54188da224fce510b925e1f3cea774460fac91199b7ed83b63891b64a825075c

Sharing

Copy URL

Twitter E-mail

General

Target

54188da224fce510b925e1f3cea774460fac91199b7ed83b63891b64a825075c
Size

182KB
MD5

90421b27d94eeeeede3a31a395f16c98
SHA1

ae465431e350918dd5a65dbe57bcc7af3112246c
SHA256

54188da224fce510b925e1f3cea774460fac91199b7ed83b63891b64a825075c
SHA512

4210a669d1691f226f229aa1e80a53a58ce38d76e8d455b024eaafad6a45910f730a6e67fd0056392266fe79368ca6c1afced7c4adb676c49a82158c4681c331
SSDEEP

3072:tD2O5zCwPSwTnBn2mFyhOGoezv5pO+Yd9aOeX1kMtaM5k:YO5eqViQ6pz5

Score

N/A

Malware Config

Signatures

Files

54188da224fce510b925e1f3cea774460fac91199b7ed83b63891b64a825075c
.exe windows x86

5a93aec46646638e0e1987b72680176f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

TraceMessage
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
InitializeSid
GetSidLengthRequired
GetSidSubAuthority
OpenThreadToken
OpenProcessToken
GetTokenInformation
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegFlushKey
RegCreateKeyExW
RegCreateKeyW
RegOpenKeyW

kernel32

GetModuleHandleW
SetProcessShutdownParameters
GetCurrentProcessId
ProcessIdToSessionId
GetCommandLineA
GetVersionExA
GetStartupInfoA
SetUnhandledExceptionFilter
GetProcAddress
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCurrentThreadId
GetCurrentThread
HeapDestroy
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
OutputDebugStringA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
LeaveCriticalSection
EnterCriticalSection
WTSGetActiveConsoleSessionId
FreeLibrary
LoadLibraryExA
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
HeapSetInformation
Sleep
VirtualAlloc
HeapReAlloc
SetFilePointer
GetConsoleCP
GetConsoleMode
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
VirtualProtect
GetSystemInfo
VirtualQuery
CreateFileA
FlushFileBuffers
LocalAlloc
LocalFree
InterlockedCompareExchange
CreateEventW
SetEvent
ResetEvent
WaitForSingleObject
WaitForMultipleObjects
CreateThread
GetModuleHandleExW
SwitchToThread
OpenThread
FreeLibraryAndExitThread
GetProcessId
GetSystemDirectoryW
QueryFullProcessImageNameW
HeapAlloc
lstrcmpW
OpenProcess
HeapSize
RaiseException
GetVersionExW
CreateMutexW
GetLastError
CloseHandle
CompareStringW

ntdll

NtQueryInformationProcess
RtlUnwind

wtsapi32

WTSFreeMemory
WTSDisconnectSession
WTSLogoffSession
WTSQuerySessionInformationW

slc

SLGetWindowsInformationDWORD

user32

DispatchMessageW
PeekMessageW
DefWindowProcW
RegisterClassExW
GetClassInfoExW
SetTimer
KillTimer
PostThreadMessageW
PostMessageW
SetWindowLongW
GetWindowLongW
LoadCursorW
SendNotifyMessageW
RegisterWindowMessageW
GetWindowThreadProcessId
IsWindow
SetWindowPos
DestroyIcon
CopyImage
GetIconInfo
EnumDisplayDevicesW
DestroyWindow
MsgWaitForMultipleObjectsEx
GetSystemMetrics
CreateWindowExW
UnregisterClassW

shlwapi

PathCombineW
ord9
ord8

shell32

ShellExecuteExW

rpcrt4

RpcStringFreeW
RpcImpersonateClient
RpcServerInqCallAttributesW
RpcServerInqBindingHandle
RpcStringBindingParseW
RpcBindingToStringBindingW
RpcServerListen
RpcMgmtWaitServerListen
RpcServerRegisterIfEx
RpcServerUseProtseqEpW
NdrServerCall2
RpcRevertToSelf

gdi32

DeleteObject
DeleteDC
GetDIBits
CreateDCW
ExtEscape
GetObjectW
CreateCompatibleDC
SelectObject

Sections

.text
Size: 137KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

cmtfpmz
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5a93aec46646638e0e1987b72680176f

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

ntdll

wtsapi32

slc

user32

shlwapi

shell32

rpcrt4

gdi32

Sections

.text Size: 137KB - Virtual size: 136KB

.data Size: 5KB - Virtual size: 13KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 37KB - Virtual size: 38KB

cmtfpmz Size: - Virtual size: 4KB

.text
Size: 137KB - Virtual size: 136KB

.data
Size: 5KB - Virtual size: 13KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 37KB - Virtual size: 38KB

cmtfpmz
Size: - Virtual size: 4KB