008d0562c17cd7b3ad977f314d356004724aa88903bf2f715655e6b30c43a692

Sharing

Copy URL Twitter E-mail

General

Target

008d0562c17cd7b3ad977f314d356004724aa88903bf2f715655e6b30c43a692
Size

238KB
MD5

08643487bb656d494cb8486b751e58f0
SHA1

61757b005283f849fe3ed24e15f33b623462920b
SHA256

008d0562c17cd7b3ad977f314d356004724aa88903bf2f715655e6b30c43a692
SHA512

2fc53e4414deb5760ccb4ee2d46dd96b3231e26437e81bf23de4a86d5654d52a7d4435aea8255aa52be49b197c6c1ed332e51656d4476fdcd0837abd9622f2e9
SSDEEP

6144:HN5HzvQ5qCPyEDTGusI+SKyBoUUre36mf:H/HzCBlH+s8gl

Score

N/A

Malware Config

Signatures

Files

008d0562c17cd7b3ad977f314d356004724aa88903bf2f715655e6b30c43a692
.exe windows x86

57d56a4f603ec1fd4de684118229fe5f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

InitializeAcl
RegCreateKeyExA
RegCloseKey
GetLengthSid
RegCreateKeyExW
RegSetValueExW
AllocateAndInitializeSid
RegOpenKeyExW
GetTokenInformation
AddAccessAllowedAce
RegSetValueExA
FreeSid
RegQueryInfoKeyW
RegCloseKey
RegDeleteValueW
GetLengthSid
OpenThreadToken
RegOpenKeyExW
OpenProcessToken
RegOpenKeyExW
CloseServiceHandle
RegSetValueExA
RegCreateKeyExA
InitializeAcl
InitializeAcl
FreeSid
RegQueryInfoKeyW
AllocateAndInitializeSid
GetLengthSid
RegEnumKeyExW
RegOpenKeyW
RegCloseKey
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyW
RegCloseKey
OpenThreadToken
RegEnumKeyExW
GetTokenInformation
AddAccessAllowedAce
GetLengthSid
RegDeleteValueW
RegDeleteKeyW
GetTokenInformation
AddAccessAllowedAce
SetSecurityDescriptorDacl
GetTokenInformation
RegCloseKey
RegOpenKeyW
RegSetValueExA
InitializeAcl
RegCreateKeyExW
RegOpenKeyW
OpenThreadToken
OpenThreadToken
OpenProcessToken
AllocateAndInitializeSid
RegDeleteKeyW
RegSetValueExA
AddAccessAllowedAce
AllocateAndInitializeSid
RegOpenKeyExW
RegCreateKeyExW
GetTokenInformation
CloseServiceHandle
RegSetValueExA
RegEnumKeyExW
RegQueryValueExW
RegDeleteKeyW
AddAccessAllowedAce
RegCreateKeyExA
SetSecurityDescriptorDacl
FreeSid
RegCreateKeyExW
GetTokenInformation
OpenThreadToken
RegEnumKeyExW
InitializeSecurityDescriptor
RegSetValueExA
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteKeyW
RegSetValueExA
RegDeleteValueW
RegDeleteValueW
RegCloseKey
OpenThreadToken
RegSetValueExW
RegDeleteValueW
AddAccessAllowedAce
InitializeAcl
InitializeSecurityDescriptor
RegQueryInfoKeyW
RegQueryValueExW
RegCreateKeyExA
RegCreateKeyExA
RegDeleteValueW
AllocateAndInitializeSid
OpenThreadToken
CloseServiceHandle
AllocateAndInitializeSid
RegOpenKeyW
RegQueryValueExW
SetSecurityDescriptorDacl
RegCloseKey
RegQueryValueExA
RegSetValueExW
RegQueryValueExA
RegDeleteKeyW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetTokenInformation
AllocateAndInitializeSid
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
AllocateAndInitializeSid
OpenProcessToken
RegQueryValueExW
AddAccessAllowedAce
RegOpenKeyExA
GetTokenInformation
AllocateAndInitializeSid
RegCreateKeyExW
RegEnumKeyExW
CloseServiceHandle
RegCreateKeyExA
RegQueryValueExW
RegEnumKeyExW
RegDeleteKeyW
RegCloseKey
GetTokenInformation
AllocateAndInitializeSid
OpenProcessToken
RegSetValueExW
RegQueryValueExW
GetTokenInformation
CloseServiceHandle
AllocateAndInitializeSid
OpenProcessToken
AddAccessAllowedAce
RegQueryValueExA
RegCloseKey
AddAccessAllowedAce
OpenThreadToken
FreeSid
RegCreateKeyExW
GetTokenInformation
RegCreateKeyExA
RegEnumKeyExW
RegCreateKeyExW
SetSecurityDescriptorDacl
RegDeleteValueW
RegOpenKeyW
AllocateAndInitializeSid
RegSetValueExW
InitializeSecurityDescriptor
OpenThreadToken

kernel32

CreatePipe
QueryPerformanceCounter
FileTimeToLocalFileTime
QueryPerformanceCounter
SetCurrentDirectoryW
QueryPerformanceCounter
QueryPerformanceCounter
Module32First
GetTimeZoneInformation
_hwrite
ReadFileScatter
QueryPerformanceCounter
GetWindowsDirectoryW
GetFileAttributesExW
QueryPerformanceCounter
QueryPerformanceCounter
QueryPerformanceCounter
QueryPerformanceCounter
QueryPerformanceCounter
ResetEvent
MoveFileA
QueryPerformanceCounter
QueryPerformanceCounter
QueryPerformanceCounter
QueryPerformanceCounter
QueryPerformanceCounter
QueryPerformanceCounter
CreateMailslotA
CreateSemaphoreA
QueryPerformanceCounter
QueryPerformanceCounter
QueryPerformanceCounter
QueryPerformanceCounter
QueryPerformanceCounter
GetShortPathNameA
EnumSystemCodePagesA
QueryPerformanceCounter
ReadConsoleOutputAttribute
QueryPerformanceCounter
InterlockedExchange
_hread
QueryPerformanceCounter
QueryPerformanceCounter
QueryPerformanceCounter
ReadFile
BeginUpdateResourceA
QueryPerformanceCounter
QueryPerformanceCounter
SetUnhandledExceptionFilter
QueryPerformanceCounter
DebugBreak
Module32First
QueryPerformanceCounter
IsProcessorFeaturePresent
GetTempPathA
AllocConsole
QueryPerformanceCounter

Sections

.rwmm
Size: 211KB - Virtual size: 240KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ybly
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.stgl
Size: 9KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wsld
Size: 12KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

57d56a4f603ec1fd4de684118229fe5f

Headers

File Characteristics

Imports

advapi32

kernel32

Sections

.rwmm Size: 211KB - Virtual size: 240KB

.ybly Size: 4KB - Virtual size: 8KB

.stgl Size: 9KB - Virtual size: 64KB

.wsld Size: 12KB - Virtual size: 64KB

.rwmm
Size: 211KB - Virtual size: 240KB

.ybly
Size: 4KB - Virtual size: 8KB

.stgl
Size: 9KB - Virtual size: 64KB

.wsld
Size: 12KB - Virtual size: 64KB