4bf974f5b9490f4238ff6098470f1d94eddc4028007cf99fad162d5fad46cd6e

Sharing

Copy URL

Twitter E-mail

General

Target

4bf974f5b9490f4238ff6098470f1d94eddc4028007cf99fad162d5fad46cd6e
Size

538KB
MD5

96657026a20c30919c05b4330a65e6a0
SHA1

d5db691ec93ecbd04f6dd8fa3faf3625a5dbad5b
SHA256

4bf974f5b9490f4238ff6098470f1d94eddc4028007cf99fad162d5fad46cd6e
SHA512

70179055f9573444a42393ad2ba6a5bdd8e8feb7c044969193c1f4cbb9fd390fb8e27271ad7ee1214829051d8d0d21b4b3b9a2e703f6487e9342153b5a7d03e6
SSDEEP

12288:e7JN4ghBL02fmroh/Pn0f80oP06fE5zpOperZ/qPq:EDbhBI2fmroh/QO1M5OY/Aq

Score

N/A

Malware Config

Signatures

Files

4bf974f5b9490f4238ff6098470f1d94eddc4028007cf99fad162d5fad46cd6e
.exe windows x64

01fa62f818199f9d2a6f293d00737579

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

AllocateAndInitializeSid
FreeSid
CheckTokenMembership
RegQueryValueExW
RegEnumValueW
RegOpenKeyExW

kernel32

QueryPerformanceCounter
Sleep
GetSystemInfo
MapViewOfFile
UnmapViewOfFile
FreeLibrary
HeapAlloc
SystemTimeToFileTime
CompareFileTime
LocalFree
SetEvent
GetProcessHeap
LoadLibraryW
GetVersionExW
FileTimeToSystemTime
GetModuleFileNameW
CreateFileW
GetFileSizeEx
GetLastError
GetLocalTime
CreateFileMappingW
LocaleNameToLCID
CreateEventW
GetProductInfo
QueueUserWorkItem
GetFileTime
GetUserDefaultUILanguage
GetDiskFreeSpaceExW
CloseHandle
HeapSetInformation
GetProcAddress
GetConsoleOutputCP
FormatMessageW
GetModuleHandleW
WaitForSingleObject
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
lstrcmpiW
GetWindowsDirectoryW
lstrlenW

msvcrt

_initterm
_amsg_exit
__setusermatherr
_commode
_fmode
__set_app_type
?terminate@@YAXXZ
__C_specific_handler
exit
wcsstr
wcsrchr
strtok
atoi
strstr
wcstoul
swscanf
wcschr
mbstowcs
_wtof
??2@YAPEAX_K@Z
__wgetmainargs
wcstok
strtoul
_cexit
_exit
_XcptFilter
memset
_vsnwprintf
_getmbcp
_wsetlocale
??3@YAXPEAX@Z
_snwprintf_s
printf
_wcsnicmp
_wcsicmp
_strnicmp
memcpy

ntdll

RtlExpandEnvironmentStrings_U
RtlAnsiStringToUnicodeString
RtlInitUnicodeString
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlFreeUnicodeString
RtlInitAnsiString

ole32

CoCreateInstance
CoUninitialize
CoInitializeEx
CoGetMalloc

oleaut32

SysFreeString
SysAllocString

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

powrprof

PowerDeterminePlatformRole

Sections

.text
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 150B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vmp0
Size: 500KB - Virtual size: 1.8MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

01fa62f818199f9d2a6f293d00737579

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

ntdll

ole32

oleaut32

version

powrprof

Sections

.text Size: 33KB - Virtual size: 32KB

.data Size: 512B - Virtual size: 3KB

.pdata Size: 1024B - Virtual size: 912B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 150B

.vmp0 Size: 500KB - Virtual size: 1.8MB

.text
Size: 33KB - Virtual size: 32KB

.data
Size: 512B - Virtual size: 3KB

.pdata
Size: 1024B - Virtual size: 912B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 150B

.vmp0
Size: 500KB - Virtual size: 1.8MB