db2aeaa856eaa268c1c6835e13b41da79d73804159023e5d19982cc493469c6d

Sharing

Copy URL Twitter E-mail

General

Target

db2aeaa856eaa268c1c6835e13b41da79d73804159023e5d19982cc493469c6d
Size

831KB
MD5

351524d0762ff7571b3e3b6a0218b38b
SHA1

54e430e3db2627377e1a9d607d92a24cc344403e
SHA256

db2aeaa856eaa268c1c6835e13b41da79d73804159023e5d19982cc493469c6d
SHA512

ead52fcc0748927024a14e5ee42fd52decfd44be561c559d1b5332dd9af304b00101becf5e2f6bff8dd77026323cd746cd34a03d1478eaab67375b6da39cdac2
SSDEEP

12288:rR5HtlXb2YWALV3TyB8tAK1Bo2FCW9h2E7Nf83LK/2HenimuLMhiREqPx1TQzH23:rLHtB2UVD48XHHhy3p+nimuLeO1TQS3

Score

N/A

Malware Config

Signatures

Files

db2aeaa856eaa268c1c6835e13b41da79d73804159023e5d19982cc493469c6d
.exe windows x86

561a56dd2f7321825ae251da87942108

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetThreadPriority
GetDiskFreeSpaceA
GetDiskFreeSpaceExW
GetCPInfoExA
SearchPathA
FindResourceExA
ReplaceFileA
GetDriveTypeW
Toolhelp32ReadProcessMemory
GetNamedPipeHandleStateW
IsDBCSLeadByte
OpenSemaphoreA
OpenJobObjectW
GetTempPathA
GetFullPathNameA
GetEnvironmentVariableA
GetUserDefaultLangID
FormatMessageA
FindResourceW
GetBinaryTypeW
GetPrivateProfileStructA
GetFileType
SetFilePointerEx
GetComputerNameW
OutputDebugStringW
GetNamedPipeHandleStateA
OpenMutexA
GetNumberFormatA
CreateEventW
GetEnvironmentStrings
DeleteTimerQueueTimer
GetCompressedFileSizeA
GetDiskFreeSpaceExA
WideCharToMultiByte
GetProcessVersion
OpenProcess
FindNextChangeNotification
CreateDirectoryExW
DefineDosDeviceA
OpenThread
SetLocaleInfoA
FindVolumeMountPointClose
GetLocaleInfoA
GetVolumeNameForVolumeMountPointA
GetThreadLocale
VerSetConditionMask
GetProcessIoCounters
DefineDosDeviceW
GetProfileStringW
GetOverlappedResult
CreateMailslotA
GetShortPathNameW
GetConsoleAliasA
GetVersion
GetConsoleCursorInfo
SetConsoleCtrlHandler
GetCalendarInfoW
GetDateFormatW
SetSystemTimeAdjustment
LCMapStringW
GetStringTypeW
SetHandleInformation
OpenMutexW
OpenEventA
GetNamedPipeInfo
SetConsoleDisplayMode
GetFileSizeEx
GetConsoleAliasesA
GetPrivateProfileSectionNamesA
GetThreadTimes
OpenWaitableTimerA
FoldStringW
MapViewOfFile
GetCurrentDirectoryA
GetConsoleCP
CreateWaitableTimerA
SetFileTime
SetPriorityClass
DeleteTimerQueueEx
CreateJobObjectW
MapViewOfFileEx
PrepareTape
ProcessIdToSessionId
SetComputerNameExA
AreFileApisANSI
GetStringTypeA
SetThreadLocale
GetStdHandle
GetAtomNameW
GetTapeStatus
GetLocaleInfoW
CopyFileExA
FindFirstVolumeA
GetSystemDefaultLangID
SetThreadPriorityBoost
CreateIoCompletionPort
DeviceIoControl
GetACP
FlushConsoleInputBuffer
GetCurrencyFormatA
DisconnectNamedPipe
CreateFileMappingA
FreeEnvironmentStringsW
SetTapeParameters
SetCurrentDirectoryW
CancelIo
CreateEventA
GetConsoleAliasExesA
GetConsoleAliasesW
GetTimeFormatW
OpenFileMappingA
GetOEMCP
CreateJobObjectA
GetStartupInfoW
SetNamedPipeHandleState
SetEndOfFile
GetDiskFreeSpaceW
IsSystemResumeAutomatic
GetPrivateProfileStringA
FreeUserPhysicalPages
LCMapStringA
lstrcpyW
GetFileAttributesW
FlushInstructionCache
SetThreadContext
GetTempPathW
IsValidCodePage
SetComputerNameExW
CreateNamedPipeW
GetUserDefaultUILanguage
GetBinaryTypeA
GetConsoleWindow
SetConsoleActiveScreenBuffer
SetFileAttributesA
GetStringTypeExA
SetThreadIdealProcessor
GetVolumeInformationW
GetPrivateProfileSectionA
CopyFileW
GetSystemDirectoryA
OpenJobObjectA
GetTimeFormatA
ConvertThreadToFiber
AddAtomW
SetFileAttributesW
CreateHardLinkA
SetProcessAffinityMask
SetCalendarInfoW
DeleteTimerQueue
CreateMailslotW
CreateTimerQueue
SetStdHandle
FlushViewOfFile
SetErrorMode
VirtualAlloc
VerifyVersionInfoW
SetConsoleTextAttribute
GetSystemDefaultLCID
GetPrivateProfileSectionW
FindResourceA
GetProcessTimes
FlushFileBuffers
CopyFileExW
GetModuleFileNameW
GetNumberFormatW
GetSystemDefaultUILanguage
GetShortPathNameA
FindAtomA
CreateToolhelp32Snapshot
GetProfileSectionW
MapUserPhysicalPages
GetFileAttributesExW
MapUserPhysicalPagesScatter
ReadFile
GetDevicePowerState
OpenFileMappingW
GetFileAttributesA
SetConsoleCP
OpenSemaphoreW
ReadProcessMemory
AssignProcessToJobObject
FreeConsole
GetCalendarInfoA
GetVolumePathNameW
DnsHostnameToComputerNameW
CreateFileMappingW
SetUnhandledExceptionFilter
GetAtomNameA
SetVolumeMountPointA
GetProfileStringA
FormatMessageW
LoadResource
MultiByteToWideChar
HeapReAlloc
GetLogicalDriveStringsW
GetConsoleAliasW
GetSystemWindowsDirectoryA
SetCurrentDirectoryA
GetConsoleAliasExesW
GlobalAddAtomW
GetEnvironmentVariableW
FindAtomW
FindFirstFileA
GetPrivateProfileSectionNamesW
GetLogicalDrives
SetProcessWorkingSetSize
OpenWaitableTimerW
GetModuleHandleW
ExpandEnvironmentStringsA
GetNumberOfConsoleInputEvents
GetConsoleOutputCP
GetStringTypeExW
GetHandleInformation
GetMailslotInfo
TlsGetValue
lstrcatA
GetFullPathNameW
GetLogicalDriveStringsA
GetFileInformationByHandle
GetConsoleMode
ExpandEnvironmentStringsW
GetProcessWorkingSetSize
SearchPathW
HeapAlloc
HeapSize
RtlUnwind
GetCPInfo
Sleep
HeapFree
GetCurrentProcess
TerminateProcess
IsDebuggerPresent
UnhandledExceptionFilter
LoadLibraryW
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCommandLineA
HeapSetInformation
GetProcAddress
ExitProcess
DecodePointer
WriteFile
GetModuleFileNameA
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
EncodePointer
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
GetLastError
InterlockedDecrement
HeapCreate
QueryPerformanceCounter
GetTickCount
IsProcessorFeaturePresent

user32

GetMenuItemID

advapi32

CloseServiceHandle
CryptAcquireContextW
FreeSid
GetSecurityDescriptorControl
CreateProcessAsUserW
AddAccessAllowedAce
LookupAccountNameW
LsaQueryInformationPolicy
CreateWellKnownSid
AdjustTokenPrivileges
RegEnumValueW
DuplicateTokenEx
SetServiceStatus
RegOpenKeyA
RegOpenKeyExW
RegEnumKeyW
SetNamedSecurityInfoW
RegDeleteKeyW
ImpersonateLoggedOnUser
RegDeleteValueA
QueryServiceStatus
AddAce
GetSecurityDescriptorDacl
IsValidSid
RegConnectRegistryW
OpenSCManagerW
OpenProcessToken
GetSidSubAuthorityCount

oleaut32

GetActiveObject
SafeArrayGetLBound
SafeArrayCreate
SafeArrayGetUBound
SafeArrayPtrOfIndex
GetErrorInfo
VariantClear
SysAllocStringByteLen
VariantInit
VariantChangeType
SysAllocStringLen
VariantCopyInd
VariantCopy
SysStringLen
VariantChangeTypeEx
SysReAllocStringLen
SysFreeString

Sections

.text
Size: 139KB - Virtual size: 138KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 276KB - Virtual size: 276KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 384KB - Virtual size: 823KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

561a56dd2f7321825ae251da87942108

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

Sections

.text Size: 139KB - Virtual size: 138KB

.rdata Size: 276KB - Virtual size: 276KB

.data Size: 384KB - Virtual size: 823KB

.rsrc Size: 30KB - Virtual size: 30KB

.text
Size: 139KB - Virtual size: 138KB

.rdata
Size: 276KB - Virtual size: 276KB

.data
Size: 384KB - Virtual size: 823KB

.rsrc
Size: 30KB - Virtual size: 30KB