84cc3f5adec852487ec3533a8fa39e968b225d68ba6b3b8c82dade740d4f97e2

Sharing

Copy URL Twitter E-mail

General

Target

84cc3f5adec852487ec3533a8fa39e968b225d68ba6b3b8c82dade740d4f97e2
Size

48KB
MD5

a6b508eb1df71d8bae92f3612f2eb523
SHA1

e1b8ce9b34abed9f910ca37b196549cbfd70bd3d
SHA256

84cc3f5adec852487ec3533a8fa39e968b225d68ba6b3b8c82dade740d4f97e2
SHA512

abaca9eff07d2d460ca3e0a4c0279895737e605aa811994171f18ed9d2c95e072fa0e89de25778149fa9fc5b5fbc07608ad9e805784f395935a9b331873e19b5
SSDEEP

768:DBGrGVmQ+gwCCL/qOluxgdY06fE0DsQQe73WUp6MyMZ/ytjirLc4ncF:LredF0D3WUW15

Score

N/A

Malware Config

Signatures

Files

84cc3f5adec852487ec3533a8fa39e968b225d68ba6b3b8c82dade740d4f97e2
.exe windows x86

e4d7aed3253a9f3c08c8ac90f460592a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

wcstoul
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
wcslen
malloc
free
??2@YAPAXI@Z
??3@YAXPAX@Z
wcschr
towlower
_except_handler3

advapi32

OpenProcessToken
LookupPrivilegeValueW
GetTokenInformation
EqualSid
AdjustTokenPrivileges
RegSaveKeyW
RegOpenKeyExW
RegQueryValueExW
RegDeleteValueW
RegCloseKey
DuplicateTokenEx
CreateProcessAsUserW
AllocateAndInitializeSid
FreeSid
RegRestoreKeyW

kernel32

GetSystemDirectoryW
GetCurrentProcessId
GetCurrentThreadId
LocalAlloc
LocalFree
InterlockedIncrement
lstrcmpiW
GetExitCodeProcess
GetLastError
lstrcpyW
FileTimeToSystemTime
SystemTimeToFileTime
GetLocalTime
lstrcatW
GetProcAddress
LoadLibraryW
FormatMessageW
GetModuleHandleW
InterlockedDecrement
SetLastError
GetCommandLineW
Sleep
CloseHandle
CreateFileW
GetWindowsDirectoryW
WriteFile
lstrlenA
WideCharToMultiByte
GetModuleFileNameW
GetSystemDefaultLCID
GetTickCount
GetCurrentProcess
DeleteFileW
FreeLibrary
WritePrivateProfileSectionW
GetPrivateProfileSectionW
GetPrivateProfileStringW
GetModuleHandleA
GetStartupInfoA

user32

PeekMessageW
MsgWaitForMultipleObjects
LoadIconW
wsprintfW
DestroyIcon
DispatchMessageW

ole32

CoInitialize
CoUninitialize
CoCreateInstance

shlwapi

ord219
PathCanonicalizeW
StrStrIW

syssetup

pSetupDebugPrint
SetupOobeInitDebugLog

winsta

WinStationCloseServer
WinStationFreeMemory
WinStationQueryInformationW
WinStationOpenServerW
WinStationEnumerateW

setupapi

SetupOpenInfFileW
SetupInstallFromInfSectionW
SetupCloseInfFile

wininet

InternetOpenW
InternetSetOptionW
InternetCloseHandle

osuninst

IsUninstallImageValid

rpcrt4

RpcBindingFree
RpcBindingFromStringBindingW
NdrClientCall2
RpcBindingSetAuthInfoExW

ntdll

NtDuplicateToken
NtClose

Sections

.text
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e4d7aed3253a9f3c08c8ac90f460592a

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

advapi32

kernel32

user32

ole32

shlwapi

syssetup

winsta

setupapi

wininet

osuninst

rpcrt4

ntdll

Sections

.text Size: 21KB - Virtual size: 20KB

.data Size: 512B - Virtual size: 3KB

.rsrc Size: 26KB - Virtual size: 25KB

.text
Size: 21KB - Virtual size: 20KB

.data
Size: 512B - Virtual size: 3KB

.rsrc
Size: 26KB - Virtual size: 25KB