7e9a89fc6d877ce082e40974fb875920a01d5e88dea1bf5de441d54f43298c1a

Sharing

Copy URL Twitter E-mail

General

Target

7e9a89fc6d877ce082e40974fb875920a01d5e88dea1bf5de441d54f43298c1a
Size

178KB
MD5

43ffc646a0a9be8349bdb2001f1f0950
SHA1

42b87a05bebdda2bf33ea9666bef3012f9ae1b54
SHA256

7e9a89fc6d877ce082e40974fb875920a01d5e88dea1bf5de441d54f43298c1a
SHA512

55596c86dfa6c4c141e03f3e0ef638063391c910d88916a713dd2d3552a651987191beb3e7b0852dd6738af401e72bc876f40dc26a0f218e464a03f9208eb7c2
SSDEEP

3072:rk7y1IgdXSxnTk/Ss9YCdFbuUBr5EewNhFWW5rvfN9b2sVNARKf:GgXgMYCbl+P5rXN97ARm

Score

N/A

Malware Config

Signatures

Files

7e9a89fc6d877ce082e40974fb875920a01d5e88dea1bf5de441d54f43298c1a
.exe windows x86

5bb668daed098d59ea736a500177ab2c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
?terminate@@YAXXZ
??1type_info@@UAE@XZ
__dllonexit
__wgetmainargs
_controlfp
malloc
free
realloc
__CxxFrameHandler
_wcsicmp
_purecall
memmove
wcslen
swprintf
wcscat
_except_handler3
_beginthreadex
rand
srand
_CxxThrowException
iswspace
wcscmp
_wcmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
_tempnam
_lseek
_close
_write
_read
_open
remove
_errno
__doserrno
_vsnprintf
_wcsnicmp
wcsrchr
_wtoi
_onexit
_wcsdup

advapi32

ConvertSidToStringSidW
OpenThreadToken
SetThreadToken
RegEnumKeyW
RegConnectRegistryW
ReportEventW
DeregisterEventSource
RegisterEventSourceW
EqualSid
AdjustTokenPrivileges
GetTokenInformation
OpenProcessToken
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
CloseServiceHandle
OpenServiceW
OpenSCManagerW
SetServiceStatus
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
DeleteService
ControlService
ChangeServiceConfig2W
CreateServiceW
RegQueryValueExW

kernel32

CreateFileA
GlobalFree
GetStartupInfoW
GlobalLock
GlobalSize
GlobalAlloc
GetCommandLineW
GetFileAttributesExW
FileTimeToLocalFileTime
ExpandEnvironmentStringsW
CreateDirectoryW
GetTempFileNameW
WideCharToMultiByte
SizeofResource
WriteFile
MoveFileExW
FileTimeToDosDateTime
GetFileAttributesA
GetFileInformationByHandle
DuplicateHandle
ResetEvent
HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap
CopyFileW
SetFileAttributesW
DeleteFileW
FindClose
FindNextFileW
FindFirstFileW
LocalFree
LocalAlloc
GetLastError
GetCurrentProcess
GetVersionExW
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
MultiByteToWideChar
lstrlenW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
lstrcmpiW
HeapDestroy
InterlockedIncrement
InterlockedDecrement
GetLocalTime
GetModuleFileNameW
lstrcpynW
lstrcatW
FreeLibrary
lstrlenA
GlobalUnlock
LoadResource
FindResourceW
LoadLibraryExW
CloseHandle
lstrcpyW
SetEvent
WaitForSingleObject
GetProcAddress
LoadLibraryW
CreateThread
Sleep
GetCurrentThreadId
CreateEventW
GetTickCount
WaitForMultipleObjects
GetCurrentThread
ReadFile
SetFilePointer
CreateFileW
FlushFileBuffers
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InterlockedExchange
SetEnvironmentVariableW
GetTempPathW
GetEnvironmentVariableW
SetLastError

user32

PeekMessageW
TranslateMessage
MsgWaitForMultipleObjects
GetMessageW
DispatchMessageW
PostThreadMessageW
CharPrevW
LoadStringW
CharNextW

wininet

HttpSendRequestExW
InternetConnectW
InternetOpenW
InternetWriteFile
InternetCrackUrlW
InternetSetOptionA
HttpOpenRequestW
InternetGetConnectedState
InternetCloseHandle
HttpQueryInfoW
HttpEndRequestW
InternetReadFile

ole32

CoGetCallContext
CoCreateGuid
IIDFromString
CoSuspendClassObjects
CoRegisterClassObject
CoRevokeClassObject
CoInitializeEx
CoInitializeSecurity
CoUninitialize
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
StringFromCLSID

oleaut32

LoadTypeLi
RegisterTypeLi
SysAllocStringLen
VariantCopy
VariantChangeType
SafeArrayUnaccessData
VariantClear
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreateVector
SysAllocStringByteLen
SysStringByteLen
SysStringLen
LoadRegTypeLi
VarUI4FromStr
SystemTimeToVariantTime
VariantTimeToSystemTime
SysAllocString
SysFreeString
SafeArrayAccessData

cabinet

ord20
ord22
ord23
ord10
ord11
ord13
ord14

Sections

.text
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 6KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 39KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5bb668daed098d59ea736a500177ab2c

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

advapi32

kernel32

user32

wininet

ole32

oleaut32

cabinet

Sections

.text Size: 132KB - Virtual size: 131KB

.data Size: 6KB - Virtual size: 7KB

.rsrc Size: 39KB - Virtual size: 40KB

.text
Size: 132KB - Virtual size: 131KB

.data
Size: 6KB - Virtual size: 7KB

.rsrc
Size: 39KB - Virtual size: 40KB