ed56682fd352315cf3a689d31e32e0c546c017d7557e9482a54717f554e81b9c

Sharing

Copy URL Twitter E-mail

General

Target

ed56682fd352315cf3a689d31e32e0c546c017d7557e9482a54717f554e81b9c
Size

152KB
MD5

80bfcfbf08e6f5cf2b148746f863054b
SHA1

152ea64112562de07ca6cdcd9eb19ccb81894d77
SHA256

ed56682fd352315cf3a689d31e32e0c546c017d7557e9482a54717f554e81b9c
SHA512

a483d1c5e092c16b2b0037059b9c7945f07a8207d0e5120ea994fa9fb4bb634918b4385ffeb2c4e5421029d4d3b2b05053c9acd65af091115b897e7c0b79e8b8
SSDEEP

3072:QUXGgEuaG/gZdwFatCG+FkoIJy3leFvxoS+6lhDxBHSgMxk:QYaGTarBWloHSB

Score

N/A

Malware Config

Signatures

Files

ed56682fd352315cf3a689d31e32e0c546c017d7557e9482a54717f554e81b9c
.exe windows x86

7cafcf3b03878b517c2fb03301951d1a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleW
MultiByteToWideChar
lstrcmpiA
CreateFileW
GetLastError
GetCurrentProcess
GetTimeFormatW
GetDateFormatW
GetLocalTime
WaitForSingleObject
SetCurrentDirectoryW
LocalFree
LocalAlloc
GetVolumePathNamesForVolumeNameW
GetSystemDirectoryW
DeviceIoControl
FindNextVolumeW
FindFirstVolumeW
GetProcAddress
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
SetUnhandledExceptionFilter
GetCurrentDirectoryW
GlobalMemoryStatusEx
ResetEvent
CreateThread
CreateEventW
SetEvent
CloseHandle
ExpandEnvironmentStringsW
Sleep
GetStartupInfoW
FindVolumeClose
FreeConsole

msvcrt

puts
fflush
fclose
__CxxFrameHandler
_wcsdup
??3@YAXPAX@Z
exit
__wargv
?terminate@@YAXXZ
_controlfp
_onexit
__dllonexit
??1type_info@@UAE@XZ
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
_cexit
_XcptFilter
_exit
_c_exit
wcsncpy
wcsncmp
wcscmp
wcscpy
wcscat
memmove
swprintf
_snwprintf
malloc
free
_vsnwprintf
fputws
wcslen
_purecall
_putws
_iob
_wtoi
_wcsicmp
??2@YAPAXI@Z
__argc
_wsetlocale
_wfopen

ntdll

NtQuerySystemInformation
NtSetSystemInformation
RtlInitUnicodeString
RtlUnicodeStringToInteger

user32

EnableWindow
PostMessageW
SendMessageW
SetTimer
WinHelpW
DispatchMessageW
TranslateMessage
MsgWaitForMultipleObjects
PeekMessageW
RedrawWindow
LoadStringW
CharToOemW
OffsetRect
DrawIcon
AppendMenuW
GetSystemMenu
IsIconic
GetSysColor
GetClientRect
GetSystemMetrics
GetWindowLongW
SetWindowLongW
LoadIconW
ScreenToClient
GetWindowRect
GetSysColorBrush

shell32

ShellAboutW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

comdlg32

CommDlgExtendedError

wintrust

WinVerifyTrust
CryptCATCatalogInfoFromContext
CryptCATAdminEnumCatalogFromHash
CryptCATAdminAcquireContext
CryptCATAdminCalcHashFromFileHandle

crypt32

CertFreeCertificateContext

imagehlp

ImageLoad
ImageDirectoryEntryToDataEx
ImageUnload

setupapi

SetupDiSetDeviceRegistryPropertyW
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiGetDeviceRegistryPropertyW
SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList

mfc42u

ord6370
ord1569
ord470
ord755
ord5050
ord4709
ord3087
ord496
ord1008
ord3695
ord4425
ord2046
ord4433
ord5284
ord1683
ord1143
ord3133
ord4294
ord2858
ord1165
ord4254
ord3312
ord2606
ord616
ord3577
ord4392
ord2570
ord4213
ord2015
ord2403
ord859
ord924
ord6137
ord414
ord713
ord3657
ord5817
ord6279
ord6278
ord2755
ord4124
ord942
ord538
ord4197
ord6655
ord1197
ord5855
ord861
ord860
ord268
ord537
ord922
ord1560
ord772
ord500
ord5602
ord5856
ord4253
ord489
ord768
ord5156
ord1899
ord1196
ord1761
ord324
ord4229
ord3592
ord5276
ord4847
ord4370
ord4270
ord765
ord3693
ord6879
ord6667
ord6211
ord2078
ord1172
ord355
ord2507
ord3447
ord5679
ord5706
ord2877
ord3281
ord2371
ord3658
ord641
ord2293
ord2350
ord6330
ord2634
ord541
ord801
ord941
ord940
ord4667
ord4269
ord815
ord771
ord6371
ord4480
ord2546
ord2504
ord5727
ord3917
ord1089
ord5193
ord2388
ord3341
ord5296
ord5298
ord2717
ord4074
ord4692
ord5303
ord5285
ord5710
ord2977
ord3142
ord3254
ord4459
ord3131
ord3257
ord2980
ord3076
ord2971
ord3825
ord3826
ord535
ord3074
ord4075
ord4616
ord4418
ord3733
ord800
ord540
ord561
ord2520
ord1131
ord4736
ord4942
ord4352
ord5261
ord4371
ord4848
ord4992
ord2506
ord6048
ord4073
ord1767
ord4401
ord5237
ord2377
ord5157
ord3820
ord4347
ord5283
ord3793
ord4829
ord4435
ord2640
ord2047
ord6372
ord3744
ord5059
ord1720
ord5257
ord2438
ord2116
ord5273
ord4621
ord4419
ord795
ord609
ord693
ord4155
ord858
ord5155
ord6051
ord1768
ord5286
ord4831
ord3397
ord3716
ord818
ord567
ord2567
ord4390
ord3569
ord2574
ord4396
ord3365
ord3635
ord2294
ord5568
ord2910
ord4704
ord4970
ord6195
ord6139
ord5857
ord6874
ord536

advapi32

OpenProcessToken
RegSetValueExW
RegQueryValueExW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegCloseKey
RegOpenKeyExW
RegDeleteValueW

Sections

.text
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 70KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

aapvyym
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7cafcf3b03878b517c2fb03301951d1a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

ntdll

user32

shell32

version

comdlg32

wintrust

crypt32

imagehlp

setupapi

mfc42u

advapi32

Sections

.text Size: 79KB - Virtual size: 78KB

.data Size: 2KB - Virtual size: 6KB

.rsrc Size: 70KB - Virtual size: 71KB

aapvyym Size: - Virtual size: 4KB

.text
Size: 79KB - Virtual size: 78KB

.data
Size: 2KB - Virtual size: 6KB

.rsrc
Size: 70KB - Virtual size: 71KB

aapvyym
Size: - Virtual size: 4KB