d33f6bf71eb60edec1266d0aa2ab80fa76e5b5703981836c0a9bb2430272294b

Sharing

Copy URL Twitter E-mail

General

Target

d33f6bf71eb60edec1266d0aa2ab80fa76e5b5703981836c0a9bb2430272294b
Size

270KB
MD5

a36ea9e6427e3075fab2d34e6f173a1e
SHA1

59b8de34d666766366e35dcfbd620a30e3cbf6e4
SHA256

d33f6bf71eb60edec1266d0aa2ab80fa76e5b5703981836c0a9bb2430272294b
SHA512

4910da4c5fe63daa5d6e26fdae2c04f0f1581127f60b83837990651b653540d8d1a3e9b8fa96924ca4c11cfdb0dd94e98be7428166b33f106dfc38038e2d856c
SSDEEP

6144:jiiraE5a4IKnHteqyVvYpIhw0uPPQzNp56aX6wupS:1a4IGYwaaXP831X6wiS

Score

N/A

Malware Config

Signatures

Files

d33f6bf71eb60edec1266d0aa2ab80fa76e5b5703981836c0a9bb2430272294b
.exe windows x86

e1128b1893b786a7c6e8c28c2e956047

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
RegQueryValueExW
EventUnregister
EventWrite
TraceMessage

kernel32

Sleep
HeapFree
HeapReAlloc
HeapAlloc
GetProcessHeap
lstrlenW
GetCurrentProcess
WideCharToMultiByte
GlobalFree
ReadFile
CreateFileW
GetWindowsDirectoryW
WaitForSingleObject
FreeLibrary
GetProcAddress
LoadLibraryW
CreateDirectoryW
MultiByteToWideChar
CreateMutexW
ReleaseMutex
SetEvent
InterlockedDecrement
OutputDebugStringA
GetUILanguageInfo
EnumUILanguagesW
GetProductInfo
GetVersionExW
SetLastError
FormatMessageW
WriteFile
SetEndOfFile
SetFilePointer
GetCommandLineW
GetEnvironmentVariableW
InterlockedExchange
HeapSize
HeapDestroy
GetVersionExA
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
CreateEventW
InterlockedCompareExchange
SetUnhandledExceptionFilter
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
MoveFileExW
CloseHandle
LocalFree
GetFullPathNameW
GetSystemWindowsDirectoryW
GetModuleFileNameW
GetFileAttributesW
GetLastError
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
InterlockedIncrement
GetFileAttributesExW

user32

MessageBoxW
UnregisterClassA

msvcrt

_vscprintf
_ftol2
_cexit
??2@YAPAXI@Z
_exit
vsprintf_s
exit
_initterm
_amsg_exit
iswdigit
_wtoi
_XcptFilter
_controlfp
?terminate@@YAXXZ
malloc
free
vswprintf_s
_vscwprintf
_wcsicmp
wcstoul
_wcsnicmp
wcschr
memset
memmove_s
wcscspn
__wgetmainargs
wcsspn
calloc
??_V@YAXPAX@Z
__CxxFrameHandler3
??_U@YAPAXI@Z
_CxxThrowException
memcpy_s
_vsnwprintf
??3@YAXPAX@Z
_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
wcsrchr
__setusermatherr
memcpy

shell32

SHFileOperationW

ole32

CoUninitialize
CoGetMalloc
CoCreateInstance
CoInitializeEx
CoInitializeSecurity

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

shlwapi

PathRemoveFileSpecW

spwizui

SPInstallSucceeded
SPInstallFailed

sperror

GetErrorDescription

sqmapi

SqmStartUpload
SqmIsWindowsOptedIn
SqmEndSession
SqmSet
SqmSetMachineId
SqmWriteSharedMachineId
SqmCreateNewId
SqmReadSharedMachineId
SqmSetString
SqmSetAppId
SqmSetEnabled
SqmGetSession
SqmAddToStreamV
SqmWaitForUploadComplete

winbrand

BrandingFormatString

Sections

.text
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vmp0
Size: 160KB - Virtual size: 420KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e1128b1893b786a7c6e8c28c2e956047

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

msvcrt

shell32

ole32

version

shlwapi

spwizui

sperror

sqmapi

winbrand

Sections

.text Size: 94KB - Virtual size: 94KB

.data Size: 1KB - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 10KB - Virtual size: 10KB

.vmp0 Size: 160KB - Virtual size: 420KB

.text
Size: 94KB - Virtual size: 94KB

.data
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 10KB - Virtual size: 10KB

.vmp0
Size: 160KB - Virtual size: 420KB