2b97110f8a162f76c8af1c5eb51f074e7470b946e1e7e062cf341b74219aa70d

Sharing

Copy URL

Twitter E-mail

General

Target

2b97110f8a162f76c8af1c5eb51f074e7470b946e1e7e062cf341b74219aa70d
Size

438KB
MD5

0b78fd19ae932bb8b6eebe0671e6ebb0
SHA1

c23a5eb141295b8dd0da6d64dc281bb168ae3cf8
SHA256

2b97110f8a162f76c8af1c5eb51f074e7470b946e1e7e062cf341b74219aa70d
SHA512

757bc454ef8d027ce3f9319420aecceaf3f6078c505022ed7c0fc313b95e9c5fb2e548ab91715b8929d4cc45fd223ddb0e1c9820bb55beca4bec2f7cc6dd8169
SSDEEP

6144:m3jJYfwynmxpY2jGPqkWDZnsZenhO31dRXdtOADVOGx7HNdc5h8TQ81BXAwsgkw:IYo0mxpxfpOBjDOGJTc5h8Tb1Aw9kw

Score

N/A

Malware Config

Signatures

Files

2b97110f8a162f76c8af1c5eb51f074e7470b946e1e7e062cf341b74219aa70d
.exe windows x86

691ded370f435054cc378616b00e53b5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegDeleteKeyW
RegCloseKey
RegNotifyChangeKeyValue
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegisterTraceGuidsW
UnregisterTraceGuids
TraceEvent
OpenProcessToken
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
InitializeAcl
InitializeSecurityDescriptor
RegDeleteValueW
RegQueryInfoKeyW
RegEnumKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegLoadKeyW
RegUnLoadKeyW
GetLengthSid
IsValidSid
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
GetTokenInformation
AddAce
GetAce
GetAclInformation
AddAccessAllowedAce
StartServiceCtrlDispatcherW
SetSecurityDescriptorDacl
OpenThreadToken
LookupAccountNameW
SetServiceStatus
RegisterServiceCtrlHandlerExW
RegEnumValueW
ImpersonateLoggedOnUser
GetSecurityDescriptorLength
GetSidSubAuthority
RevertToSelf
InitializeSid
GetSidLengthRequired
AddAccessDeniedAce
LookupAccountSidW
CreateWellKnownSid
ConvertSidToStringSidW
SetTokenInformation
IsValidAcl
DeregisterEventSource
RegisterEventSourceW
ReportEventW
ConvertStringSecurityDescriptorToSecurityDescriptorA
CheckTokenMembership
CopySid

kernel32

FormatMessageW
UnmapViewOfFile
ReleaseMutex
OpenMutexW
LCMapStringW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetTimeFormatW
LocalFree
CreateFileW
lstrcmpW
CompareFileTime
RemoveDirectoryW
FindFirstFileW
FindNextFileW
GetDriveTypeW
FindClose
DuplicateHandle
GetCurrentThread
GetSystemDefaultLCID
VerSetConditionMask
VerifyVersionInfoW
UnhandledExceptionFilter
TerminateProcess
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
RtlUnwind
OutputDebugStringA
GetStartupInfoA
InterlockedCompareExchange
GetStringTypeExW
GetEnvironmentVariableW
lstrlenA
InterlockedExchange
HeapSize
HeapReAlloc
HeapAlloc
HeapDestroy
GetVersionExA
OutputDebugStringW
LoadLibraryW
CreateFileMappingW
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
SearchPathW
ExpandEnvironmentStringsW
GetFileAttributesW
DeleteFileW
HeapSetInformation
GetCurrentProcessId
SetPriorityClass
SetEnvironmentVariableW
CreateMutexW
CreateFileA
GetLocalTime
FlushViewOfFile
DeleteFileA
CopyFileA
GetSystemTimeAsFileTime
MapViewOfFile
Sleep
MultiByteToWideChar
lstrcmpiW
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetVersionExW
GetProcessHeap
HeapFree
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetCurrentProcess
GetModuleFileNameW
LoadLibraryExW
InterlockedDecrement
InterlockedIncrement
GetSystemDirectoryW
GetUserDefaultLCID
GetModuleHandleW
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
GetModuleHandleExW
GetProcAddress
GetLastError
WideCharToMultiByte
CompareStringW
FreeLibrary
CreateEventW
CreateThread
WaitForMultipleObjects
GetVolumeInformationW
SetEvent
WaitForSingleObject
CloseHandle
lstrlenW
GetCommandLineW

user32

UnregisterClassA
LoadStringW
PeekMessageW
DispatchMessageW
MsgWaitForMultipleObjects
CharNextW
GetKeyboardLayout

msvcrt

_lseeki64
_fileno
wcspbrk
__pioinfo
__badioinfo
ferror
_itoa
_snprintf
_iob
isleadbyte
__mb_cur_max
mbtowc
isdigit
_controlfp
memmove
realloc
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_amsg_exit
_write
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_wcslwr
_errno
__CxxFrameHandler
wcsstr
malloc
memcpy
wcsrchr
memset
_wcsnicmp
wcsncmp
_vsnwprintf
calloc
free
_vscwprintf
_wcsicmp
_CxxThrowException
qsort
bsearch
_isatty
strncmp
_vsnprintf
_initterm
fprintf
wcschr
iswspace
_wtol
swscanf

ole32

CoCreateInstance
CoUninitialize
CoInitialize
CoInitializeEx
CoTaskMemAlloc
CoTaskMemRealloc
CoRevokeClassObject
CoRegisterClassObject
CoImpersonateClient
CoRevertToSelf
CoInitializeSecurity
CoTaskMemFree

oleaut32

SysFreeString
SysStringLen
VarBstrCat
SysAllocStringLen
VariantInit
VariantClear
SysAllocString
SysAllocStringByteLen
SysStringByteLen
VarUI4FromStr
LoadRegTypeLi
LoadTypeLi

wtsapi32

WTSQueryUserToken
WTSFreeMemory
WTSEnumerateSessionsW

tquery

?ciNewNoThrow@@YGPAXI@Z
?ciNew@@YGPAXI@Z
?ciDelete@@YGXPAX@Z

shell32

ord165
SHGetFolderPathW
SHFileOperationW

userenv

GetUserProfileDirectoryW
GetProfilesDirectoryW
GetAllUsersProfileDirectoryW
GetDefaultUserProfileDirectoryW

mpr

WNetGetConnectionW

mssrch

??1CSearchServiceObj@@QAE@XZ
??0CSearchServiceObj@@QAE@XZ

netapi32

NetShareEnum
NetApiBufferFree

shlwapi

SHGetValueW
PathIsUNCServerShareW
PathSkipRootW
PathIsUNCW
PathStripToRootW
SHCopyKeyW
ord219
SHEnumKeyExW
SHEnumValueW
SHStrDupW
SHRegGetValueW
PathFileExistsW
ord154
SHDeleteKeyW
PathAppendW
SHDeleteValueW
PathIsUNCServerW
SHSetValueW
PathAddBackslashW
PathRemoveBackslashW

Sections

.text
Size: 301KB - Virtual size: 301KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

691ded370f435054cc378616b00e53b5

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

msvcrt

ole32

oleaut32

wtsapi32

tquery

shell32

userenv

mpr

mssrch

netapi32

shlwapi

Sections

.text Size: 301KB - Virtual size: 301KB

.data Size: 15KB - Virtual size: 15KB

.rsrc Size: 94KB - Virtual size: 93KB

.reloc Size: 26KB - Virtual size: 45KB

.text
Size: 301KB - Virtual size: 301KB

.data
Size: 15KB - Virtual size: 15KB

.rsrc
Size: 94KB - Virtual size: 93KB

.reloc
Size: 26KB - Virtual size: 45KB