2d41b04feb0954479fe5f3f31556df275f00d53685c5b7530d94e4672e17d904

Sharing

Copy URL Twitter E-mail

General

Target

2d41b04feb0954479fe5f3f31556df275f00d53685c5b7530d94e4672e17d904
Size

195KB
MD5

0b35ba22fb0c8e799004e2f16d0b8820
SHA1

80868444627b4f448c068fae0106b39dea7cf5ba
SHA256

2d41b04feb0954479fe5f3f31556df275f00d53685c5b7530d94e4672e17d904
SHA512

0989c338697169b331114cd091120de444d9fce123e5e405f3b2301d511225ae1cf7c7c93628ffbf280cd4c5041448cf73330e17838b057aa5bba4d7dacd6b00
SSDEEP

6144:uQct2qr6cs/iY6cPfDOjEFegEv+2VObG:1U6cs/D6cPfDO8eg+na

Score

N/A

Malware Config

Signatures

Files

2d41b04feb0954479fe5f3f31556df275f00d53685c5b7530d94e4672e17d904
.exe windows x86

f606b04f9ecbd4e97bb5a9bda445176b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

TraceMessage
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
EventRegister
RegDeleteValueW
EventWrite
RegLoadKeyW
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegUnLoadKeyW
EventUnregister

kernel32

GlobalMemoryStatusEx
CreateDirectoryW
GetSystemWindowsDirectoryW
GetSystemTime
GetModuleHandleW
HeapSetInformation
InterlockedExchange
Sleep
InterlockedCompareExchange
SetUnhandledExceptionFilter
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetLastError
SetLastError
CloseHandle
CreateFileW
ReadFile
GetFileSize
DeleteFileW
WriteConsoleW
GetFileType
GetStdHandle
WriteFile
GetVolumePathNameW
GetWindowsDirectoryW
GetTempPathW

msvcrt

__set_app_type
_wcsicmp
_purecall
memcpy
memset
??2@YAPAXI@Z
??3@YAXPAX@Z
wcstoul
wcschr
__wgetmainargs
_cexit
_wcsnicmp
?terminate@@YAXXZ
_except_handler4_common
_controlfp
_unlock
_exit
_XcptFilter
exit
_initterm
wcstol
_vsnwprintf
_amsg_exit
__setusermatherr
__p__commode
__p__fmode
__dllonexit
_lock
_onexit

reagent

WinRePostRecovery

user32

LoadStringW

ntdll

RtlReAllocateHeap
WinSqmSetDWORD
WinSqmAddToStream
RtlAllocateHeap
RtlFreeHeap

oleaut32

VariantChangeType
SysFreeString
VariantInit
SysAllocString

ole32

CoInitializeEx
CoUninitialize
CoCreateInstance
CoInitializeSecurity

wer

WerReportSubmit
WerReportAddFile
WerReportSetUIOption
WerReportSetParameter
WerReportCreate
WerReportCloseHandle

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Sections

.text
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 15KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f606b04f9ecbd4e97bb5a9bda445176b

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

reagent

user32

ntdll

oleaut32

ole32

wer

version

Sections

.text Size: 73KB - Virtual size: 73KB

.data Size: 15KB - Virtual size: 18KB

.rsrc Size: 70KB - Virtual size: 69KB

.reloc Size: 36KB - Virtual size: 39KB

.text
Size: 73KB - Virtual size: 73KB

.data
Size: 15KB - Virtual size: 18KB

.rsrc
Size: 70KB - Virtual size: 69KB

.reloc
Size: 36KB - Virtual size: 39KB