d0f7f9a2661e0f5ad586011affb3deadc39e4f56e25fca19d90b372bb48c62ed

Sharing

Copy URL Twitter E-mail

General

Target

d0f7f9a2661e0f5ad586011affb3deadc39e4f56e25fca19d90b372bb48c62ed
Size

248KB
MD5

0b9d64d3864ef49171cef8e7dfd32150
SHA1

1594185d15e46f692889fead2a10e088e975d6e5
SHA256

d0f7f9a2661e0f5ad586011affb3deadc39e4f56e25fca19d90b372bb48c62ed
SHA512

b37f5540fbe498f98de4541fc66d00c72a22e7e4af1456bc8f69ee164dfd7423711a14e322b8716184bc2ded92087a2f8ea4d40f948c0122a77b8675b58d6bc8
SSDEEP

3072:/hanmNC/fCSNmFcBHxgoP/zS0G0nRh1ejw8lCUx3FMhqulJawOARtI0sPoUA50zH:/Qnm5FueK/u0G0ZbUx3sMARJvUWFC

Score

N/A

Malware Config

Signatures

Files

d0f7f9a2661e0f5ad586011affb3deadc39e4f56e25fca19d90b372bb48c62ed
.exe windows x86

47cf11c19e35fe3c7fafe22ef73af8b3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegEnumKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumKeyW
RegQueryInfoKeyW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegEnumValueW
ConvertStringSidToSidW
CreateWellKnownSid
EqualSid
GetAce
OpenThreadToken
ImpersonateSelf
AdjustTokenPrivileges
LookupPrivilegeValueW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
GetSecurityInfo
RevertToSelf
SetEntriesInAclW
QueryServiceStatusEx
StartServiceW
ControlService
CloseServiceHandle
OpenServiceW
OpenSCManagerW
ConvertSidToStringSidW
GetTokenInformation
OpenProcessToken
ChangeServiceConfigW

kernel32

lstrlenW
QueryFullProcessImageNameW
OpenProcess
MultiByteToWideChar
CloseHandle
LocalFree
SetEvent
CreateEventW
CreateDirectoryW
GetEnvironmentVariableW
OpenEventW
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
GetModuleHandleW
WideCharToMultiByte
WaitForMultipleObjects
LocalAlloc
GetCurrentThread
CreateFileW
FindClose
FindNextFileW
FindFirstFileW
GetFileAttributesW
lstrlenA
InterlockedDecrement
GetSystemTime
WriteFile
SetFilePointer
GetCurrentProcessId
GetCurrentThreadId
GetLocalTime
GetWindowsDirectoryW
GetTickCount64
CompareStringW
GetCurrentProcess
CreateProcessW
CopyFileW
GetModuleFileNameW
GetTempPathW
DelayLoadFailureHook
FreeLibrary
InterlockedCompareExchange
LoadLibraryExA
GetStartupInfoW
SetUnhandledExceptionFilter
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
InterlockedIncrement
GetProcAddress
LoadLibraryW
FlushFileBuffers
DeleteFileW
CompareFileTime
GetLastError
CreateThread
SetEndOfFile
MoveFileExW
OutputDebugStringW
CreateMutexW
OpenMutexW
ReleaseMutex
InterlockedExchange

msvcrt

wcsncat_s
wcscpy_s
wprintf_s
wcstol
_wcslwr_l
_controlfp
_except_handler4_common
_onexit
_lock
_unlock
?terminate@@YAXXZ
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
wcscat_s
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_callnewh
??0exception@@QAE@XZ
wcschr
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
__dllonexit
iswpunct
swscanf
wcsncmp
_wcsicmp
??0exception@@QAE@ABQBD@Z
memmove_s
_resetstkoflw
_purecall
_vsnwprintf
iswspace
memcpy
_wtoi
iswdigit
memset
__CxxFrameHandler3
wcsstr
_wcslwr_s_l
_CxxThrowException
free
_wcmdln
?what@exception@@UBEPBDXZ
wcsncpy_s
towlower
memcpy_s
malloc
_wcsdup

user32

LoadStringW
CharLowerBuffW

ole32

CoUninitialize
CoInitializeEx
CoCreateInstance
StringFromGUID2
CoTaskMemFree
CLSIDFromString
StringFromCLSID
CoSetProxyBlanket
CoTaskMemAlloc
CoCreateGuid
StringFromIID

slc

SLInstallProofOfPurchase
SLGetPKeyInformation
SLConsumeWindowsRight
SLClose
SLOpen

slcext

SLActivateProduct

oleaut32

SafeArrayGetVartype
SysStringLen
SysFreeString
VarBstrCat
SafeArrayCopy
VariantClear
VariantCopy
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayLock
SafeArrayUnlock
SysAllocStringLen
SysAllocString
SysAllocStringByteLen
SysStringByteLen
SafeArrayCreate
SafeArrayDestroy
VariantInit
VarBstrCmp
VariantChangeType
VariantCopyInd

wmdrmsdk

WMDRMCreateProvider

ws2_32

WSAStringToAddressW
inet_addr
GetNameInfoW

shlwapi

PathFindFileNameW
UrlGetPartW
PathCombineW

iphlpapi

GetAdaptersInfo

propsys

PSUnregisterPropertySchema
PSRegisterPropertySchema

Sections

.text
Size: 206KB - Virtual size: 206KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 38KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

gxztnal
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

47cf11c19e35fe3c7fafe22ef73af8b3

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

user32

ole32

slc

slcext

oleaut32

wmdrmsdk

ws2_32

shlwapi

iphlpapi

propsys

Sections

.text Size: 206KB - Virtual size: 206KB

.data Size: 512B - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 38KB - Virtual size: 39KB

gxztnal Size: - Virtual size: 4KB

.text
Size: 206KB - Virtual size: 206KB

.data
Size: 512B - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 38KB - Virtual size: 39KB

gxztnal
Size: - Virtual size: 4KB