9230a30dde72a355cf9cd58f441f7959a4518e5cc79d031dc2b382740dd5520c

Sharing

Copy URL

Twitter E-mail

General

Target

9230a30dde72a355cf9cd58f441f7959a4518e5cc79d031dc2b382740dd5520c
Size

261KB
MD5

7851d2ffacfecf5286dc3a934e6d30c0
SHA1

f853d6289f6d3e94197c52761c6829755403881b
SHA256

9230a30dde72a355cf9cd58f441f7959a4518e5cc79d031dc2b382740dd5520c
SHA512

c346d8314ac9b4aa6d4f76f1451d0338761dd40e3a0eea23f0e13716033c9d6b6b3960c5aa43f99aba6d2c017fb9ddf026e8af46f988e6a6d3b47eddbf1150e0
SSDEEP

6144:JGFg35ZTXXB404eu65LEf03yKp8U6hlUZOFRKOoaS9:0oLTXx4lH65LE8hmoZUwO6

Score

N/A

Malware Config

Signatures

Files

9230a30dde72a355cf9cd58f441f7959a4518e5cc79d031dc2b382740dd5520c
.exe windows x86

8c47f50de63ea28833787bd4af526cb1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

UuidCreate

user32

wsprintfA
LoadStringW
CharToOemA
OemToCharA

kernel32

SetFileTime
CancelIo
ReleaseMutex
lstrlenA
DeleteFileA
FindNextFileA
GlobalFindAtomA
GetSystemDefaultLCID
FindFirstFileW
HeapFree
GetPrivateProfileStringW
GlobalAddAtomA
CreateThread
GetDriveTypeA
DeleteCriticalSection
IsDebuggerPresent
GetSystemDirectoryA
ReadFile
SetErrorMode
EnterCriticalSection
HeapAlloc
GetCurrentThreadId
lstrcmpiA
FindFirstFileA
SetFilePointer
GetFileTime
WriteFile
DeviceIoControl
WideCharToMultiByte
CloseHandle
GetProcessHeap
FindClose
GetVolumeInformationA
CreateFileW
WaitForMultipleObjects
SetFileAttributesA
GetSystemInfo
GetACP
CreateFileA
CreateEventA
SetVolumeLabelA
SetLastError
CopyFileW
SetUnhandledExceptionFilter
WaitForSingleObject
GetPrivateProfileStringA
lstrcpyA
FileTimeToSystemTime
GetModuleHandleA
SetFileAttributesW
GetFullPathNameA
SetEndOfFile
QueueUserWorkItem
GetThreadLocale
CopyFileA
GetOverlappedResult
GetShortPathNameA
FindResourceA
CreateMutexA
UnhandledExceptionFilter
LeaveCriticalSection
lstrlenW
DeleteFileW
GetSystemTimeAsFileTime
lstrcpynA
SizeofResource
SetThreadLocale
GetShortPathNameW
VirtualAllocEx

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

ws2_32

inet_ntoa
ntohl

iphlpapi

GetIfEntry
GetIpAddrTable

advapi32

RegCreateKeyExA
RegSetValueExA
RegCreateKeyExW
RegQueryValueExA
RegDeleteValueA
GetSecurityDescriptorDacl
IsValidSecurityDescriptor
GetSecurityDescriptorSacl
OpenSCManagerA
GetSecurityDescriptorOwner
GetSecurityDescriptorLength
RegCloseKey
RegEnumValueA
QueryServiceStatus
SetKernelObjectSecurity
LookupPrivilegeValueA
ControlService
RegQueryValueExW
RegEnumKeyExA
RegDeleteValueW
GetSecurityDescriptorControl
GetUserNameW
OpenProcessToken
StartServiceA
CloseServiceHandle
OpenServiceA
IsValidSid
GetKernelObjectSecurity
ChangeServiceConfigA
RegSetValueExW
CreateServiceW
IsValidAcl
AdjustTokenPrivileges
GetSecurityDescriptorGroup
QueryServiceConfigA
DeleteService
RegOpenKeyExA
RegDeleteKeyA

userenv

GetProfileType
FreeGPOListW
LoadUserProfileW
GetProfilesDirectoryW
GetProfilesDirectoryA
RefreshPolicy
ProcessGroupPolicyCompletedEx
GetNextFgPolicyRefreshInfo

colbact

DllRegisterServer
GetClassInfoForCurrentUser
PartitionAccessCheck

Sections

.jQzls
Size: 512B - Virtual size: 16KB

IMAGE_SCN_MEM_READ

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.IlaRAAg
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.GjeF
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UxAAnX
Size: 512B - Virtual size: 166B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.PpmnmOs
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gpxaz
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 7KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 209KB - Virtual size: 209KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.uNpF
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.YahYH
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.mywsjUp
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dxcYdXH
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8c47f50de63ea28833787bd4af526cb1

Headers

File Characteristics

Imports

rpcrt4

user32

kernel32

version

ws2_32

iphlpapi

advapi32

userenv

colbact

Sections

.jQzls Size: 512B - Virtual size: 16KB

.text Size: 19KB - Virtual size: 18KB

.IlaRAAg Size: 2KB - Virtual size: 1KB

.GjeF Size: 3KB - Virtual size: 2KB

.UxAAnX Size: 512B - Virtual size: 166B

.PpmnmOs Size: 1024B - Virtual size: 777B

.gpxaz Size: 2KB - Virtual size: 1KB

.data Size: 7KB - Virtual size: 132KB

.rdata Size: 209KB - Virtual size: 209KB

.uNpF Size: 3KB - Virtual size: 2KB

.rsrc Size: 6KB - Virtual size: 5KB

.YahYH Size: 1KB - Virtual size: 1KB

.mywsjUp Size: 2KB - Virtual size: 2KB

.dxcYdXH Size: 2KB - Virtual size: 2KB

.jQzls
Size: 512B - Virtual size: 16KB

.text
Size: 19KB - Virtual size: 18KB

.IlaRAAg
Size: 2KB - Virtual size: 1KB

.GjeF
Size: 3KB - Virtual size: 2KB

.UxAAnX
Size: 512B - Virtual size: 166B

.PpmnmOs
Size: 1024B - Virtual size: 777B

.gpxaz
Size: 2KB - Virtual size: 1KB

.data
Size: 7KB - Virtual size: 132KB

.rdata
Size: 209KB - Virtual size: 209KB

.uNpF
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 6KB - Virtual size: 5KB

.YahYH
Size: 1KB - Virtual size: 1KB

.mywsjUp
Size: 2KB - Virtual size: 2KB

.dxcYdXH
Size: 2KB - Virtual size: 2KB