109a8f36ef129ffdb2be374c993e24450c2077846cfff171a509139eeeb83cf6

Sharing

Copy URL Twitter E-mail

General

Target

109a8f36ef129ffdb2be374c993e24450c2077846cfff171a509139eeeb83cf6
Size

273KB
MD5

773069cd40562b5c6cba546ad04fb580
SHA1

91971343038258339438f529cbeca10fc02b8b12
SHA256

109a8f36ef129ffdb2be374c993e24450c2077846cfff171a509139eeeb83cf6
SHA512

62ad8ab19e214f5e2b365945905081eb5839540d3e3d84fd16ce9324019e20ac6d3cf1f9abc25075a4354f313a7c23c873b7872684216c7ad3a1e3d5f212292f
SSDEEP

6144:wViAQ+//dBq1SBpujk/Q6HRbHf323qN5dTjsEnsUXqHmKFCHqq:dAn//dB1rujkQUXImMuj

Score

N/A

Malware Config

Signatures

Files

109a8f36ef129ffdb2be374c993e24450c2077846cfff171a509139eeeb83cf6
.exe windows x86

642dabf94c4f159337031e5c3dcd6b3a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

NtUnmapViewOfSection
NtMapViewOfSection
NtQuerySystemInformation

shlwapi

PathCombineW

wininet

HttpOpenRequestA
InternetSetOptionA
InternetReadFile
InternetCrackUrlA
InternetQueryOptionW
InternetConnectA
HttpQueryInfoA
HttpSendRequestA
InternetCloseHandle
InternetQueryOptionA
InternetOpenA

kernel32

LoadLibraryA
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
CloseHandle
HeapReAlloc
HeapAlloc
InterlockedIncrement
InterlockedDecrement
HeapFree
InterlockedCompareExchange
GetProcessHeap
HeapDestroy
HeapCreate
InterlockedExchange
WideCharToMultiByte
MultiByteToWideChar
WaitForSingleObject
GetProcAddress
CreateDirectoryW
WriteFile
GetFileAttributesW
ReadFile
CreateFileW
FlushFileBuffers
GetFileSizeEx
GetLastError
GetExitCodeThread
GetFileTime
DeleteFileW
SetFileAttributesW
LocalFree
GetComputerNameA
GetNativeSystemInfo
GetComputerNameW
Sleep
GetVersionExW
GetLocalTime
SwitchToThread
CreateProcessW
ExitProcess
OpenProcess
Thread32First
VirtualFreeEx
GetExitCodeProcess
Thread32Next
GetModuleFileNameW
SetThreadPriority
VirtualAllocEx
OpenThread
CreateFileMappingW
Module32FirstW
Module32NextW
GetCurrentProcessId
WriteProcessMemory
CreateThread
SetEvent
CreateEventW
CreateMutexW
OpenMutexW
ReleaseMutex
WaitForMultipleObjects
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
ReleaseSemaphore
CreateSemaphoreW
WTSGetActiveConsoleSessionId
GetThreadTimes
GetProcessTimes
GetCurrentThread
GetTickCount
GetCurrentProcess
CreateRemoteThread

user32

CloseDesktop
OpenInputDesktop
GetLastInputInfo
ExitWindowsEx
GetThreadDesktop
WaitForInputIdle
GetUserObjectInformationW

advapi32

CryptAcquireContextW
CryptReleaseContext
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
OpenProcessToken
RegSetValueExW
RegFlushKey
RegOpenKeyExW
RegOpenKeyExA
RegQueryValueExW
RegQueryValueExA
RegCreateKeyExW
AdjustTokenPrivileges
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegDeleteValueW
RegEnumValueW
RegCloseKey
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
LookupPrivilegeValueW
CryptGenRandom
RegOpenKeyW

shell32

SHGetFolderPathW

Exports

Exports

_core_entry@4

Sections

.text
Size: 259KB - Virtual size: 259KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

text32
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

text64
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

642dabf94c4f159337031e5c3dcd6b3a

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

shlwapi

wininet

kernel32

user32

advapi32

shell32

Exports

Exports

Sections

.text Size: 259KB - Virtual size: 259KB

text32 Size: 2KB - Virtual size: 2KB

.bss Size: - Virtual size: 1KB

.data Size: 3KB - Virtual size: 2KB

.edata Size: 512B - Virtual size: 80B

.reloc Size: 5KB - Virtual size: 4KB

text64 Size: 2KB - Virtual size: 1KB

.text
Size: 259KB - Virtual size: 259KB

text32
Size: 2KB - Virtual size: 2KB

.bss
Size: - Virtual size: 1KB

.data
Size: 3KB - Virtual size: 2KB

.edata
Size: 512B - Virtual size: 80B

.reloc
Size: 5KB - Virtual size: 4KB

text64
Size: 2KB - Virtual size: 1KB