cb8f3a550be9fa7c0b8d4ba70b7162e109f052566b7a159513a60c8e41011562

Sharing

Copy URL Twitter E-mail

General

Target

cb8f3a550be9fa7c0b8d4ba70b7162e109f052566b7a159513a60c8e41011562
Size

225KB
MD5

90342cc9aa7b5992929caefcdc5c4ef0
SHA1

d6bf2cd3b44a064a0d2dd895e0762aa335d81539
SHA256

cb8f3a550be9fa7c0b8d4ba70b7162e109f052566b7a159513a60c8e41011562
SHA512

5d66f78ff767c890f150e008b3b63d1d89612844fc490a1d2f7eb31cfa65530a901c5933e7bc58b34e46b21154f7d7f1952b0d27d8ac32fbf31d7a84329c4eb7
SSDEEP

3072:tDDD6IsutM+dpbLMp3cKAArDZz4N9GhbkUNEkss3+n0HNuC/1O0CxIxdEI:tDP/pMpxyN90vEjs3+ATxa

Score

N/A

Malware Config

Signatures

Files

cb8f3a550be9fa7c0b8d4ba70b7162e109f052566b7a159513a60c8e41011562
.exe windows x86

179db66fe211acf45417b4510acc6d7d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
InitiateSystemShutdownExW
CreateProcessAsUserW
RegDeleteKeyW
RegQueryValueExW
RegEnumKeyW
RegDeleteValueW
ConvertSidToStringSidW
RegOpenKeyExW
AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueW
CopySid
GetTokenInformation
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
GetLengthSid
IsValidSid
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
InitializeSecurityDescriptor
CryptReleaseContext
DecryptFileA
CryptGenRandom
CryptAcquireContextW
EventRegister
EventUnregister
EventWrite
EventEnabled
TraceMessage

kernel32

LocalFree
ProcessIdToSessionId
GetCurrentProcessId
FormatMessageW
CreateFileW
GetFullPathNameW
GetCurrentProcess
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
CreateEventW
GetSystemDirectoryW
GetFileAttributesA
CreateDirectoryA
GetSystemDirectoryA
RemoveDirectoryW
FindClose
FindNextFileW
MoveFileExW
DeleteFileW
lstrcmpW
FindFirstFileW
OutputDebugStringW
lstrlenW
GetFileAttributesW
GetLastError
GetExitCodeProcess
GetExitCodeThread
GetSystemWindowsDirectoryW
LoadLibraryW
GetProcAddress
FreeLibrary
GetCommandLineW
CreateThread
MultiByteToWideChar
CloseHandle
WaitForSingleObject
InterlockedExchange
Sleep
InterlockedCompareExchange
GetStartupInfoW
SetUnhandledExceptionFilter
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter

gdi32

GetDeviceCaps
CreateFontIndirectW
DeleteObject
CreateCompatibleDC
SelectObject
GetTextExtentPoint32W
DeleteDC
GetStockObject

user32

EndPaint
FillRect
GetClientRect
BeginPaint
EnableWindow
GetDlgItem
SetDlgItemTextW
UpdateWindow
GetSystemMetrics
LoadCursorW
LoadIconW
EndDialog
DialogBoxParamW
SetRect
MessageBoxW
PostMessageW
CreateAcceleratorTableW
DestroyAcceleratorTable
TranslateAcceleratorW
RegisterClassExW
CreateWindowExW
ShutdownBlockReasonCreate
ShutdownBlockReasonDestroy
DestroyWindow
DefWindowProcW
MsgWaitForMultipleObjects
TranslateMessage
DispatchMessageW
PeekMessageW
SendMessageW
ReleaseDC
GetDC
SendDlgItemMessageW
ShowWindow
SystemParametersInfoW

msvcrt

_onexit
_except_handler4_common
?terminate@@YAXXZ
_controlfp
_vsnwprintf
memset
_lock
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_amsg_exit
_initterm
_wcmdln
__set_app_type
__dllonexit
_unlock
wcsrchr
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
memcpy
_vsnprintf
_wcsnicmp
wcschr
??2@YAPAXI@Z
??3@YAXPAX@Z
_wcsicmp

ole32

CoUninitialize
CoCreateInstance
CoInitializeEx

oleaut32

SysFreeString
VariantInit
SysAllocString

shell32

CommandLineToArgvW
ShellExecuteExW

dpx

DpxNewJob

wtsapi32

WTSQueryUserToken

comctl32

InitCommonControlsEx

Sections

.text
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

mglhsib
Size: 31KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

zswxfyg
Size: 31KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

zhcrdjh
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

179db66fe211acf45417b4510acc6d7d

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

msvcrt

ole32

oleaut32

shell32

dpx

wtsapi32

comctl32

Sections

.text Size: 47KB - Virtual size: 46KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 85KB - Virtual size: 84KB

.reloc Size: 30KB - Virtual size: 31KB

mglhsib Size: 31KB - Virtual size: 32KB

zswxfyg Size: 31KB - Virtual size: 32KB

zhcrdjh Size: - Virtual size: 4KB

.text
Size: 47KB - Virtual size: 46KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 85KB - Virtual size: 84KB

.reloc
Size: 30KB - Virtual size: 31KB

mglhsib
Size: 31KB - Virtual size: 32KB

zswxfyg
Size: 31KB - Virtual size: 32KB

zhcrdjh
Size: - Virtual size: 4KB