2f0cd0baa7ed32947a00417048c7765e219264b0a8e82dc26b6c55d2a59fadd5

Sharing

Copy URL Twitter E-mail

General

Target

2f0cd0baa7ed32947a00417048c7765e219264b0a8e82dc26b6c55d2a59fadd5
Size

165KB
MD5

70cc23de2ba75dde43cdb25021217260
SHA1

f7d031d206b0de121832aae761e1da0c25ef0cc6
SHA256

2f0cd0baa7ed32947a00417048c7765e219264b0a8e82dc26b6c55d2a59fadd5
SHA512

2d695637af02876e60aac3c1a57988925179d27d9f65fb544287a08c701b7f977b047ed2545ba56cd08f7246bb097531eadccc9e658899e074501a0eb88c9d8e
SSDEEP

3072:CKl/wsm56ZOqbDl/QYwa9R9fbBYVu64fw6LlHDuP49xVV6t/KEVFSYSv:CsLjP9ft9f7cA9mKE/SB

Score

N/A

Malware Config

Signatures

Files

2f0cd0baa7ed32947a00417048c7765e219264b0a8e82dc26b6c55d2a59fadd5
.exe windows x64

19a0c991573f991014f86a8d5834cfe5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetFileAttributesW
LocalFree
LocalAlloc
GetBinaryTypeW
ReleaseMutex
WaitForSingleObject
CreateMutexW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
lstrcmpiW
GetEnvironmentVariableW
GetSystemDefaultLCID
lstrlenW
LoadLibraryExW
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
OutputDebugStringA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
Sleep
MultiByteToWideChar
FindResourceW
SizeofResource
LoadResource
LockResource
GetFileSize
WideCharToMultiByte
GetModuleHandleW
GetModuleFileNameW
CompareStringW
DeleteFileW
CloseHandle
CreateFileW
GetLastError
OutputDebugStringW
lstrcmpW
FreeLibrary
GetProcAddress
UnhandledExceptionFilter
LoadLibraryW
ReadFile
SetFilePointer

msvcrt

memcmp
?terminate@@YAXXZ
__setusermatherr
_lock
wcsrchr
_amsg_exit
__dllonexit
_unlock
??1type_info@@UEAA@XZ
__set_app_type
_fmode
_commode
_initterm
exit
_cexit
_exit
_XcptFilter
__C_specific_handler
__wgetmainargs
abort
__crtLCMapStringW
__crtGetStringTypeW
__mb_cur_max
_errno
islower
memcpy
___lc_handle_func
___lc_codepage_func
isupper
__pctype_func
__crtLCMapStringA
setlocale
__uncaught_exception
fputc
__iob_func
fclose
fsetpos
fseek
fgetpos
fwrite
fgetc
ungetc
___mb_cur_max_func
setvbuf
fflush
ungetwc
fputwc
fgetwc
memset
_callnewh
malloc
??0exception@@QEAA@AEBQEBDH@Z
__CxxFrameHandler3
_CxxThrowException
_purecall
free
??0bad_cast@@QEAA@PEBD@Z
??1bad_cast@@UEAA@XZ
??0bad_cast@@QEAA@AEBV0@@Z
swscanf
_vsnwprintf
??0exception@@QEAA@XZ
memmove_s
??0exception@@QEAA@AEBQEBD@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBV0@@Z
memcpy_s
_onexit

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

user32

EnumWindows
RegisterWindowMessageW
PostMessageW
SendMessageTimeoutW
LoadStringW
GetClassNameW

sfc

SfcIsFileProtected

shlwapi

PathFileExistsW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

advapi32

RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegDeleteKeyW
RegDeleteValueW
IsValidSid
OpenProcessToken
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
EqualSid
ConvertStringSidToSidW
ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegEnumValueW

Sections

.text
Size: 118KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

19a0c991573f991014f86a8d5834cfe5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

ntdll

user32

sfc

shlwapi

version

advapi32

Sections

.text Size: 118KB - Virtual size: 117KB

.data Size: 2KB - Virtual size: 10KB

.pdata Size: 5KB - Virtual size: 5KB

.rsrc Size: 10KB - Virtual size: 9KB

.reloc Size: 28KB - Virtual size: 29KB

.text
Size: 118KB - Virtual size: 117KB

.data
Size: 2KB - Virtual size: 10KB

.pdata
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 10KB - Virtual size: 9KB

.reloc
Size: 28KB - Virtual size: 29KB