ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d

Sharing

Copy URL

Twitter E-mail

General

Target

ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d
Size

242KB
MD5

0c2b933c96075287e46272be1168d0c0
SHA1

f67149313c952cc96cb546f9a7d88cad4f485a99
SHA256

ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d
SHA512

41ffdcb204f1eb7fe59204917c5f39c54a247a7315c5ae8b41b1f4baf1880421bcab0ff4c0f5f47c2f810ec764214a2e6fc8ab4b9d307d1a6b68a4b374beb77b
SSDEEP

6144:1LAOpuAQaJAbw1uZcGNpDIVpWHHfG1nE00abhsy:FWAQb4uZc+pDIXACE9hy

Score

N/A

Malware Config

Signatures

Files

ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d
.exe windows x86

a7112ed49b5605358cbacfbee8351b61

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegDeleteKeyW
RegQueryInfoKeyW
RegEnumKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegOpenKeyW

kernel32

GetModuleHandleW
InitializeCriticalSection
GetCommandLineW
GetCurrentThreadId
DeleteCriticalSection
GetTempFileNameW
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetLastError
RaiseException
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
HeapReAlloc
RtlUnwind
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
TlsGetValue
TlsAlloc
GetWindowsDirectoryW
TlsFree
SetLastError
GetProcAddress
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
IsDebuggerPresent
Sleep
HeapSize
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
InterlockedExchange
LoadLibraryA
GetCPInfo
GetACP
GetOEMCP
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
GetThreadLocale
FreeLibrary
LoadLibraryW
WideCharToMultiByte
lstrlenW
MultiByteToWideChar
GetModuleFileNameW
GetSystemDirectoryW
GetShortPathNameW
GetTempPathW
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
TlsSetValue
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
MulDiv
GetVersionExW
SetFilePointer
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA

user32

SystemParametersInfoW
GetDC
UnregisterClassA
CharNextW

shlwapi

PathCanonicalizeW

ole32

CoCreateInstance
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoUninitialize
CoInitialize

oleaut32

VarUI4FromStr

gdi32

DeleteObject
CreateFontIndirectW
GetDeviceCaps

Sections

.text
Size: 146KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 6KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a7112ed49b5605358cbacfbee8351b61

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

shlwapi

ole32

oleaut32

gdi32

Sections

.text Size: 146KB - Virtual size: 145KB

.data Size: 6KB - Virtual size: 25KB

.rsrc Size: 2KB - Virtual size: 2KB

.idata Size: 80KB - Virtual size: 80KB

.text
Size: 146KB - Virtual size: 145KB

.data
Size: 6KB - Virtual size: 25KB

.rsrc
Size: 2KB - Virtual size: 2KB

.idata
Size: 80KB - Virtual size: 80KB