0e01e9ac5c8c8bd4eb78157b73f6511861d58aabd8b0b9422cb55ed68b235736

Sharing

Copy URL Twitter E-mail

General

Target

0e01e9ac5c8c8bd4eb78157b73f6511861d58aabd8b0b9422cb55ed68b235736
Size

132KB
MD5

0b9cade3e4253fe16f42c21ae87d7bc0
SHA1

7974e2aefb6332d42abd8f30800a9b25f2644f17
SHA256

0e01e9ac5c8c8bd4eb78157b73f6511861d58aabd8b0b9422cb55ed68b235736
SHA512

e0fb4ec390eaae91e4eda519d55b55907d8e6e4a1c05c08ca57b747f5273c9885ceca35d3787b43a763067d6a686456210431cf8a7a31a00764609418c045029
SSDEEP

3072:rVTk71ISAt3kRc8Lcr1X1zfAG+BibS3jOFEsPYE:ZTk0CajAzBZzl0YE

Score

N/A

Malware Config

Signatures

Files

0e01e9ac5c8c8bd4eb78157b73f6511861d58aabd8b0b9422cb55ed68b235736
.dll windows x86

430622a1d5ef13048eb7cd09a6de38ee

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

ChangeServiceConfigA
RegEnumKeyExA
CloseServiceHandle
ChangeServiceConfig2A
RegDeleteKeyA
LookupAccountSidW
UnlockServiceDatabase
RegCreateKeyExA
RegQueryValueExA
GetSecurityDescriptorControl
RegDeleteValueA

version

VerQueryValueA

kernel32

RtlUnwind
GetStringTypeW
GetHandleInformation
IsValidLocale
LoadLibraryA
GetProcAddress
GetCurrentProcessId
Sleep
GetStringTypeA
CopyFileW
ExpandEnvironmentStringsA
DeleteCriticalSection
RaiseException
WriteFile
InterlockedIncrement
InterlockedCompareExchange
FormatMessageA
GlobalUnlock
LoadLibraryW
HeapReAlloc
IsBadWritePtr
GetLocalTime
GetTempPathW
SetEvent
SearchPathA
GetSystemInfo
GetModuleHandleW
SetStdHandle
GetCurrentThreadId
GetTempPathA
CompareStringA
LeaveCriticalSection
SetCurrentDirectoryA
CreateDirectoryW
GetCurrentDirectoryW
SetEnvironmentVariableA
LoadLibraryExW
HeapCreate
ReadFile
CreateFileMappingA
VirtualFree
CreateFileW
UnmapViewOfFile
HeapFree
LocalFree
SetCurrentDirectoryW
WriteConsoleA
VirtualQuery
ExitThread
GetConsoleCP
GetCurrentThread
LockResource
GetThreadTimes
LoadResource
GetModuleHandleA
VirtualAlloc
ExitProcess
GetSystemTime
HeapAlloc
GetCommandLineA
GetVersion
EnterCriticalSection
InitializeCriticalSection
HeapDestroy
FatalAppExitA
TerminateProcess
GetCurrentProcess
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
CloseHandle
CreateFileA
UnhandledExceptionFilter
GetCPInfo
GetACP
GetOEMCP
FlushFileBuffers
SetEndOfFile
SetFilePointer
MultiByteToWideChar
LCMapStringA
LCMapStringW

Exports

Exports

ATSH

Sections

.text
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

430622a1d5ef13048eb7cd09a6de38ee

Headers

File Characteristics

Imports

advapi32

version

kernel32

Exports

Exports

Sections

.text Size: 64KB - Virtual size: 60KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 52KB - Virtual size: 54KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 64KB - Virtual size: 60KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 52KB - Virtual size: 54KB

.reloc
Size: 8KB - Virtual size: 7KB