aa1f86af4dacb53fe306c32f541e9d78041b5adff231ee412e626e66c8b9b614

Sharing

Copy URL Twitter E-mail

General

Target

aa1f86af4dacb53fe306c32f541e9d78041b5adff231ee412e626e66c8b9b614
Size

63KB
MD5

a36ce84f0ddc5569a7caf7016eab2164
SHA1

1fbe6497d4bccadeab027e0195344033bbc16c63
SHA256

aa1f86af4dacb53fe306c32f541e9d78041b5adff231ee412e626e66c8b9b614
SHA512

4a02db14fd258a0a8a3eb7b9e3d25f0f7be6436c6d0c99f59f4e928bf4d0aef0c30fb7c52733070be04950b88b9b3562c615ff311063517c3f4c529d67984059
SSDEEP

768:DfD6N/88A2zVQyVqEqrJaR67b6GL5ND9wV/LaFkDiT2fqTEj:yN/84zVQyVteJaRM6GLHShaFWiYV

Score

N/A

Malware Config

Signatures

Files

aa1f86af4dacb53fe306c32f541e9d78041b5adff231ee412e626e66c8b9b614
.exe windows x86

3c3a881c17563b72b0eec0279c9308b3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryExA
GetVersionExW
FindClose
FindNextFileW
DeleteFileW
FindFirstFileW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetShortPathNameW
GetSystemDefaultUILanguage
lstrcpynA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
lstrcmpiA
lstrcmpA
ExitProcess
LoadLibraryW
GetProcAddress
FreeLibrary
GetSystemDirectoryW
GetModuleHandleW
CreateDirectoryW
ExpandEnvironmentStringsW
lstrlenW
lstrcpynW
GetFileAttributesW
SetFileAttributesW
GlobalAlloc
GetLastError
GlobalFree
lstrcmpiW
lstrcmpW
lstrcpyW
GetModuleHandleA
LocalAlloc
LocalFree
LoadLibraryExW
MultiByteToWideChar

msvcrt

swscanf
wcscat
wcslen
_c_exit
_exit
_XcptFilter
exit
__initenv
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_cexit

advapi32

RegQueryInfoKeyW
RegEnumValueW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegDeleteValueW
RegQueryValueW
RegEnumKeyW
RegSetKeySecurity
FreeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetAce
AddAccessAllowedAce
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
SetFileSecurityW
RegOpenKeyExA
RegSetValueW
RegDeleteKeyW
RegSetValueExW

user32

wsprintfW
LoadStringW

userenv

ord120
ord127
ord128

shlwapi

PathFindExtensionW
ord158
StrStrIW
SHDeleteKeyW
SHCopyKeyW
ord433
PathRemoveExtensionW
PathCombineW
PathRemoveBlanksW
wnsprintfW
StrCmpIW
StrToIntW
SHDeleteValueW
SHSetValueW
SHGetValueW
PathAppendW
ord437
StrCatBuffW
PathAddExtensionW

shell32

SHGetSpecialFolderLocation
SHChangeNotify
SHGetMalloc
SHSetLocalizedName
SHGetSpecialFolderPathW
SHGetFolderPathW

ole32

OleUninitialize
OleInitialize
CoCreateInstance
CoInitialize
CoUninitialize

Sections

.text
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

upxplrh
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3c3a881c17563b72b0eec0279c9308b3

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

advapi32

user32

userenv

shlwapi

shell32

ole32

Sections

.text Size: 30KB - Virtual size: 29KB

.data Size: 4KB - Virtual size: 18KB

.rsrc Size: 28KB - Virtual size: 29KB

upxplrh Size: - Virtual size: 4KB

.text
Size: 30KB - Virtual size: 29KB

.data
Size: 4KB - Virtual size: 18KB

.rsrc
Size: 28KB - Virtual size: 29KB

upxplrh
Size: - Virtual size: 4KB