2671de593e0d3df674c83fdcbed9a6d1dc13cf4032d206b43f847d4143886a4d

Sharing

Copy URL

Twitter E-mail

General

Target

2671de593e0d3df674c83fdcbed9a6d1dc13cf4032d206b43f847d4143886a4d
Size

432KB
MD5

0b70faa5bdf5fab330e30568c59c6a20
SHA1

4dc07c2a6d613b77da78dc3a34a7aec0f8284d53
SHA256

2671de593e0d3df674c83fdcbed9a6d1dc13cf4032d206b43f847d4143886a4d
SHA512

4818dad35b8e56bad24f76a10dd261920b06cc8b4c0822cebf9ec67967e80bd8945e66244cee60bf088abc6bd32c889a8068474374f2a9010a8c0c501715984a
SSDEEP

12288:UhSjuhnGw30DhEkoRAhKMslnqRbeUTtNw/wu5xONFFhkX:UhSjwn6EkoRAhjslnqRbPTtNw/wu5OP8

Score

N/A

Malware Config

Signatures

Files

2671de593e0d3df674c83fdcbed9a6d1dc13cf4032d206b43f847d4143886a4d
.dll windows x86

a9a5fceeed9eb83a9f37c966582035f0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

?what@exception@@UBEPBDXZ
wcschr
_wcslwr_s
_itow_s
iswalpha
_ftol2
_time64
_wsplitpath_s
_except_handler4_common
_onexit
__dllonexit
_unlock
_lock
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
__CxxFrameHandler3
_CxxThrowException
_callnewh
malloc
free
wcscat_s
wcscpy_s
_wcsnicmp
_wcsicmp
_purecall
_vsnwprintf
??0exception@@QAE@XZ
memmove_s
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
memcpy_s
_wcslwr
wcsrchr
wcsstr
wcsncmp
memcpy
memset
towlower
wcstoul
_vsnwprintf_s
iswdigit
_wtoi
wcstod
wcstol
calloc
_gmtime32_s
memcmp

advapi32

RegDeleteValueW
OpenSCManagerW
QueryServiceConfigW
OpenServiceW
CloseServiceHandle
RegEnumValueW
ConvertSidToStringSidW
OpenProcessToken
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
TraceEvent
RegQueryValueExW
GetTokenInformation
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegCreateKeyExW
RegGetValueW
EnumServicesStatusExW
RegSetKeySecurity
SetSecurityDescriptorDacl
RegLoadKeyW
RegUnLoadKeyW
RegLoadAppKeyW
RegEnumKeyExW
TraceMessage
RegOpenKeyW
RegCloseKey
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
SetEntriesInAclW
InitializeSecurityDescriptor

apphelp

ApphelpDebugPrintf
SdbInitDatabase
SdbGetMatchingExe
SdbReleaseDatabase

shlwapi

StrRetToBufW
PathAppendW
PathIsRelativeW
PathIsUNCW
PathFindExtensionW
PathCombineW
SHGetValueW
PathUnquoteSpacesW
ord487
PathRemoveFileSpecW
ord225
PathStripToRootW
PathIsRootW
PathFindFileNameW
PathSkipRootW
PathFileExistsW
PathIsSameRootW
PathIsNetworkPathW
PathUnExpandEnvStringsW

kernel32

LocalAlloc
HeapAlloc
HeapFree
GetProcessHeap
GetLastError
GetTempPathW
GetTempFileNameW
DeleteFileW
LocalFree
GetSystemTime
SystemTimeToFileTime
CreateMutexW
WaitForSingleObject
FindClose
FindNextFileW
FindFirstFileW
ExpandEnvironmentStringsW
MoveFileW
ReleaseMutex
CloseHandle
Sleep
InterlockedExchange
GetVersionExW
OutputDebugStringA
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetBinaryTypeW
GetFileAttributesExW
GetFileAttributesW
GetSystemWindowsDirectoryW
GetVolumePathNameW
GetVolumeInformationW
GetVolumeNameForVolumeMountPointW
CreateFileW
GetFileInformationByHandle
GetFileSizeEx
CreateFileMappingW
MapViewOfFile
VirtualQuery
UnmapViewOfFile
GetFileSize
InterlockedIncrement
InterlockedDecrement
WriteFile
ReadFile
FreeLibrary
GetModuleHandleW
GetSystemDirectoryW
LoadLibraryW
GetProcAddress
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
HeapSize
LoadLibraryExW
GetLongPathNameW
GetFullPathNameW
SearchPathW
QueryPerformanceFrequency
CreateActCtxW
QueryActCtxW
ReleaseActCtx
RaiseException
LocaleNameToLCID
FileTimeToSystemTime
lstrcmpiW
InterlockedCompareExchange

ntdll

RtlAllocateHeap
RtlFreeHeap
RtlDoesFileExists_U
EtwTraceMessage
RtlGetVersion
EtwEventWriteNoRegistration
RtlValidateHeap
RtlReAllocateHeap
RtlCompareMemory
RtlCheckTokenMembership
RtlFreeSid
RtlAllocateAndInitializeSid
RtlNtStatusToDosError
RtlAdjustPrivilege
RtlAcquireSRWLockExclusive
RtlReleaseSRWLockExclusive
RtlSizeHeap

ole32

CoCreateInstance
CoInitializeEx
CoUninitialize

oleaut32

VariantClear
VarBstrCat
SysStringLen
SysFreeString
VariantInit
SysAllocString
SysAllocStringByteLen
SysStringByteLen

shell32

SHGetDesktopFolder
SHGetFolderPathW
SHGetPathFromIDListW
SHBindToParent
CommandLineToArgvW
SHGetSpecialFolderLocation
SHGetMalloc

xmllite

CreateXmlWriterOutputWithEncodingName
CreateXmlWriter

wdscore

ConstructPartialMsgVW
WdsSetupLogMessageW
CurrentIP

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoInitialize
RoUninitialize

api-ms-win-core-com-l1-1-0

StringFromGUID2
CoGetTreatAsClass

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsGetStringRawBuffer

msi

ord173
ord141
ord248
ord113
ord92
ord32
ord159
ord166
ord115
ord118
ord8
ord160
ord294
ord158
ord41
ord37
ord125
ord246
ord78
ord150
ord70
ord17

sfc

SfcIsFileProtected

version

VerQueryValueW
GetFileVersionInfoExW
GetFileVersionInfoSizeExW

Exports

Exports

CollectMatchingInfo
CollectMatchingInformation
CreateSoftwareInventory
SetFileExtensionList
UpdateSoftwareInventoryW

Sections

.text
Size: 389KB - Virtual size: 389KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a9a5fceeed9eb83a9f37c966582035f0

Headers

File Characteristics

Imports

msvcrt

advapi32

apphelp

shlwapi

kernel32

ntdll

ole32

oleaut32

shell32

xmllite

wdscore

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

msi

sfc

version

Exports

Exports

Sections

.text Size: 389KB - Virtual size: 389KB

.data Size: 6KB - Virtual size: 7KB

.idata Size: 7KB - Virtual size: 6KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 27KB - Virtual size: 27KB

.text
Size: 389KB - Virtual size: 389KB

.data
Size: 6KB - Virtual size: 7KB

.idata
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 27KB - Virtual size: 27KB