNextA
GetMessageA
DispatchMessageA
UnregisterDeviceNotification
PostThreadMessageA
RegisterDeviceNotificationA
wsprintfA

advapi32

RegCreateKeyExA
GetUserNameA
RegCreateKeyA
RegSetValueExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
QueryServiceStatus
UnlockServiceDatabase
ChangeServiceConfigA
QueryServiceLockStatusA
LockServiceDatabase
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerExA
SetServiceStatus
CloseServiceHandle
DeleteService
ControlService
StartServiceA
ChangeServiceConfig2A
CreateServiceA
QueryServiceConfigA
OpenServiceA
OpenSCManagerA
CreateProcessAsUserA
OpenProcessToken
DuplicateTokenEx
SetTokenInformation
AdjustTokenPrivileges
LookupPrivilegeValueA
ConvertStringSecurityDescriptorToSecurityDescriptorA

shell32

ShellExecuteA
CommandLineToArgvW
SHCreateDirectoryExA
SHGetFolderPathA

Sections

.text
Size: 219KB - Virtual size: 219KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vmp0
Size: 508KB - Virtual size: 1.8MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9cb2af2716db50a4dbe0548f4ce9d1ef

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

version

ws2_32

userenv

setupapi

kernel32

user32

advapi32

shell32

Sections

.text Size: 219KB - Virtual size: 219KB

.rdata Size: 86KB - Virtual size: 86KB

.data Size: 8KB - Virtual size: 16KB

.pdata Size: 14KB - Virtual size: 14KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

.vmp0 Size: 508KB - Virtual size: 1.8MB

.text
Size: 219KB - Virtual size: 219KB

.rdata
Size: 86KB - Virtual size: 86KB

.data
Size: 8KB - Virtual size: 16KB

.pdata
Size: 14KB - Virtual size: 14KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB

.vmp0
Size: 508KB - Virtual size: 1.8MB