0b85edb8db85e0e7f55e7e8a23eb22622255fd579db204c86870fbe42b3a7e1d

Sharing

Copy URL Twitter E-mail

General

Target

0b85edb8db85e0e7f55e7e8a23eb22622255fd579db204c86870fbe42b3a7e1d
Size

61KB
MD5

8185aad5f0af3771336b72f0fb47b191
SHA1

1d63034068ad46ef1f13e5177d02ffa43ea24469
SHA256

0b85edb8db85e0e7f55e7e8a23eb22622255fd579db204c86870fbe42b3a7e1d
SHA512

1d5591b5b919eb6c62ba10f1a60d0ec11d80d5b8ae704bcb3c851bbfdc4717cb6fe934200d4fdc9e8d2baf835c941efc864df0887439e816a017e7fa47addf71
SSDEEP

1536:3m8znf4T+nVZWhkyRrm2elqzFkPgMQWfXxTHiy:mT+VYRqHqMQWPxTHJ

Score

N/A

Malware Config

Signatures

Files

0b85edb8db85e0e7f55e7e8a23eb22622255fd579db204c86870fbe42b3a7e1d
.exe windows x86

d72af5ead6ebab278b47fb4a9059184e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MoveFileW
QueryPerformanceCounter
GetExitCodeProcess
Sleep
GetFileAttributesW
GetCurrentThreadId
GetCurrentProcess
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
TlsAlloc
ExitProcess
HeapCreate
GetModuleFileNameA
GetStartupInfoA
GetEnvironmentStringsW
GetTickCount
GetCurrentProcessId
GetModuleHandleA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LoadLibraryA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetProcessHeap
ExpandEnvironmentStringsA
GetLastError
MultiByteToWideChar
CreateMutexW
CreateEventW
GetModuleFileNameW
GetVersionExW
LoadLibraryW
InitializeCriticalSection
SetEvent
WaitForSingleObject
CreateDirectoryW
RaiseException
FreeLibrary
GetLocalTime
GetProcAddress

user32

GetForegroundWindow

advapi32

RegOpenKeyExA
RegQueryValueExA
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
SetSecurityDescriptorDacl
InitializeSecurityDescriptor

shell32

ShellExecuteW

query

CIState
LocateCatalogs
SetupCacheEx
CIBuildQueryNode
CIMakeICommand
CollectFILTERPerformanceData

msls31

LsSetDoc
LsdnSetRigidDup
LsAppendRunToCurrentSubline
LsMatchPresSubline
LsdnGetFormatDepth
LsFetchAppendToCurrentSubline
LssbGetDurTrailInSubline
LsdnGetCurTabInfo
LsGetSpecialEffectsSubline
LsGetReverseLsimethods

Sections

.edata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.QMx
Size: 1KB - Virtual size: 179KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.AGb
Size: 1KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 7KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 346KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 8KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d72af5ead6ebab278b47fb4a9059184e

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

query

msls31

Sections

.edata Size: 1KB - Virtual size: 1KB

.QMx Size: 1KB - Virtual size: 179KB

.text Size: 13KB - Virtual size: 16KB

.AGb Size: 1KB - Virtual size: 31KB

.rdata Size: 2KB - Virtual size: 33KB

.edata Size: 7KB - Virtual size: 48KB

.data Size: 6KB - Virtual size: 346KB

.edata Size: 8KB - Virtual size: 73KB

.rsrc Size: 18KB - Virtual size: 18KB

.edata
Size: 1KB - Virtual size: 1KB

.QMx
Size: 1KB - Virtual size: 179KB

.text
Size: 13KB - Virtual size: 16KB

.AGb
Size: 1KB - Virtual size: 31KB

.rdata
Size: 2KB - Virtual size: 33KB

.edata
Size: 7KB - Virtual size: 48KB

.data
Size: 6KB - Virtual size: 346KB

.edata
Size: 8KB - Virtual size: 73KB

.rsrc
Size: 18KB - Virtual size: 18KB