6f58fc31928ccaff5264610ccf1dc1fcf520008afeef40a50e04fdfbc3b8acff

Sharing

Copy URL Twitter E-mail

General

Target

6f58fc31928ccaff5264610ccf1dc1fcf520008afeef40a50e04fdfbc3b8acff
Size

160KB
MD5

4e5e0bcbd7bf134f1fb66fc74e3eac00
SHA1

d7c67f2f1a232cff671e752167299e6894f04edf
SHA256

6f58fc31928ccaff5264610ccf1dc1fcf520008afeef40a50e04fdfbc3b8acff
SHA512

c96241fe0701893fd1c8d65658e07559d7ee207b047f1dc41afefd58fdee460763cdab0486b4da3d07286fe7525fd3546a50ebe5a776e37b7b9c3be3d7d75e3c
SSDEEP

3072:MuO4zGSQ/BwVM97pXFg7yEHMP+MRDtVDcwT5KbKca:oMGSDVM97f9/PlrAO58j

Score

N/A

Malware Config

Signatures

Files

6f58fc31928ccaff5264610ccf1dc1fcf520008afeef40a50e04fdfbc3b8acff
.exe windows x86

f2e5e1881f83042a9bed3ab85a7d358b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileType
GetProcAddress
GetStdHandle
GetConsoleOutputCP
GetModuleFileNameW
WriteConsoleW
FormatMessageW
GetConsoleMode
LoadLibraryW
WideCharToMultiByte
WriteFile
GetProcessHeap
HeapFree
HeapAlloc
FreeLibrary
SetLastError
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetModuleHandleA
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
LoadLibraryExW
GetVolumePathNameW
QueryDosDeviceW
LocalFree
MapViewOfFile
UnmapViewOfFile
GetCurrentThread
CreateFileW
GetFileSizeEx
CreateFileMappingW
CloseHandle
FindFirstFileW
GetFileAttributesW
FindClose
GetUserDefaultUILanguage
LoadResource
FindResourceExW
GetSystemDefaultUILanguage
SearchPathW
GetVersionExW
CreateDirectoryW
GetFileInformationByHandle
DeviceIoControl
GetModuleHandleW
CopyFileExW
GetFullPathNameW
GetLocaleInfoW
GetVolumeInformationW
SetFileAttributesW
FindNextFileW
Sleep

msvcrt

memmove
wcstoul
wcscat_s
_ultow_s
wcsncpy_s
memset
wcsstr
_wcslwr
_snwscanf_s
wcschr
wcsnlen
wcsncmp
bsearch
memcmp
memcpy
_iob
fflush
fwprintf
_vsnwprintf
wcsrchr
_wcsupr
_vsnwprintf_s
strncmp
_except_handler4_common
_controlfp
?terminate@@YAXXZ
_initterm
__setusermatherr
__p__fmode
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
wcscpy_s
_wsetlocale
_wcsicmp
swprintf_s
_wcsnicmp

imagehlp

CheckSumMappedFile

shlwapi

PathRemoveBackslashW

ntdll

NtEnumerateBootEntries
NtTranslateFilePath
NtQueryBootEntryOrder
NtQueryValueKey
NtQuerySymbolicLinkObject
NtOpenSymbolicLinkObject
NtOpenKey
NtAdjustPrivilegesToken
NtOpenThreadTokenEx
RtlImpersonateSelf
NtOpenProcessTokenEx
ZwResetEvent
ZwOpenSymbolicLinkObject
LdrGetDllHandle
LdrGetProcedureAddress
RtlGetVersion
RtlInitAnsiString
ZwQuerySymbolicLinkObject
ZwAllocateUuids
RtlSetOwnerSecurityDescriptor
ZwOpenKey
ZwQueryKey
RtlCreateSecurityDescriptor
RtlLengthSid
ZwEnumerateKey
ZwDeleteKey
RtlAllocateAndInitializeSid
ZwLoadKey
RtlAddAccessAllowedAceEx
ZwSetSecurityObject
RtlLengthSecurityDescriptor
ZwQueryValueKey
ZwCreateFile
ZwSaveKey
ZwSetValueKey
ZwDeleteValueKey
RtlSetDaclSecurityDescriptor
RtlFreeSid
RtlCreateAcl
ZwCreateKey
ZwUnloadKey
ZwDeviceIoControlFile
RtlAppendUnicodeToString
ZwQueryAttributesFile
ZwCreateEvent
ZwOpenFile
ZwClose
ZwWaitForSingleObject
ZwReleaseMutant
ZwOpenMutant
RtlFreeUnicodeString
ZwQuerySystemInformation
RtlStringFromGUID
NtSetInformationFile
RtlAllocateHeap
RtlFreeHeap
LdrFindResource_U
LdrAccessResource
NtQuerySystemInformation
NtOpenFile
RtlImageNtHeader
NtOpenProcess
NtCreateEvent
NtClose
NtSetInformationThread
NtWaitForSingleObject
NtQueryInformationProcess
NtQueryInformationFile
NtQueryInformationThread
NtDeviceIoControlFile
RtlCompareMemory
RtlNtStatusToDosError
RtlGUIDFromString
RtlInitUnicodeString
NtResetEvent

advapi32

OpenThreadToken
GetTokenInformation
GetSecurityDescriptorControl
SetNamedSecurityInfoW
LookupPrivilegeValueW
GetSecurityDescriptorOwner
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
AdjustTokenPrivileges
ConvertSidToStringSidW
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
RegCloseKey
RegOpenKeyExW
OpenProcessToken
RegQueryValueExW

Sections

.text
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

zxiicbo
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f2e5e1881f83042a9bed3ab85a7d358b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

imagehlp

shlwapi

ntdll

advapi32

Sections

.text Size: 112KB - Virtual size: 112KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 5KB - Virtual size: 5KB

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 34KB - Virtual size: 35KB

zxiicbo Size: - Virtual size: 4KB

.text
Size: 112KB - Virtual size: 112KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 34KB - Virtual size: 35KB

zxiicbo
Size: - Virtual size: 4KB