6296e4a5003427580f5dd329e1c9757af570d044f2cccfd0c942ad53fac938bd

Sharing

Copy URL Twitter E-mail

General

Target

6296e4a5003427580f5dd329e1c9757af570d044f2cccfd0c942ad53fac938bd
Size

609KB
MD5

0df39ad019e019d64ea109a23c4fd600
SHA1

6f8f996ab37bf9f9ea0b46d16981fb3bd56610d9
SHA256

6296e4a5003427580f5dd329e1c9757af570d044f2cccfd0c942ad53fac938bd
SHA512

9e29742e861ec9f15dfe4390c1174538ec1b87dbbff97ee9e0f9ff36fea6598f6262e9b28e51aaeb0076832b06174515c75f2c970eacc4b269d5cf1eca81e819
SSDEEP

12288:6fR1/HP0fjZNSMyRjuiHwBJFdeeuju6tdRXDrIvd6iBSVMVM0dd5nr:Ev0rZNSMyRjutwAl6CSVMHdvr

Score

N/A

Malware Config

Signatures

Files

6296e4a5003427580f5dd329e1c9757af570d044f2cccfd0c942ad53fac938bd
.exe windows x64

3d9b2ac435c432eb99364c717a009fe1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

TraceMessage
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
EventRegister
EventUnregister
RegGetValueW
RegDeleteKeyValueW
RegSetKeyValueW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegEnumValueW
EventWrite

kernel32

ReleaseSRWLockShared
GetComputerNameExW
CreateThreadpoolTimer
CloseHandle
ResetEvent
WaitForThreadpoolWorkCallbacks
CloseThreadpoolWork
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
AcquireSRWLockShared
CreateFileW
GetFileSizeEx
SetFilePointerEx
WriteFile
ReadFile
GetCurrentProcess
DuplicateHandle
SetUnhandledExceptionFilter
GetStartupInfoW
Sleep
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetTickCount
GlobalFree
GlobalAlloc
SubmitThreadpoolWork
InitializeSRWLock
WaitForSingleObject
GetLastError
CreateEventW
GetModuleHandleW
SetEvent
CreateThreadpoolWork
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
MultiByteToWideChar
GetSystemFirmwareTable

user32

DisplayConfigGetDeviceInfo
GetDisplayConfigBufferSizes
QueryDisplayConfig

msvcrt

memcpy
?terminate@@YAXXZ
memcmp
??1type_info@@UEAA@XZ
_acmdln
exit
_cexit
_ismbblead
_exit
_XcptFilter
__C_specific_handler
__getmainargs
_callnewh
wcschr
_vsnwprintf
_purecall
__set_app_type
_fmode
malloc
_wcsnicmp
wcsstr
_wcsicmp
qsort
free
_commode
__setusermatherr
_initterm
_amsg_exit
__RTDynamicCast
memset

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

ole32

StringFromGUID2
PropVariantClear
CoTaskMemAlloc
CoCreateInstance
CreateStreamOnHGlobal
CoTaskMemFree
CoRevokeClassObject
CoRegisterClassObject
CoInitializeEx
CoReleaseServerProcess
CoAddRefServerProcess
StringFromIID
IIDFromString
CLSIDFromString
CoUninitialize

devobj

DevObjOpenDeviceInfo
DevObjGetDeviceProperty
DevObjDestroyDeviceInfoList
DevObjCreateDeviceInfoList

propsys

PSPropertyKeyFromString

dmrc

DMrcInit
DMrcQueryClose
DMrcQueryModelId
DMrcQueryHardwareId
DMrcGetProperties
DMrcExit

xmllite

CreateXmlReader

bcrypt

BCryptOpenAlgorithmProvider
BCryptDestroyHash
BCryptHashData
BCryptFinishHash
BCryptCloseAlgorithmProvider
BCryptCreateHash
BCryptGetProperty

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vmp0
Size: 500KB - Virtual size: 1.8MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3d9b2ac435c432eb99364c717a009fe1

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

msvcrt

ntdll

ole32

devobj

propsys

dmrc

xmllite

bcrypt

Sections

.text Size: 100KB - Virtual size: 99KB

.data Size: 2KB - Virtual size: 3KB

.pdata Size: 3KB - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 664B

.vmp0 Size: 500KB - Virtual size: 1.8MB

.text
Size: 100KB - Virtual size: 99KB

.data
Size: 2KB - Virtual size: 3KB

.pdata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 664B

.vmp0
Size: 500KB - Virtual size: 1.8MB