866abe98b46b6fd62adb6c193f912a4d7e314f58fc12a0e816a02fa16173ade0

Sharing

Copy URL

Twitter E-mail

General

Target

866abe98b46b6fd62adb6c193f912a4d7e314f58fc12a0e816a02fa16173ade0
Size

248KB
MD5

96c25b4d1c535f93926be00954803050
SHA1

b7cd2904600a40324083e5a717990f2f525f73d0
SHA256

866abe98b46b6fd62adb6c193f912a4d7e314f58fc12a0e816a02fa16173ade0
SHA512

d8c9c08904f1cbdc2dad99ef8eba00d3b5f31cbdccf1498dfdcfee73554e0e6bdaca672afe9f59516ed5b6972241958cf6fed5603ca0bcf8307a2e7b7e6dda54
SSDEEP

3072:tWJxBAtW4kJ3kZ05RObSyK4H2XFSleNMnFPZXf1Xub5sWADEd1HA5CF:tW1/4kBkZEhDMcMv4wEd1HA8F

Score

N/A

Malware Config

Signatures

Files

866abe98b46b6fd62adb6c193f912a4d7e314f58fc12a0e816a02fa16173ade0
.dll windows x86

c0d43ba00791437f4b4abfaafdf817eb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrStrW
StrStrIW
StrToInt64ExW

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW

kernel32

InitializeCriticalSection
LoadLibraryA
lstrcmpiW
lstrlenW
lstrcpyW
lstrcpynW
lstrcatW
GetCurrentProcess
IsWow64Process
LoadLibraryW
GetProcAddress
FreeLibrary
ExpandEnvironmentStringsW
HeapSize
GetLastError
GetCPInfo
GetLocaleInfoA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
RaiseException
RtlUnwind
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
MultiByteToWideChar
LCMapStringA
WideCharToMultiByte
LCMapStringW
ExitProcess
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
WriteFile
GetStringTypeA
GetStringTypeW

user32

wsprintfW

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

shell32

SHGetFolderPathW

Exports

Exports

42
46
47
48
64
65
66
67
??0Cwbtos45i@@QAE@XZ
??4Cwbtos45i@@QAEAAV0@ABV0@@Z
?nwbtos45i@@3HA

Sections

.text
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 980B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c0d43ba00791437f4b4abfaafdf817eb

Headers

File Characteristics

Imports

shlwapi

setupapi

kernel32

user32

advapi32

shell32

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 46KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 4KB - Virtual size: 980B

.reloc Size: 8KB - Virtual size: 5KB

.text Size: 164KB - Virtual size: 164KB

.text
Size: 48KB - Virtual size: 46KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 980B

.reloc
Size: 8KB - Virtual size: 5KB

.text
Size: 164KB - Virtual size: 164KB