ef479633392e0dbddae6c6a9ff1e6740a3eda9c159761ab590726a369b074046

Sharing

Copy URL

Twitter E-mail

General

Target

ef479633392e0dbddae6c6a9ff1e6740a3eda9c159761ab590726a369b074046
Size

276KB
MD5

80188d40ae5a11f403066f8ce0fced60
SHA1

1f65a39235a4c0a4524087647f6e42aa8072ddc9
SHA256

ef479633392e0dbddae6c6a9ff1e6740a3eda9c159761ab590726a369b074046
SHA512

fb1e87f2dd1451150d57ec7a7c523816e932a0a675e9eb8e1ebe6a888fb220ca38643b0e6ea85c3b4bab6056f11b9cf49ca88c70327e74179759d927506551b2
SSDEEP

6144:A9Osl6iemeRsbmm4PoK6HOwQlIZZMN6HW+KLLn74SlIQHKgMRHpI:A/eKbmme6HOwwIi7LLnEoHHKgs2

Score

N/A

Malware Config

Signatures

Files

ef479633392e0dbddae6c6a9ff1e6740a3eda9c159761ab590726a369b074046
.exe windows x86

6199b3f7b851154bc163fe8a178b52cd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

TraceMessage
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
RegCloseKey
RegDeleteValueW
RegEnumValueW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
UpdateTraceW
ControlTraceW
StopTraceW
EnableTraceEx
StartTraceW
RegQueryValueExW
QueryTraceW
IsValidSid
CloseTrace
ProcessTrace
OpenTraceW
ConvertSidToStringSidW
RegSetValueExW
RegCreateKeyExW
DeregisterEventSource
ReportEventW
RegisterEventSourceW
CopySid
GetLengthSid
GetTokenInformation
CloseServiceHandle
QueryServiceStatus
OpenServiceW
OpenSCManagerW
OpenProcessToken
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetNamedSecurityInfoW
GetSecurityDescriptorOwner
GetSecurityDescriptorDacl
RevertToSelf
ImpersonateLoggedOnUser
RegGetValueW
TraceEvent

kernel32

GetTickCount
SetThreadPriority
GetCurrentThread
CreateMutexW
GetCommandLineW
HeapSetInformation
GetLogicalProcessorInformationEx
LocalFree
FreeLibrary
GetProcAddress
LoadLibraryW
GetUserGeoID
GetSystemDefaultLCID
GetSystemDefaultUILanguage
GlobalMemoryStatusEx
GetSystemInfo
GetActiveProcessorCount
GetProductInfo
CompareFileTime
GetLastError
OpenMutexW
ReleaseMutex
LoadLibraryExW
FindResourceW
SizeofResource
LoadResource
LockResource
FreeResource
GetModuleHandleW
FileTimeToSystemTime
FileTimeToDosDateTime
GetTempFileNameW
GlobalFree
WaitForMultipleObjects
GetTempPathW
GetLongPathNameW
SetLastError
WideCharToMultiByte
CreateDirectoryW
GetFileAttributesW
GetFileSizeEx
SetFilePointerEx
InterlockedDecrement
OpenFileMappingW
CreateFileMappingW
MapViewOfFile
VirtualAlloc
UnmapViewOfFile
VirtualFree
InterlockedIncrement
ResetEvent
CreateThread
InterlockedExchange
Sleep
InterlockedCompareExchange
GetStartupInfoA
SetUnhandledExceptionFilter
GetModuleHandleA
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeLibraryAndExitThread
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
CreateEventW
GetFileSize
ReadFile
DuplicateHandle
SetEvent
EnterCriticalSection
LeaveCriticalSection
RaiseException
GetSystemDirectoryW
ExpandEnvironmentStringsW
GetEnvironmentVariableW
lstrlenW
SystemTimeToFileTime
GetModuleFileNameW
LocalAlloc
GetLocalTime
CreateFileW
SetFileAttributesW
WriteFile
CreateProcessW
WaitForSingleObject
GetExitCodeProcess
CloseHandle
DeleteFileW
GetFileAttributesExW
FindNextFileW
FindFirstFileW
FindClose
MoveFileExW
GetVersionExW
GetSystemTime
GetThreadPriority

user32

LoadStringW
PeekMessageW
MsgWaitForMultipleObjects
DispatchMessageW
TranslateMessage
GetSystemMetrics

msvcrt

_initterm
wcstoul
_controlfp
_except_handler4_common
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
wcstok_s
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
free
_callnewh
malloc
wcschr
memset
__CxxFrameHandler3
towupper
_vsnwprintf
wcsstr
wcsrchr
memcpy
_vsnprintf
memmove
_wcsicmp
realloc
_wcsnicmp
ceil
_ftol2
_purecall

shlwapi

PathRemoveExtensionW
PathFindFileNameW
PathCombineW
StrStrIW
StrToIntExW
PathFileExistsW
ord437
PathAppendW

tdh

TdhGetProperty
TdhGetPropertySize

ole32

CoCreateGuid
StringFromGUID2

shell32

CommandLineToArgvW
SHGetFolderPathW
SHGetFolderPathAndSubDirW

winhttp

WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpQueryHeaders
WinHttpSetOption
WinHttpOpen
WinHttpGetDefaultProxyConfiguration
WinHttpWriteData
WinHttpCrackUrl
WinHttpSetTimeouts
WinHttpSetCredentials
WinHttpTimeFromSystemTime
WinHttpCloseHandle
WinHttpReadData
WinHttpSetStatusCallback
WinHttpAddRequestHeaders
WinHttpOpenRequest
WinHttpReceiveResponse
WinHttpConnect
WinHttpSendRequest

wevtapi

EvtClose
EvtNext
EvtQuery
EvtRender
EvtCreateRenderContext

powrprof

PowerDeterminePlatformRole

ntdll

NtQuerySystemTime
RtlFreeHeap
RtlAllocateHeap

oleaut32

SysFreeString
SysAllocString

Sections

.text
Size: 205KB - Virtual size: 204KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

hfaqmsz
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6199b3f7b851154bc163fe8a178b52cd

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

msvcrt

shlwapi

tdh

ole32

shell32

winhttp

wevtapi

powrprof

ntdll

oleaut32

Sections

.text Size: 205KB - Virtual size: 204KB

.data Size: 512B - Virtual size: 5KB

.rsrc Size: 29KB - Virtual size: 28KB

.reloc Size: 40KB - Virtual size: 41KB

hfaqmsz Size: - Virtual size: 4KB

.text
Size: 205KB - Virtual size: 204KB

.data
Size: 512B - Virtual size: 5KB

.rsrc
Size: 29KB - Virtual size: 28KB

.reloc
Size: 40KB - Virtual size: 41KB

hfaqmsz
Size: - Virtual size: 4KB