e3d7b09c2b31c9ea2add744d689398d14bfb011f7790c19721d082be53218548

General

Target

e3d7b09c2b31c9ea2add744d689398d14bfb011f7790c19721d082be53218548
Size

24KB
MD5

e61133fb5f84d19051730b377be0ef0d
SHA1

576599ded0b65f76466cc1412fc25325c57cf001
SHA256

e3d7b09c2b31c9ea2add744d689398d14bfb011f7790c19721d082be53218548
SHA512

349a0574f8205a4d11ea51c6d5b6ee25882603f035cb0e107b74445e4f71ff1f2dbb248e8493ebc5188aed75f2e1b9b3f3336fb6cccca6e3d41d2d0549e5adbb
SSDEEP

384:Gl07N8SPEcNbyu5aAXTp8gyJAKo1bSVyklPX3xT/4uwTPfR7ecJMhxo:80hTPZNbyuPDpO5mbkdHO

Score

N/A

Malware Config

Signatures

Files

e3d7b09c2b31c9ea2add744d689398d14bfb011f7790c19721d082be53218548
.exe windows x86

caa7c79d1a3fae7c71b2071fe45e5f9d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExA
GetModuleHandleA
GetSystemInfo
CloseHandle
GetLastError
GetCurrentProcess
GetModuleFileNameA
GetConsoleWindow
WTSGetActiveConsoleSessionId
CreateToolhelp32Snapshot
Process32First
ProcessIdToSessionId
Process32Next
LoadLibraryA
GetProcAddress
OpenProcess
Sleep

advapi32

LsaClose
LsaAddAccountRights
LookupAccountNameA
RegOpenKeyA
CloseServiceHandle
StartServiceA
SetServiceStatus
OpenServiceA
ControlService
OpenSCManagerA
CreateServiceA
ChangeServiceConfig2A
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerExA
RegOpenKeyExA
RegSetValueExA
RegCloseKey
CreateProcessAsUserA
AdjustTokenPrivileges
SetTokenInformation
DuplicateTokenEx
LookupPrivilegeValueA
OpenProcessToken
LsaOpenPolicy

user32

GetSystemMetrics
ShowWindow

msvcrt

_initterm
_controlfp
memset
_stricmp
__CxxFrameHandler
strcat
strlen
strcpy
??3@YAXPAX@Z
memcpy
sprintf
printf
_snprintf
wcslen
_exit
_XcptFilter
exit
__p___initenv
__getmainargs
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock
RefreshPolicyEx

wtsapi32

WTSQueryUserToken
WTSEnumerateSessionsA
WTSEnumerateProcessesA
WTSFreeMemory
WTSQuerySessionInformationA

Sections

.text
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

caa7c79d1a3fae7c71b2071fe45e5f9d

Headers

File Characteristics

Imports

kernel32

advapi32

user32

msvcrt

userenv

wtsapi32

Sections

.text Size: 12KB - Virtual size: 9KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 4KB

.text
Size: 12KB - Virtual size: 9KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 4KB