dfaf806eb935c827abd2fba5a122dce80271462ff05225f681de62363e2aaf5f

Sharing

Copy URL Twitter E-mail

General

Target

dfaf806eb935c827abd2fba5a122dce80271462ff05225f681de62363e2aaf5f
Size

620KB
MD5

4d764b5f390c19c6b1e4a7f8e956f8e0
SHA1

d6989e668521634d18f9f2cd9dbf125435bd5023
SHA256

dfaf806eb935c827abd2fba5a122dce80271462ff05225f681de62363e2aaf5f
SHA512

59a6d595d4d054fc46c8370dfca4ff7ac18cc0a113f5d44e0c29bf25b5384352ddb7338f1f5e797f02aaed050e781171d05a39cf03a728534a21c0e1d9d73993
SSDEEP

12288:5gIY217s099PzBXWE4QAgYRTI0nNRR5ylEqZWt5yXuzZbNbDOZfvW:5i2ySbBXWXzgYR9NRR4eqYjyXuzT3O

Score

N/A

Malware Config

Signatures

Files

dfaf806eb935c827abd2fba5a122dce80271462ff05225f681de62363e2aaf5f
.exe windows x86

dc9fac94af5d65ded7d3e3b0fca48e7f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

NtSetEvent
NtQuerySecurityObject
NtDelayExecution
NtSetContextThread
NtGetContextThread
NtProtectVirtualMemory
RtlGetFullPathName_U
NtCreateFile
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
NtWriteFile
NtWaitForMultipleObjects
NtOpenProcess
NtClose
NtQueryObject
NtQueryVirtualMemory
NtQuerySystemInformation
NtTerminateProcess
NtMapViewOfSection
NtUnmapViewOfSection
NtQueryInformationThread
NtDuplicateObject
NtSuspendThread
NtQueryInformationProcess
NtReadVirtualMemory
NtWriteVirtualMemory
NtFreeVirtualMemory
NtAllocateVirtualMemory
RtlInitUnicodeString
NtQueryPerformanceCounter
RtlInitAnsiString
LdrGetProcedureAddress
LdrGetDllHandle

kernel32

CreateFileMappingA
SetEndOfFile
CreateFileW
CreateFileA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetTimeZoneInformation
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetTickCount
QueryPerformanceCounter
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
SetFilePointer
ReadFile
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetFileType
SetHandleCount
LoadLibraryA
HeapSize
IsValidCodePage
GetOEMCP
GetACP
CloseHandle
TerminateProcess
DebugActiveProcessStop
SuspendThread
GetThreadContext
SetThreadContext
ContinueDebugEvent
WaitForDebugEvent
GetExitCodeThread
WaitForSingleObject
CreateThread
FreeLibrary
FlushInstructionCache
ResumeThread
GetProcAddress
GetLastError
DebugSetProcessKillOnExit
GetModuleHandleA
OpenThread
TerminateThread
OpenProcess
GetExitCodeProcess
DuplicateHandle
GetCurrentProcess
TlsGetValue
TlsSetValue
CreateRemoteThread
SetEvent
WaitForMultipleObjects
CreateEventA
QueueUserAPC
LeaveCriticalSection
EnterCriticalSection
QueueUserWorkItem
InitializeCriticalSection
TryEnterCriticalSection
InterlockedIncrement
DeleteCriticalSection
GlobalMemoryStatusEx
InterlockedDecrement
ResetEvent
GetCurrentThreadId
UnmapViewOfFile
MapViewOfFile
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
FormatMessageW
GetSystemDirectoryW
GetVersionExW
GetVersionExA
GetCommandLineW
GetModuleHandleW
GetFileAttributesW
CreateProcessW
LoadLibraryW
SetLastError
ReleaseMutex
CreateMutexA
GetCurrentProcessId
TlsAlloc
TlsFree
Sleep
WideCharToMultiByte
InterlockedExchange
MultiByteToWideChar
RaiseException
RtlUnwind
HeapFree
HeapAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitProcess
GetSystemTimeAsFileTime
HeapReAlloc
GetProcessHeap
LCMapStringA
LCMapStringW
GetCPInfo
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
WriteFile
GetStdHandle
GetModuleFileNameA

Exports

Exports

CharmVersionC

Sections

.text
Size: 476KB - Virtual size: 473KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

pin_boot
Size: 4KB - Virtual size: 337B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

pin_remo
Size: 4KB - Virtual size: 17B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

pin_apc_
Size: 4KB - Virtual size: 33B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.charmve
Size: 4KB - Virtual size: 69B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rmnet
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

dc9fac94af5d65ded7d3e3b0fca48e7f

Headers

File Characteristics

Imports

ntdll

kernel32

Exports

Exports

Sections

.text Size: 476KB - Virtual size: 473KB

pin_boot Size: 4KB - Virtual size: 337B

pin_remo Size: 4KB - Virtual size: 17B

pin_apc_ Size: 4KB - Virtual size: 33B

.rdata Size: 56KB - Virtual size: 54KB

.data Size: 8KB - Virtual size: 29KB

.charmve Size: 4KB - Virtual size: 69B

.rmnet Size: 60KB - Virtual size: 60KB

.text
Size: 476KB - Virtual size: 473KB

pin_boot
Size: 4KB - Virtual size: 337B

pin_remo
Size: 4KB - Virtual size: 17B

pin_apc_
Size: 4KB - Virtual size: 33B

.rdata
Size: 56KB - Virtual size: 54KB

.data
Size: 8KB - Virtual size: 29KB

.charmve
Size: 4KB - Virtual size: 69B

.rmnet
Size: 60KB - Virtual size: 60KB