45598ec3b056ea355673569ca78aa1cd8af4fae746f8c6f28546e904cfb578ee_unpacked

Sharing

Copy URL Twitter E-mail

General

Target

45598ec3b056ea355673569ca78aa1cd8af4fae746f8c6f28546e904cfb578ee_unpacked
Size

114KB
MD5

b9e3a6b92fe42dab13001d03ff8c95fa
SHA1

10e2e0b1f1efee2e3605922e3c40d310827e0598
SHA256

45598ec3b056ea355673569ca78aa1cd8af4fae746f8c6f28546e904cfb578ee
SHA512

a233a809559f0c68e0069322982ce86ca5eaf634de7a737b411b8d290dbd2fa5dbf1d4ef3def2abde64603867513698959dcc3d48325180d39b0b9bd1f532481
SSDEEP

3072:QCTQd2Z+si/QWWPxLinBY21Nl8mD7+QS9LPv6GLRWrXTd:REd2NRcHOkaQS9Lvforp

Score

N/A

Malware Config

Signatures

Files

45598ec3b056ea355673569ca78aa1cd8af4fae746f8c6f28546e904cfb578ee_unpacked
.exe windows x86

705d08d26bec39d763467604023ca788

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
HeapAlloc
HeapFree
GetProcessHeap
GetModuleHandleW
GetLastError
ProcessIdToSessionId
LocalFree
LockFileEx
UnlockFileEx
FreeLibrary
VirtualQueryEx
GetTickCount
VirtualAllocEx
HeapReAlloc
VirtualAlloc
GetFileAttributesW
WTSGetActiveConsoleSessionId
CreateFileW
lstrcatW
ResumeThread
CreateProcessW
GetCurrentProcessId
MoveFileExW
LoadLibraryA
SetThreadContext
CreateToolhelp32Snapshot
SetLastError
WaitForSingleObject
GetCommandLineW
Process32FirstW
WideCharToMultiByte
GetLocalTime
GetTempFileNameW
GetModuleFileNameW
Process32NextW
CreateThread
UnmapViewOfFile
lstrcmpiW
Wow64DisableWow64FsRedirection
IsWow64Process
DeleteFileW
SetFileAttributesW
Sleep
GetVolumeInformationW
GetNativeSystemInfo
VirtualProtectEx
lstrcpyW
GetComputerNameW
WriteFile
TerminateProcess
GetTempPathW
MapViewOfFile
CreateDirectoryW
SetEvent
SetFilePointer
VirtualFree
SetErrorMode
CreateEventW
GetThreadContext
FlushFileBuffers
lstrlenW
WriteProcessMemory
CreateFileMappingW
lstrlenA
CloseHandle
LoadLibraryW
SignalObjectAndWait
GetCurrentThreadId
ReleaseMutex
GetFileSize
CreateMutexW
ExitProcess
ResetEvent
GetWindowsDirectoryW
MultiByteToWideChar
GetCurrentProcess

advapi32

CryptVerifySignatureW
CryptEncrypt
CryptAcquireContextW
CryptGenKey
CryptDuplicateHash
AdjustTokenPrivileges
GetTokenInformation
RegCloseKey
CryptCreateHash
CryptDecrypt
RegisterServiceCtrlHandlerExW
OpenProcessToken
OpenSCManagerW
ImpersonateLoggedOnUser
CryptDestroyKey
StartServiceW
CryptGetHashParam
DeleteService
CreateProcessAsUserW
DuplicateTokenEx
LookupPrivilegeValueW
OpenServiceW
CloseServiceHandle
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
CryptDestroyHash
CryptImportKey
CryptExportKey
CryptReleaseContext
EnumServicesStatusExW
GetServiceDisplayNameW
QueryServiceConfig2W
CreateServiceW
StartServiceCtrlDispatcherW
SetServiceStatus
RevertToSelf
GetLengthSid
ChangeServiceConfig2W

crypt32

CryptDecodeObjectEx

ntdll

RtlComputeCrc32
NtUnmapViewOfSection
_vsnprintf
_snwprintf
RtlGetVersion
_snprintf
memset
_vsnwprintf
memcpy

shell32

SHGetFolderPathW
SHFileOperationW

urlmon

ObtainUserAgentString

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

wininet

InternetCloseHandle
HttpSendRequestExA
InternetQueryOptionW
InternetReadFileExW
HttpSendRequestW
InternetOpenW
InternetSetStatusCallbackW
InternetReadFileExA
InternetCrackUrlW
HttpOpenRequestW
InternetReadFile
InternetConnectW
HttpQueryInfoW
InternetSetOptionW
HttpEndRequestW

wtsapi32

WTSFreeMemory
QueryUserToken

Sections

.text
Size: 38KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 62KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.SCY
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

705d08d26bec39d763467604023ca788

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

crypt32

ntdll

shell32

urlmon

userenv

wininet

wtsapi32

Sections

.text Size: 38KB - Virtual size: 40KB

.rdata Size: 3KB - Virtual size: 4KB

.data Size: 62KB - Virtual size: 64KB

.reloc Size: 3KB - Virtual size: 4KB

.SCY Size: 6KB - Virtual size: 8KB

.text
Size: 38KB - Virtual size: 40KB

.rdata
Size: 3KB - Virtual size: 4KB

.data
Size: 62KB - Virtual size: 64KB

.reloc
Size: 3KB - Virtual size: 4KB

.SCY
Size: 6KB - Virtual size: 8KB