0e16c2d5712fd87fe92e9091fa106b77074c347a61458fa3f37bafe850af25c8

Sharing

Copy URL

Twitter E-mail

General

Target

0e16c2d5712fd87fe92e9091fa106b77074c347a61458fa3f37bafe850af25c8
Size

51KB
MD5

006a2205a2a2e52db8d8e0009eb6b5c0
SHA1

6074640b49df59e13bc84a8978c8ad7a1376307a
SHA256

0e16c2d5712fd87fe92e9091fa106b77074c347a61458fa3f37bafe850af25c8
SHA512

d0cfa95b330b747da0ac776acdd61a83f6f42a9351e991e661663b06ee00e4ea6a37ea235500322e02f838e1be005e6e6ff316b74f7577db9ebeb306d7be4b2b
SSDEEP

768:DYKwjxGRU8tHjmlg2LyPJK8EPqjoC7pjt+REnwVNNrwbu+H2MsxzzcLij9TRtb:Ev8FjAgH5EyjztpnWNN0i+H2MUzL9T3

Score

N/A

Malware Config

Signatures

Files

0e16c2d5712fd87fe92e9091fa106b77074c347a61458fa3f37bafe850af25c8
.exe windows x86

4b2fcad000a6a13135e56d62db0a565e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegEnumValueW

kernel32

InterlockedDecrement
CloseHandle
HeapSetInformation
Sleep
SetThreadPriority
GetThreadPriority
QueryPerformanceCounter
QueryPerformanceFrequency
GetCurrentThread
GetSystemInfo
GetLastError
SystemTimeToFileTime
GetLocalTime
HeapAlloc
GetProcessHeap
FileTimeToSystemTime
InterlockedIncrement
GetDiskFreeSpaceExW
FreeLibrary
LoadLibraryW
GetFileTime
CreateFileW
CreateFileMappingW
GetFileSizeEx
LocaleNameToLCID
GetModuleFileNameW
GetUserDefaultUILanguage
GetProductInfo
GetVersionExW
UnmapViewOfFile
MapViewOfFile
SetEvent
WaitForSingleObject
QueueUserWorkItem
CreateEventW
GetModuleHandleA
SetUnhandledExceptionFilter
InterlockedCompareExchange
InterlockedExchange
GetModuleHandleW
GetProcAddress
GetConsoleOutputCP
FormatMessageW
LocalFree
CompareFileTime
GetCurrentThreadId
GetCurrentProcessId
GetTickCount
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
lstrcmpiW
GetWindowsDirectoryW
lstrlenW

msvcrt

_initterm
_amsg_exit
__setusermatherr
__p__commode
__p__fmode
__set_app_type
_except_handler4_common
?terminate@@YAXXZ
_controlfp
__wgetmainargs
exit
wcsrchr
strstr
_strnicmp
strtok
strtoul
atoi
memcpy
wcstoul
memset
mbstowcs
wcschr
wcsstr
wcstok
_XcptFilter
_exit
_cexit
swscanf
_wtof
_wcsnicmp
_wcsicmp
??2@YAPAXI@Z
_ftol2
??3@YAXPAX@Z
_wsetlocale
_snwprintf_s
printf
_getmbcp
_vsnwprintf

ntdll

RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitUnicodeString
RtlExpandEnvironmentStrings_U
RtlInitAnsiString

ole32

CoGetMalloc
CoUninitialize
CoInitializeEx
CoCreateInstance

oleaut32

SysAllocString
SysFreeString

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

powrprof

PowerDeterminePlatformRole

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4b2fcad000a6a13135e56d62db0a565e

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

ntdll

ole32

oleaut32

version

powrprof

Sections

.text Size: 28KB - Virtual size: 28KB

.data Size: 512B - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 19KB - Virtual size: 22KB

.text
Size: 28KB - Virtual size: 28KB

.data
Size: 512B - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 19KB - Virtual size: 22KB