8dbe0d2bb490bb002036761101073a9f4e7314b3f3f2afe706226e24cf922ab2

Sharing

Copy URL Twitter E-mail

General

Target

8dbe0d2bb490bb002036761101073a9f4e7314b3f3f2afe706226e24cf922ab2
Size

650KB
MD5

10b0d28d7a77b9ac35e2524cf28616f4
SHA1

0032ffb3347b411e2c5842a64f1a8293e360f13e
SHA256

8dbe0d2bb490bb002036761101073a9f4e7314b3f3f2afe706226e24cf922ab2
SHA512

7bab7c526c9417a46ababf602a7ec8bc0e618989002ce519a34f03b2167e4b81255ccd4252d3bdbb8692d51ef4619c6ad3912292e5bef0a4058764eaece2275b
SSDEEP

6144:2C5vgKoiF/7erI09Ir2mhy87NeRxUIBmFAbsUd9Iwm1RWb7KLSOLqT8xkBxmZmH9:2C5vZoiPcbBpsUbINPWqSSqTl5T8o/t

Score

N/A

Malware Config

Signatures

Files

8dbe0d2bb490bb002036761101073a9f4e7314b3f3f2afe706226e24cf922ab2
.exe windows x86

b1175d351785d74c698b5380f8ae156e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

setupapi

SetupDiSetDeviceRegistryPropertyW
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW
SetupDiGetDeviceRegistryPropertyW
SetupDiDestroyDeviceInfoList

wtsapi32

WTSEnumerateSessionsW
WTSEnumerateProcessesW
WTSFreeMemory

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

pccs_dbengine

sqlite3_column_name
sqlite3_column_table_name
sqlite3_column_database_name
sqlite3_column_count
sqlite3_finalize
sqlite3_column_text
sqlite3_column_text16
sqlite3_bind_text16
sqlite3_prepare
sqlite3_bind_int64
sqlite3_bind_blob
sqlite3_exec
sqlite3_close
sqlite3_errcode
sqlite3_table_column_metadata
sqlite3_db_handle
sqlite3_column_type
sqlite3_step
sqlite3_reset
sqlite3_prepare16
sqlite3_column_int64
sqlite3_column_double
sqlite3_column_bytes
sqlite3_column_blob
sqlite3_open16
sqlite3_trace
sqlite3_progress_handler
sqlite3_update_hook
sqlite3_bind_int

kernel32

VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
GetDriveTypeW
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFileAttributesW
IsBadCodePtr
DeleteCriticalSection
Sleep
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
CreateFileW
GetProcessHeap
HeapAlloc
ReadFile
HeapFree
WriteFile
HeapSize
HeapValidate
SetFilePointer
SetEndOfFile
GetFileSize
DeleteFileW
GetLastError
MultiByteToWideChar
CloseHandle
LoadLibraryW
FindResourceW
LoadResource
LockResource
CreateProcessW
lstrlenW
SizeofResource
WaitForMultipleObjects
FreeLibrary
WaitForSingleObject
GetExitCodeProcess
CreateMutexW
ReleaseMutex
OpenProcess
CreateToolhelp32Snapshot
Process32FirstW
GetProcAddress
Process32NextW
GetModuleHandleA
GetCurrentProcess
GetVersionExW
GetSystemDirectoryW
GetModuleFileNameW
CreateDirectoryW
GetCurrentThreadId
ConnectNamedPipe
RaiseException
ResetEvent
GetStartupInfoW
lstrcmpiW
ExitThread
CreateEventW
CreateThread
CreateNamedPipeW
SetEvent
GetModuleHandleW
InterlockedIncrement
DisconnectNamedPipe
SetThreadPriority
TerminateThread
InterlockedDecrement
CancelIo
PeekNamedPipe
TerminateProcess
GetOverlappedResult
LoadLibraryExW
GetCommandLineW
GetCurrentThread
LocalFree
SetUnhandledExceptionFilter
SetErrorMode
lstrcpyW
WideCharToMultiByte
OpenEventW
GetCommState
SetCommState
SetCommMask
PurgeComm
HeapReAlloc
FindFirstFileW
FindClose
GetSystemTimeAsFileTime
LoadLibraryA
CreateEventA
OpenEventA
MoveFileW
IsDebuggerPresent
UnhandledExceptionFilter
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
GetCurrentProcessId
InterlockedExchange
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
RtlUnwind
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapDestroy
HeapCreate
VirtualFree
GetFullPathNameW
GetCurrentDirectoryA
ExitProcess
GetStdHandle
GetModuleFileNameA
GetCPInfo
GetOEMCP
IsValidCodePage
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetConsoleOutputCP
WriteConsoleW
GetDriveTypeA
FlushFileBuffers
CreateFileA
CompareStringA
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
CompareStringW
SetEnvironmentVariableA
GetTickCount
SetStdHandle
WriteConsoleA

user32

GetMessageW
TranslateMessage
MsgWaitForMultipleObjects
PeekMessageW
CharNextW
CharUpperBuffW
wsprintfW
DispatchMessageW
CharUpperW
LoadStringW
DefWindowProcW
RegisterClassW
CreateWindowExW
PostMessageW
DestroyWindow
UnregisterClassW
MessageBoxExW
UnregisterClassA
PostThreadMessageW
MessageBoxW

advapi32

CreateProcessAsUserW
RegOpenKeyExA
RegQueryValueExA
GetLengthSid
CopySid
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
CloseServiceHandle
CreateServiceW
OpenSCManagerW
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenThreadToken
DeleteService
SetServiceStatus
ControlService
DeregisterEventSource
GetTokenInformation
OpenServiceW
ReportEventW
RegisterEventSourceW
IsValidSid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegEnumKeyExW
RegSetValueExW
RegDeleteKeyW
RegDeleteValueW
RegQueryValueExW
GetUserNameW
RegQueryInfoKeyW
RevertToSelf
RegEnumKeyW
ImpersonateLoggedOnUser
OpenProcessToken
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW

shell32

SHGetFolderPathW
SHGetSpecialFolderPathW

ole32

CoTaskMemRealloc
CoCreateGuid
StringFromCLSID
CoCreateInstance
CoTaskMemAlloc
CoResumeClassObjects
CoRevokeClassObject
CoInitializeSecurity
CoInitializeEx
CoSuspendClassObjects
StringFromGUID2
CoRegisterClassObject
CoUninitialize
CoTaskMemFree

oleaut32

SafeArrayPutElement
SafeArrayAccessData
SafeArrayUnaccessData
VariantClear
VariantInit
SafeArrayRedim
SafeArrayCreate
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayDestroy
RegisterTypeLi
LoadTypeLi
UnRegisterTypeLi
VarUI4FromStr
SysAllocStringByteLen
SysFreeString
SysStringLen
VarBstrCmp
SysAllocString
SysStringByteLen
SysAllocStringLen
VarBstrCat

shlwapi

PathAppendW

Sections

.text
Size: 426KB - Virtual size: 426KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 150KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 54KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b1175d351785d74c698b5380f8ae156e

Headers

File Characteristics

Imports

userenv

setupapi

wtsapi32

version

pccs_dbengine

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

Sections

.text Size: 426KB - Virtual size: 426KB

.rdata Size: 150KB - Virtual size: 150KB

.data Size: 18KB - Virtual size: 26KB

.rsrc Size: 54KB - Virtual size: 55KB

.text
Size: 426KB - Virtual size: 426KB

.rdata
Size: 150KB - Virtual size: 150KB

.data
Size: 18KB - Virtual size: 26KB

.rsrc
Size: 54KB - Virtual size: 55KB