77f2586bd9f0704de593c25702750ee5ca0bfd03a4c74bd59734a9af2aa14b27

Sharing

Copy URL Twitter E-mail

General

Target

77f2586bd9f0704de593c25702750ee5ca0bfd03a4c74bd59734a9af2aa14b27
Size

728KB
MD5

84dca379982511e38ce89ff0987b64c0
SHA1

4929689fc33c600c4c6e97306c4f8526b84ea2f0
SHA256

77f2586bd9f0704de593c25702750ee5ca0bfd03a4c74bd59734a9af2aa14b27
SHA512

7263a8d4cf20768448fc1af2142e83817c6d2043eb85af4fde228abc24403510609ba0b3b9f368af14d33c254d769f58a9b600f0c44ad85a6c684fdd76566b6f
SSDEEP

12288:DBj6w/txssr25+2Yh37+6uDwGGiKKpZFXFNIMx80vs:hp/LV2Yh37+1DwGGzKpT18

Score

N/A

Malware Config

Signatures

Files

77f2586bd9f0704de593c25702750ee5ca0bfd03a4c74bd59734a9af2aa14b27
.exe windows x64

a52bc3ed99ad03a1c7f549e9d94fb14c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

_vsnprintf
??1type_info@@UEAA@XZ
iswspace
_wtoi
memset
__CxxFrameHandler3
memcpy
towlower
memmove
isspace
tolower
_purecall
wcsrchr
_vsnwprintf
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
_wcsicmp
wcschr
_wcsnicmp
_wtoi64
_vscwprintf
wcsncmp
?terminate@@YAXXZ
__set_app_type
_fmode
_commode
__setusermatherr
_amsg_exit
_initterm
exit
_cexit
_exit
_XcptFilter
__C_specific_handler
__wgetmainargs
_CxxThrowException

advapi32

DeregisterEventSource
ReportEventW
RegisterEventSourceW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
TraceMessage
EventRegister
EventUnregister
EventWrite
RegSetKeyValueW
RegGetValueW
RegCreateKeyExW
RegCloseKey
RegSetValueExW
RegDeleteKeyW
RegOpenKeyExW
RegDeleteValueW
OpenSCManagerW
GetServiceDisplayNameW
CloseServiceHandle
RegQueryValueExW

kernel32

WaitForSingleObject
CloseHandle
MapViewOfFile
OpenThread
SetEvent
TerminateProcess
ReleaseMutex
CreateProcessW
GetUserDefaultUILanguage
MultiByteToWideChar
GetThreadId
UnmapViewOfFile
GetWindowsDirectoryW
GetLogicalDriveStringsW
QueryDosDeviceW
GetProcAddress
FreeLibrary
GetDriveTypeW
FindFirstFileNameW
FindNextFileNameW
FindClose
CreateToolhelp32Snapshot
GetProcessId
Module32FirstW
Module32NextW
K32EnumProcessModules
K32GetModuleFileNameExW
LoadLibraryW
GlobalMemoryStatus
ReadProcessMemory
OpenEventW
GetVersionExW
IsWow64Process
GetLastError
LoadLibraryExW
DuplicateHandle
GetExitCodeThread
GetModuleHandleExW
FreeLibraryAndExitThread
DebugBreak
SystemTimeToFileTime
GetSystemTime
GetProcessTimes
GetApplicationRestartSettings
GetFileAttributesW
CreateFileW
OpenMutexW
CreateFileMappingW
GetSystemDirectoryW
GetSystemWow64DirectoryW
LocalFree
UnhandledExceptionFilter
GetCurrentProcess
CreateThread
lstrlenW
DeleteFileW
WriteProcessMemory
OutputDebugStringA
CreateEventW
VirtualAllocEx
GetCommandLineW
HeapSetInformation
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
VirtualAlloc
VirtualFreeEx
VirtualFree
CreateMutexW
GetTickCount
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
Sleep
SearchPathW
GetFileSize
ExpandEnvironmentStringsW
WaitForMultipleObjects
SetEnvironmentVariableW

user32

LoadStringW
GetProcessWindowStation
GetThreadDesktop
GetUserObjectInformationW
IsWindow

ntdll

NtSuspendProcess
NtResumeProcess
WinSqmAddToStream
RtlAllocateHeap
RtlFreeHeap
NtQuerySystemInformation
RtlAdjustPrivilege
RtlGetCurrentTransaction
RtlSetCurrentTransaction
RtlDetermineDosPathNameType_U
NtWaitForMultipleObjects
RtlGetUnloadEventTraceEx
RtlImageNtHeaderEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
DbgPrint
RtlInitUnicodeString
NtSetSystemInformation
EtwTraceMessage
NtClose
RtlFreeSid
NtAlpcSendWaitReceivePort
NtAlpcConnectPort
RtlAllocateAndInitializeSid
NtWaitForSingleObject
NtOpenEvent
RtlNtStatusToDosError
EtwEventWriteNoRegistration
NtQueryInformationProcess
NtQueryInformationThread

wer

WerpSetCallBack
WerReportAddDump
WerReportSetParameter
WerpCreateIntegratorReportId
WerpSetIntegratorReportId
WerpFreeString
WerpGetReportFlags
WerpIsTransportAvailable
WerReportSetUIOption
WerpAddSecondaryParameter
WerReportAddFile
WerpSetReportFlags
WerpPromtUser
WerpAddTextToReport
WerReportCloseHandle
WerReportSubmit
WerpAddAppCompatData
WerReportCreate

shell32

SHGetFolderPathW
CommandLineToArgvW
SHCreateDirectoryExW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Sections

.text
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 580KB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a52bc3ed99ad03a1c7f549e9d94fb14c

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

advapi32

kernel32

user32

ntdll

wer

shell32

version

Sections

.text Size: 136KB - Virtual size: 135KB

.data Size: 4KB - Virtual size: 5KB

.pdata Size: 4KB - Virtual size: 3KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 580KB - Virtual size: 1.9MB

.text
Size: 136KB - Virtual size: 135KB

.data
Size: 4KB - Virtual size: 5KB

.pdata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 580KB - Virtual size: 1.9MB