b65d49a5f417550f30d63601d1ae390466b44db59b59ffda5fb5e4abb93b0ed2

Sharing

Copy URL Twitter E-mail

General

Target

b65d49a5f417550f30d63601d1ae390466b44db59b59ffda5fb5e4abb93b0ed2
Size

998KB
MD5

818f4f87e4dbb25db74dfee9b36a34c0
SHA1

76815a843d051744f3358755c9bedfaa501d9b1f
SHA256

b65d49a5f417550f30d63601d1ae390466b44db59b59ffda5fb5e4abb93b0ed2
SHA512

f76bdffa2505347454e4b48670ce55b832d6381c42bf6f4921dc64b6c3120738353e27eabd7e40e5ce3eb521a23c58a237795864bdcecc119416d1a50d4a0d89
SSDEEP

1536:5vRuECbt3zJnw4WwmXp+AHpb/k5mNDGanxa0U6Da:RRFCbNzVwH+AJA5mhGKxa0U6O

Score

N/A

Malware Config

Signatures

Files

b65d49a5f417550f30d63601d1ae390466b44db59b59ffda5fb5e4abb93b0ed2
.exe windows x86

3ba1120b07cb6424539e2d243ca78436

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

AllocateAndInitializeSid
ChangeServiceConfigA
CloseServiceHandle
ControlService
EqualSid
FreeSid
GetTokenInformation
LockServiceDatabase
LsaLookupNames
OpenProcessToken
OpenSCManagerW
OpenServiceW
QueryServiceConfigA
QueryServiceStatus
RegCloseKey
RegCreateKeyExA
RegCreateKeyExW
RegDeleteKeyA
RegEnumKeyExA
RegEnumValueA
RegEnumValueW
RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
StartServiceA
StartServiceW
UnlockServiceDatabase
RegDeleteKeyW

gdi32

FONTOBJ_cGetAllGlyphHandles
GdiEntry14
SetRelAbs
CreateBitmap

kernel32

CloseHandle
CreateEventA
CreateFileA
CreateFileW
CreateProcessA
DeleteFiber
DisableThreadLibraryCalls
DuplicateHandle
ExpandEnvironmentStringsW
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetDateFormatA
GetFileSize
GetLocalTime
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetTimeFormatA
GetVersionExA
InterlockedDecrement
InterlockedIncrement
LoadLibraryA
LocalAlloc
LocalFree
MultiByteToWideChar
OpenEventA
OutputDebugStringA
SetEndOfFile
SetFilePointer
SetFileTime
SetUnhandledExceptionFilter
Sleep
TerminateProcess
UnhandledExceptionFilter
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcmpiA
lstrcmpiW
lstrlenA
lstrlenW
VirtualAlloc
FindResourceW
GetEnvironmentVariableA
GetProcessHeap
IsBadReadPtr
LoadResource
LockResource
lstrcpyW
GetProcAddress
GetModuleHandleW
ExitProcess
DecodePointer
GetCommandLineA
HeapSetInformation
GetStartupInfoW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
EncodePointer
GetLastError
SetConsoleCtrlHandler
InterlockedExchange
LoadLibraryW
GetLocaleInfoW
IsDebuggerPresent
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetStdHandle
IsProcessorFeaturePresent
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
HeapFree
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
RtlUnwind
HeapAlloc
HeapReAlloc
LCMapStringW
GetStringTypeW

ole32

CoQueryClientBlanket
StringFromCLSID
CoTaskMemFree

rpcrt4

RpcSsGetThreadHandle
RpcSmFree
MesIncrementalHandleReset
NdrClientCall2
RpcAsyncAbortCall
RpcBindingFromStringBindingW
RpcStringBindingComposeW

shell32

ShellExecuteA

user32

MessageBoxIndirectW
wsprintfA
PaintDesktop
CharNextA
InSendMessageEx
LoadStringA

Sections

.text
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 434KB - Virtual size: 434KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512KB - Virtual size: 520KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3ba1120b07cb6424539e2d243ca78436

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

gdi32

kernel32

ole32

rpcrt4

shell32

user32

Sections

.text Size: 49KB - Virtual size: 49KB

.rdata Size: 434KB - Virtual size: 434KB

.data Size: 512KB - Virtual size: 520KB

.text
Size: 49KB - Virtual size: 49KB

.rdata
Size: 434KB - Virtual size: 434KB

.data
Size: 512KB - Virtual size: 520KB