42cf2035130684807b41a04f698b3100d35e4c05e22e8ad924b085f7408dc4bc

Sharing

Copy URL Twitter E-mail

General

Target

42cf2035130684807b41a04f698b3100d35e4c05e22e8ad924b085f7408dc4bc
Size

24KB
MD5

bd8f6120c4020ec8b08669e07fd2e971
SHA1

612d79ecd6df2e9e38551ed272abd707e3862ab6
SHA256

42cf2035130684807b41a04f698b3100d35e4c05e22e8ad924b085f7408dc4bc
SHA512

c5e5bd826118be92ce016b49a0e65584fdc9c8407cd70d6f42e6959a4db0bc0e0a916c201e59d5272d68e5df7347e02e52a5505df163ea79142c72e85b9d9e4c
SSDEEP

768:6awEHt6Z/nqpouWjn6/T+KoBO5cL17w8E6+Qc:6awyAmoF6/TBoBscLxw8L

Score

N/A

Malware Config

Signatures

Files

42cf2035130684807b41a04f698b3100d35e4c05e22e8ad924b085f7408dc4bc
.exe windows x86

db454ac66235509441487f113388b854

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegOpenKeyW
RegDeleteValueW
RegCloseKey
ConvertSidToStringSidW
AdjustTokenPrivileges
SetFileSecurityW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegOpenKeyExW
RevertToSelf
DuplicateTokenEx
RegEnumValueW
LookupPrivilegeValueW
CreateProcessAsUserW
RegQueryValueExW
RegFlushKey
OpenProcessToken

kernel32

lstrlenA
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetCurrentProcessId
GetComputerNameA
VirtualAlloc
VirtualFree
OpenProcess
GetCurrentProcess
lstrcpyW
OpenEventW
GetLastError
SetLastError
lstrcatW
CreateFileMappingW
GetModuleFileNameW
Sleep
Process32FirstW
ProcessIdToSessionId
SetFileAttributesW
SetEvent
MapViewOfFile
ExitProcess
LocalFree
FindNextFileW
Process32NextW
WTSGetActiveConsoleSessionId
lstrcmpiW
FindClose
VirtualProtect
CreateToolhelp32Snapshot
DeleteFileW
RtlUnwind
CloseHandle
RemoveDirectoryW
lstrlenW
FindFirstFileW
ExpandEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
HeapValidate
GetProcessHeaps
HeapSetInformation
HeapCreate
HeapAlloc
HeapReAlloc
HeapFree
GetHandleInformation

user32

OpenInputDesktop
GetUserObjectInformationW
EnumWindowStationsW
wsprintfW
GetProcessWindowStation
SetProcessWindowStation
OpenWindowStationW

ntdll

ZwOpenProcess
NtQueryVirtualMemory
memset
_aulldvrm

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

netapi32

NetUserGetInfo
NetApiBufferFree
NetUserEnum

shell32

SHGetFolderPathW

ole32

CoUninitialize
CoCreateInstance
CoInitialize

shlwapi

StrCmpNIW
PathUnquoteSpacesW
StrStrIW

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

db454ac66235509441487f113388b854

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

ntdll

userenv

netapi32

shell32

ole32

shlwapi

Sections

.text Size: 16KB - Virtual size: 15KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 4KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 4KB

.reloc
Size: 1KB - Virtual size: 1KB