5cb7103df307f3c2bcbcba3667aa5f3ef6f5339a2bc18c067cab390b2982618a

Sharing

Copy URL Twitter E-mail

General

Target

5cb7103df307f3c2bcbcba3667aa5f3ef6f5339a2bc18c067cab390b2982618a
Size

85KB
MD5

08a8f80a31be8956de485a178286bf50
SHA1

7045e43db2627903d8fd4352178ad56f87cbd038
SHA256

5cb7103df307f3c2bcbcba3667aa5f3ef6f5339a2bc18c067cab390b2982618a
SHA512

165dbd59e8c6ae05e114552d8a064481afbf92d469fb3dcbb9b19af346a4cb0844c3f3c8d083d5b57a4c0463793a57e42792064b23b39455a3b5795147c52809
SSDEEP

1536:S5/fnepBloTnr415Mb9mpH2J0clFMSQ8ornzSuW3dvZniX:q/GpB+TnrsjWJnSSQ8mzSuW3e

Score

N/A

Malware Config

Signatures

Files

5cb7103df307f3c2bcbcba3667aa5f3ef6f5339a2bc18c067cab390b2982618a
.exe windows x86

43a3db7b471d59c81fc8d543738fca74

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

CM_Get_DevNode_Registry_PropertyA
CM_Get_DevNode_Status
CM_Request_Device_EjectW
CM_Query_And_Remove_SubTreeW
SetupDiDestroyDeviceInfoList
CM_Get_Device_IDA
CM_Get_Parent
SetupDiGetDeviceRegistryPropertyA
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsA

shlwapi

StrStrA
PathFindFileNameA
PathFindExtensionA
StrStrIA
StrToIntA
StrTrimA
StrChrA

kernel32

FindClose
FindNextFileA
GetVersionExA
FindFirstFileA
lstrcmpiA
GetTickCount
FormatMessageA
GetLastError
LocalFree
SetFileAttributesA
GetFileAttributesA
FindFirstVolumeA
CreateThread
WaitForSingleObject
TerminateThread
GetExitCodeThread
CloseHandle
lstrcpyA
lstrcatA
lstrlenA
GetModuleFileNameA
SetConsoleCtrlHandler
GetStdHandle
SetConsoleMode
GetConsoleScreenBufferInfo
GetConsoleWindow
GetCurrentProcessId
Sleep
FlushConsoleInputBuffer
ReadConsoleInputA
SetConsoleTextAttribute
GetCommandLineA
GetProcessHeap
ExitProcess
HeapAlloc
HeapFree
WriteFile
lstrcpynA
CreateFileA
DeviceIoControl
GetVolumeInformationA
LoadLibraryA
GetProcAddress
GetDriveTypeA
GetVolumeNameForVolumeMountPointA
QueryDosDeviceA
FindFirstVolumeMountPointA
FindNextVolumeMountPointA
FindVolumeMountPointClose
FindNextVolumeA
FindVolumeClose
lstrcmpA
GetVolumePathNameA
SetErrorMode
GetCurrentDirectoryA
GetTempPathA
CopyFileA
FlushFileBuffers
GetCurrentProcess
TerminateProcess
WideCharToMultiByte
lstrlenW
OpenProcess
DuplicateHandle
CreateToolhelp32Snapshot
Process32First
Process32Next
CreateProcessA

user32

IsWindowVisible
GetWindow
GetDesktopWindow
CharLowerA
wsprintfA
wvsprintfA
GetWindowThreadProcessId
CharUpperA

advapi32

OpenSCManagerA
CloseServiceHandle
QueryServiceStatus
StartServiceA
ControlService
OpenServiceA

shell32

ord680
ShellExecuteA

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rmnet
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

43a3db7b471d59c81fc8d543738fca74

Headers

DLL Characteristics

File Characteristics

Imports

setupapi

shlwapi

kernel32

user32

advapi32

shell32

Sections

.text Size: 17KB - Virtual size: 17KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 8KB

.rsrc Size: 3KB - Virtual size: 3KB

.rmnet Size: 56KB - Virtual size: 60KB

.text
Size: 17KB - Virtual size: 17KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 8KB

.rsrc
Size: 3KB - Virtual size: 3KB

.rmnet
Size: 56KB - Virtual size: 60KB