4ab6ec2e81f2def6b8f520d2e1f601e4dd5aae6a4ee0f1fae07ae980716a92ac

Sharing

Copy URL Twitter E-mail

General

Target

4ab6ec2e81f2def6b8f520d2e1f601e4dd5aae6a4ee0f1fae07ae980716a92ac
Size

273KB
MD5

a0820d3f9f03b05fc752c67cce779730
SHA1

9e27e1afd428eb84d7c19a35cb1f1649cc431953
SHA256

4ab6ec2e81f2def6b8f520d2e1f601e4dd5aae6a4ee0f1fae07ae980716a92ac
SHA512

ba5fb7ff2c07e70c5f7bb72f09137fe7a52677f93ffc0a6b6676345b138605ba24a25675cb8a09701c50f1983183239d1caf46e182388c1aac23a9582fc9ebdd
SSDEEP

6144:fwRra49GPXbaxHzYrM8ukYAf7vHYGGoB9pWdns:fwP4OxHE5tYe4GGW9pIs

Score

N/A

Malware Config

Signatures

Files

4ab6ec2e81f2def6b8f520d2e1f601e4dd5aae6a4ee0f1fae07ae980716a92ac
.exe windows x86

a4dffea16b44ad9cc2d83438b7d45764

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

NtOpenFile
_allrem
RtlInitUnicodeString
wcscpy
RtlSubAuthoritySid
NtWriteFile
RtlInitializeSid
RtlAddAccessAllowedAce
NtTerminateThread
_wcsupr
NtOpenSymbolicLinkObject
RtlNewSecurityObject
RtlRaiseStatus
RtlMultiByteToUnicodeN
RtlCreateSecurityDescriptor
RtlCreateUserThread
RtlTimeToTimeFields
RtlSetBits
RtlInitializeBitMap
RtlValidRelativeSecurityDescriptor
RtlOemToUnicodeN

msvcrt

_controlfp
strchr
free
atoi
_errno
wcscpy
fopen
_except_handler3
wcslen
printf
_wcsicmp
__winitenv
__wgetmainargs
exit
??2@YAPAXI@Z
_initterm
__setusermatherr
time
fputs
toupper

kernel32

LocalAlloc
VirtualAlloc
GlobalLock
GlobalAlloc
FormatMessageW
GetSystemInfo
GetStringTypeA
ResetEvent
lstrcpynA
SetLastError
GlobalSize
GetModuleFileNameW
GetCommandLineA
LoadLibraryA
GetEnvironmentStrings
SetFilePointer
GetProcAddress
LoadLibraryExA
GetSystemDirectoryW
CreateThread
HeapSize
OutputDebugStringA

ulib

?Initialize@WSTRING@@QAEEPBDK@Z
?QueryString@WSTRING@@QBEPAV1@KK@Z
?DisplayMessage@PROGRAM@@UBEEKW4MESSAGE_TYPE@@@Z
?SetFileName@FSN_FILTER@@QAEEPBVWSTRING@@@Z
?Initialize@PATH@@QAEEPBVWSTRING@@E@Z
??1PROGRAM@@UAE@XZ
??0DSTRING@@QAE@XZ
?Initialize@PATH@@QAEEPBV1@E@Z
??0PROGRAM@@IAE@XZ
?Strcat@WSTRING@@QAEEPBV1@@Z
?Initialize@PROGRAM@@QAEEKKK@Z
??0PATH_ARGUMENT@@QAE@XZ
?DoParsing@ARGUMENT_LEXEMIZER@@QAEEPAVARRAY@@@Z
??1PATH_ARGUMENT@@UAE@XZ
??1PATH@@UAE@XZ
?SetCaseSensitive@ARGUMENT_LEXEMIZER@@QAEXE@Z
?Initialize@ARRAY@@QAEEKK@Z
??0ARRAY@@QAE@XZ
?IsValueSet@ARGUMENT@@QAEEXZ
?Get_Standard_Input_Stream@@YGPAVSTREAM@@XZ

Sections

.text
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 119KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 88KB - Virtual size: 251KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a4dffea16b44ad9cc2d83438b7d45764

Headers

File Characteristics

Imports

ntdll

msvcrt

kernel32

ulib

Sections

.text Size: 64KB - Virtual size: 64KB

.rdata Size: 119KB - Virtual size: 118KB

.data Size: 88KB - Virtual size: 251KB

.rsrc Size: 1024B - Virtual size: 952B

.text
Size: 64KB - Virtual size: 64KB

.rdata
Size: 119KB - Virtual size: 118KB

.data
Size: 88KB - Virtual size: 251KB

.rsrc
Size: 1024B - Virtual size: 952B