30ca8c2c3ada9aeaf9eb517f9a28309d10d3eacd4f8ebade0050e6e9fceafea1

Sharing

Copy URL

Twitter E-mail

General

Target

30ca8c2c3ada9aeaf9eb517f9a28309d10d3eacd4f8ebade0050e6e9fceafea1
Size

76KB
MD5

a0197d2747651879383af5b6e08dd2b1
SHA1

4e17113451fe19cabcb3f409570e48867a2035eb
SHA256

30ca8c2c3ada9aeaf9eb517f9a28309d10d3eacd4f8ebade0050e6e9fceafea1
SHA512

2c57ed18f35e0a358a49a5ba824d4632c7842de9c24f35a980f112571d01348b23e66a2296f4303ae38ff03243889f14f19c50657bc162ddbc17a9f975ad56e2
SSDEEP

768:Z8jTA7UxesI8ui5S3efFeJIyZIQ6vyb/WkTxxbLfznWDF26IeY2o3sjRLQ:wA7UchiOGjQ9/WkTjniE6ISoARLQ

Score

N/A

Malware Config

Signatures

Files

30ca8c2c3ada9aeaf9eb517f9a28309d10d3eacd4f8ebade0050e6e9fceafea1
.exe windows x86

e781166848e34685b369a942fa853c23

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

RpcEpUnregister
RpcRaiseException
NdrConvert
NdrServerInitializeNew
NdrPointerFree
NdrSimpleStructFree
NdrSimpleStructMarshall
NdrSimpleStructBufferSize
NdrSimpleStructUnmarshall
RpcBindingVectorFree
I_RpcGetBuffer
RpcMgmtWaitServerListen
RpcServerListen
RpcServerRegisterAuthInfoW
RpcImpersonateClient
RpcServerInqBindings
RpcServerRegisterIf
RpcMgmtStopServerListening
RpcRevertToSelf
RpcServerUseProtseqW
RpcEpRegisterW

kernel32

FormatMessageW
LCMapStringA
MultiByteToWideChar
GetLastError
CreateProcessW
CreateFileW
lstrcatW
lstrlenW
GetWindowsDirectoryW
TerminateProcess
ResumeThread
SuspendThread
GetSystemInfo
FreeLibrary
GetProcAddress
LoadLibraryW
SetErrorMode
lstrcpyW
CloseHandle
GetFileSize
FlushFileBuffers
WaitForSingleObject
GetExitCodeProcess
CreateEventW
SetEvent
OpenEventW
ResetEvent
GetVersion
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetModuleFileNameW
CopyFileW
CompareFileTime
GetModuleHandleW
SetFileAttributesW
GetSystemDirectoryW
HeapAlloc
GetProcessHeap
HeapFree
Sleep
SetConsoleCtrlHandler
GetCommandLineW
LocalFree
GetOEMCP
GetACP
GetCPInfo
GetModuleFileNameA
WriteFile
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetModuleHandleA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
WideCharToMultiByte
UnhandledExceptionFilter
GetCommandLineA
GetCurrentProcess
SetFilePointer
LCMapStringW
SetStdHandle
GetStringTypeW
GetStringTypeA
VirtualAlloc
ExitProcess
LoadLibraryA
IsBadWritePtr
HeapReAlloc
RtlUnwind

user32

wsprintfW
WaitForInputIdle

advapi32

RegisterEventSourceW
OpenServiceW
ControlService
QueryServiceStatus
DeleteService
OpenSCManagerW
CreateServiceW
CloseServiceHandle
RegCloseKey
ReportEventW
DeregisterEventSource
SetServiceStatus
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegOpenKeyW
RegQueryValueExW

shell32

CommandLineToArgvW

ole32

OleInitialize
OleUninitialize

netapi32

NetShareGetInfo
NetApiBufferFree

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e781166848e34685b369a942fa853c23

Headers

File Characteristics

Imports

rpcrt4

kernel32

user32

advapi32

shell32

ole32

netapi32

version

Sections

.text Size: 44KB - Virtual size: 40KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 12KB - Virtual size: 17KB

.rsrc Size: 8KB - Virtual size: 6KB

.text
Size: 44KB - Virtual size: 40KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 12KB - Virtual size: 17KB

.rsrc
Size: 8KB - Virtual size: 6KB