69315798b16fb99feb6d56598b39eb9343a7420436b588b304a7469eb66fb012

Sharing

Copy URL Twitter E-mail

General

Target

69315798b16fb99feb6d56598b39eb9343a7420436b588b304a7469eb66fb012
Size

40KB
MD5

0cbbaf0e10ad80f4dc34b14ad3027fa0
SHA1

bbf0d97d39070169ae8bd7487b4930670735491f
SHA256

69315798b16fb99feb6d56598b39eb9343a7420436b588b304a7469eb66fb012
SHA512

f15fbde73cf261a8f024da530ead1c2346225a3bb040d2e4c586cdc3b89e3413cbaff1c3ad673464462d798866b0286c304ee359ec040cdfab9cdddfb982e3e0
SSDEEP

768:oMyaD/Z9wuQDVq9yoCh8iZxqHogZ9eFq8YOKTBKIzgnL1FAAcT/6RAX:oo1QD89BLiPCV0c8YxTBtUL3dcTp

Score

N/A

Malware Config

Signatures

Files

69315798b16fb99feb6d56598b39eb9343a7420436b588b304a7469eb66fb012
.exe windows x86

d8a73106fe3b40ff2a6b6f7538f72355

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CredUnprotectW
CredIsProtectedW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
CheckTokenMembership

kernel32

HeapAlloc
GetProcessHeap
HeapFree
LocalFree
GetLastError
LocalAlloc
FreeLibrary
GetProcAddress
LoadLibraryW
ExpandEnvironmentStringsW
SetEvent
CloseHandle
WaitForSingleObject
CreateEventW
HeapSetInformation
DelayLoadFailureHook
InterlockedCompareExchange
LoadLibraryExA
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
GetStartupInfoA
Sleep
InterlockedExchange
UnhandledExceptionFilter

msvcrt

_controlfp
__p__commode
?terminate@@YAXXZ
_except_handler4_common
__set_app_type
__setusermatherr
_vsnwprintf
memcpy
_amsg_exit
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
memset
__p__fmode

rpcrt4

UuidFromStringW
NdrServerCall2
RpcServerUseProtseqW
RpcServerRegisterIfEx
RpcServerInqBindings
RpcEpRegisterW
RpcServerListen
RpcEpUnregister
RpcBindingVectorFree
RpcServerUnregisterIf
RpcBindingInqAuthClientW
RpcRevertToSelf
RpcImpersonateClient
I_RpcBindingIsClientLocal

ntdll

RtlNtStatusToDosError

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 916B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

vfjqcah
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d8a73106fe3b40ff2a6b6f7538f72355

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

rpcrt4

ntdll

Sections

.text Size: 9KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 916B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 27KB - Virtual size: 29KB

vfjqcah Size: - Virtual size: 4KB

.text
Size: 9KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 916B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 27KB - Virtual size: 29KB

vfjqcah
Size: - Virtual size: 4KB