0c60c4394d519d703fc2420d041e179bf888fd03e3e8bb8ca019dc41e3c04da3

Sharing

Copy URL

Twitter E-mail

General

Target

0c60c4394d519d703fc2420d041e179bf888fd03e3e8bb8ca019dc41e3c04da3
Size

619KB
MD5

654472831e4829a6968a0d01586ab680
SHA1

cb66f3a1497fc86e2c0e5e4cc94ec494b732cbc0
SHA256

0c60c4394d519d703fc2420d041e179bf888fd03e3e8bb8ca019dc41e3c04da3
SHA512

3601587203ff84389e1b5b56413e6a10e7fbf0cb9decd9f17ef9f2ca79c05c31ca922e90c1bbb3a0831431168ae8b7940145ae8216d5a111fffb51e5617e40b2
SSDEEP

12288:8ao+KebldpJZ6t+cZZR0xNLXOFIElZ8MCScPZYJ69gXKvmot8oNyOQi1kGNn:3Kepdxy0fOFIElZ8MCTWXi281kGN

Score

N/A

Malware Config

Signatures

Files

0c60c4394d519d703fc2420d041e179bf888fd03e3e8bb8ca019dc41e3c04da3
.exe windows x64

bcef50d6d0b94f36b0c93fed960f3837

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

TraceMessage
EventWrite
GetTraceEnableFlags
RegQueryValueExW
GetTraceLoggerHandle
UnregisterTraceGuids
RegOpenKeyExW
GetTraceEnableLevel
RegCloseKey
RegisterTraceGuidsW
RegSetValueExW
QueryServiceConfigW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenServiceW
OpenSCManagerW
OpenProcessToken
CloseServiceHandle
EnumServicesStatusExW

kernel32

CreateDirectoryW
WaitForSingleObject
GetModuleHandleW
GetProcessHeap
GetSystemTimeAsFileTime
WriteFile
GetProcessTimes
K32GetModuleFileNameExW
HeapFree
ReadProcessMemory
GetVersionExW
CreateFileW
GetTempPathW
GetLastError
GetProcAddress
IsWow64Process
CreateFileMappingW
SetConsoleCtrlHandler
RemoveDirectoryW
WaitForMultipleObjects
HeapSetInformation
SetProcessShutdownParameters
CloseHandle
DeleteFileW
GetCurrentProcessId
LocalAlloc
GetCurrentProcess
HeapAlloc
FreeLibrary
GetProcessId
UnmapViewOfFile
MapViewOfFile
SetFilePointer
GetTempFileNameW
LoadLibraryW
Sleep
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
TerminateProcess
UnhandledExceptionFilter
OpenProcess
GetModuleFileNameW
SetLastError
LocalFree

user32

LoadStringW

msvcrt

?terminate@@YAXXZ
__set_app_type
_fmode
_commode
__setusermatherr
_initterm
exit
_cexit
_exit
_XcptFilter
__C_specific_handler
__wgetmainargs
_wtol
_vsnwprintf
qsort
_wcsicmp
memset
_amsg_exit
wcsrchr
memcpy

ntdll

NtSetEvent
NtQueryInformationThread
RtlFreeHeap
NtQueryInformationProcess
NtWaitForSingleObject
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
NtResetEvent
NtDuplicateObject
NtOpenProcess
NtReleaseMutant
RtlReleaseSRWLockExclusive
NtCreateMutant
NtCreateEvent
RtlAllocateHeap
NtCreateThreadEx
RtlAcquireSRWLockExclusive
NtClose
RtlNtStatusToDosError
RtlCreateProcessReflection
EtwEventRegister
EtwEventUnregister
RtlInitUnicodeString
RtlEqualUnicodeString

wer

WerReportSetParameter
WerReportSubmit
WerReportCreate
WerReportAddFile
WerReportCloseHandle

shlwapi

ord348

dbghelp

MiniDumpWriteDump

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 580KB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

bcef50d6d0b94f36b0c93fed960f3837

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

msvcrt

ntdll

wer

shlwapi

dbghelp

version

Sections

.text Size: 31KB - Virtual size: 31KB

.data Size: 512B - Virtual size: 4KB

.pdata Size: 1024B - Virtual size: 672B

.rsrc Size: 5KB - Virtual size: 4KB

.reloc Size: 580KB - Virtual size: 2.5MB

.text
Size: 31KB - Virtual size: 31KB

.data
Size: 512B - Virtual size: 4KB

.pdata
Size: 1024B - Virtual size: 672B

.rsrc
Size: 5KB - Virtual size: 4KB

.reloc
Size: 580KB - Virtual size: 2.5MB