1be51ab2551228c5ae5aa3403ce6f8e6d7a844035bdd7e6e0b7146c9e8d4e53a

Sharing

Copy URL Twitter E-mail

General

Target

1be51ab2551228c5ae5aa3403ce6f8e6d7a844035bdd7e6e0b7146c9e8d4e53a
Size

57KB
MD5

84eef4b6e71ea2583555d9a747150a30
SHA1

4774767ab269eaa9c98cf22be4dae7956e273423
SHA256

1be51ab2551228c5ae5aa3403ce6f8e6d7a844035bdd7e6e0b7146c9e8d4e53a
SHA512

91edcd937ae54c78b59c7b2620a7d1389edb9c02fe8904b477a2aba0b0a8e35d5030231c677f2c64b963f3e08d008f733d2e70ae6547f4aa9b5162166a3a6fd7
SSDEEP

1536:Xvdp7KLDfzpgdRtp7Uy28waReFv/ApP1UJAVp:Xvdp7KLPpUfp7U58wagvI/lp

Score

N/A

Malware Config

Signatures

Files

1be51ab2551228c5ae5aa3403ce6f8e6d7a844035bdd7e6e0b7146c9e8d4e53a
.exe windows x86

1c05fd3bddd06f78ebb6d2c6012886a3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__set_app_type
_except_handler3
swprintf
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_c_exit
_initterm
__getmainargs
__initenv
exit
_cexit
_XcptFilter
_exit
wcscmp
_wcsicmp
wcslen
??2@YAPAXI@Z
??3@YAXPAX@Z
_strcmpi
_purecall
malloc
iswctype
_wtol
free
_controlfp
realloc

atl

ord32
ord20
ord17
ord23
ord21
ord16

advapi32

MakeSelfRelativeSD
FreeSid
GetSecurityDescriptorLength
MakeAbsoluteSD
AllocateAndInitializeSid
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
SetSecurityDescriptorDacl
EqualSid
DeleteAce
AddAccessAllowedAce
InitializeAcl
AddAccessDeniedAce
GetAclInformation
GetAce
AddAce
LookupAccountNameW
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
GetLengthSid
InitializeSecurityDescriptor
RegSetValueExW
RegCreateKeyExW
InitiateSystemShutdownW
RegisterEventSourceW
ReportEventW
DeregisterEventSource
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
ControlService
CloseServiceHandle
EnumDependentServicesW
OpenServiceW
LookupAccountSidW
GetTokenInformation
QueryServiceStatus
StartServiceW
QueryServiceConfigW
OpenSCManagerW

kernel32

GetModuleHandleA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
QueryPerformanceCounter
EnterCriticalSection
LeaveCriticalSection
LoadLibraryW
GetProcAddress
FreeLibrary
FormatMessageW
GetVersionExW
LocalAlloc
LocalFree
GetTickCount
GetCurrentProcessId
GetCommandLineW
GetModuleHandleW
GetCurrentThreadId
CreateEventW
CreateThread
SetEvent
InterlockedDecrement
InterlockedIncrement
GetLastError
GetCurrentProcess
CloseHandle
OpenProcess
Sleep
TerminateProcess
WaitForSingleObject
lstrcmpiW
lstrlenW
lstrcpyW
ReadProcessMemory
InitializeCriticalSection
DeleteCriticalSection

user32

wsprintfW
GetMessageW
DispatchMessageW
CharNextW
PostThreadMessageW
wsprintfA
EnumWindows
GetWindowThreadProcessId
GetWindowTextW
PostMessageW

ole32

CoInitializeEx
CoInitializeSecurity
CoUninitialize

oleaut32

LoadRegTypeLi
SetErrorInfo

ntdll

NtQueryInformationProcess

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sbizgei
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1c05fd3bddd06f78ebb6d2c6012886a3

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

atl

advapi32

kernel32

user32

ole32

oleaut32

ntdll

Sections

.text Size: 20KB - Virtual size: 20KB

.data Size: 512B - Virtual size: 280B

.rsrc Size: 35KB - Virtual size: 36KB

sbizgei Size: - Virtual size: 4KB

.text
Size: 20KB - Virtual size: 20KB

.data
Size: 512B - Virtual size: 280B

.rsrc
Size: 35KB - Virtual size: 36KB

sbizgei
Size: - Virtual size: 4KB