651680c9a27c450ddca250e4c561e2a439e5e4b970db8c560cbbfc54e9d7ff79

Sharing

Copy URL Twitter E-mail

General

Target

651680c9a27c450ddca250e4c561e2a439e5e4b970db8c560cbbfc54e9d7ff79
Size

805KB
MD5

5347aa65932b68a3ba8a4aeaa8e65cd1
SHA1

6417f225bc99047df58473a0a8bb774f77d8a6f2
SHA256

651680c9a27c450ddca250e4c561e2a439e5e4b970db8c560cbbfc54e9d7ff79
SHA512

425ed641f573b6590ab985402a2bd9a239a6198d8998d706abbfeff953f5c45969ba398b496dc2b623a6774ef3b5b42e7657ae238d6be179591fd9f302aa26f9
SSDEEP

24576:9b4J230ZLEe4iNKOtbLSTh/mk0QnpYR7JMZ0bK7:p4J22LEe4DzTheApsJMybK7

Score

N/A

Malware Config

Signatures

Files

651680c9a27c450ddca250e4c561e2a439e5e4b970db8c560cbbfc54e9d7ff79
.exe windows x86

b200bce99f28396a629ce91191a53278

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

memcpy
memmove
memset
_aulldiv
ZwClose
_alldiv
RtlNtStatusToDosError
ZwSetInformationProcess
_chkstk
RtlFreeUnicodeString
ZwCreateKey
RtlOpenCurrentUser
ZwDuplicateToken
RtlCreateSecurityDescriptor
RtlGetDaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
RtlGetSaclSecurityDescriptor
RtlValidSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlSetGroupSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlSetSaclSecurityDescriptor
RtlCreateAcl
RtlAddAccessAllowedAceEx
ZwQueryInformationToken
RtlEqualSid
RtlGetAce
ZwOpenFile
ZwQueryValueKey
ZwSetValueKey
ZwOpenKey
ZwEnumerateKey
ZwQueryKey
ZwDeleteKey
LdrUnloadDll
LdrGetProcedureAddress
RtlInitAnsiString
LdrLoadDll
RtlInitUnicodeString
LdrGetDllHandle
ZwWaitForMultipleObjects
RtlAllocateHeap
RtlReAllocateHeap
RtlFreeHeap
ZwFlushBuffersFile
ZwFsControlFile
ZwWaitForSingleObject
ZwSetInformationThread
ZwReadFile
ZwWriteFile
ZwCreateNamedPipeFile
ZwSetInformationFile
RtlCreateUnicodeString
_allmul
ZwQueryInformationProcess
ZwOpenProcess
ZwQueryInformationFile
ZwCancelIoFile
ZwOpenThreadToken
ZwCreateEvent
RtlTimeToTimeFields
_aullrem
RtlTimeFieldsToTime
DbgPrint
_allrem
_stricmp
_strnicmp
_ftol
ZwTerminateProcess
ZwQueryInformationThread
ZwDelayExecution
ZwResumeThread
ZwTerminateThread
RtlRaiseException
ZwDuplicateObject
LdrShutdownThread
CsrClientCallServer
RtlCreateUserThread
RtlUpcaseUnicodeString
RtlxAnsiStringToUnicodeSize
RtlxOemStringToUnicodeSize
NlsMbOemCodePageTag
RtlAnsiStringToUnicodeString
RtlOemStringToUnicodeString
RtlxUnicodeStringToAnsiSize
RtlxUnicodeStringToOemSize
RtlUnicodeStringToAnsiString
RtlUnicodeStringToOemString
_aullshr
ZwSetEvent
ZwResetEvent
RtlSystemTimeToLocalTime
RtlInitializeCriticalSection
RtlEnterCriticalSection
RtlLeaveCriticalSection
RtlDeleteCriticalSection
ZwReleaseMutant
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
ZwDeviceIoControlFile
ZwCreateFile
RtlGetFullPathName_U
RtlQueryEnvironmentVariable_U
ZwReadVirtualMemory
ZwQuerySystemInformation
RtlCopySid
RtlAddAccessDeniedAceEx
RtlAdjustPrivilege
RtlImpersonateSelf
RtlDestroyProcessParameters
RtlCreateUserProcess
RtlCreateProcessParameters
RtlGetCurrentDirectory_U
ZwQueryVirtualMemory
RtlDosPathNameToNtPathName_U
ZwQueryObject
RtlDestroyEnvironment
RtlSetEnvironmentVariable
RtlCreateEnvironment
ZwUnmapViewOfSection
ZwMapViewOfSection
ZwCreateSection
ZwQueryDirectoryFile
RtlIsDosDeviceName_U
ZwDisplayString
RtlUnwind
RtlReleasePebLock
RtlClearBits
RtlFindClearBitsAndSet
RtlAcquirePebLock
RtlAreBitsSet
_allshl

Sections

.text
Size: 567KB - Virtual size: 566KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 5KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.xrdata
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b200bce99f28396a629ce91191a53278

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

Sections

.text Size: 567KB - Virtual size: 566KB

.rdata Size: 93KB - Virtual size: 93KB

.data Size: 5KB - Virtual size: 18KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 51KB - Virtual size: 51KB

.xrdata Size: 80KB - Virtual size: 80KB

.text
Size: 567KB - Virtual size: 566KB

.rdata
Size: 93KB - Virtual size: 93KB

.data
Size: 5KB - Virtual size: 18KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 51KB - Virtual size: 51KB

.xrdata
Size: 80KB - Virtual size: 80KB