4a1064067c5a5935e8c7ea65538bdc2f0d9f3eadc68d88db49c4e0a0b38f9ffb

Sharing

Copy URL Twitter E-mail

General

Target

4a1064067c5a5935e8c7ea65538bdc2f0d9f3eadc68d88db49c4e0a0b38f9ffb
Size

49KB
MD5

a16543661a30e7653291b4a76ef1d730
SHA1

2fc7837986bc98d052f90b09384780be06f867dc
SHA256

4a1064067c5a5935e8c7ea65538bdc2f0d9f3eadc68d88db49c4e0a0b38f9ffb
SHA512

65651d244c8f84097141550415b6671917428154bdafc1f28df119f2bc5f2dc37d62a1f91f63a6f185f3b8e48f4efc159df25435b8d9a1c2383c19c8d32458f4
SSDEEP

768:/cE6IN/3/ino2VzLBfsBzAo4rs8urqbZ8LQ7XyVj2FGn+KKjs2lZ3Y6:/cjq3/ino2VzGBrYZ8c7AjjwlZo6

Score

N/A

Malware Config

Signatures

Files

4a1064067c5a5935e8c7ea65538bdc2f0d9f3eadc68d88db49c4e0a0b38f9ffb
.exe windows x86

d51b0b765424b117e7408b04e0b3d8f2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteFileW
MoveFileW
GetThreadLocale
CreateDirectoryW
SetEndOfFile
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
GetFileSize
WriteFile
GetFileAttributesW
SetFilePointer
FlushFileBuffers
GetProcessHeap
SetThreadPreferredUILanguages
GetStdHandle
GetModuleHandleW
FindFirstFileW
FindNextFileW
FindClose
GetSystemInfo
GetFullPathNameW
FormatMessageW
LocalFree
GetLastError
lstrlenW
CompareStringW
WriteConsoleW
InterlockedExchange
Sleep
InterlockedCompareExchange
SetUnhandledExceptionFilter
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetLastError
CloseHandle
CreateEventW
SetEvent
CreateFileW
WaitForSingleObject
InterlockedIncrement
GetSystemWindowsDirectoryW
RaiseException
HeapAlloc
HeapFree
GetCurrentThread

msvcrt

_vsnwprintf
_resetstkoflw
memcpy
wcsrchr
wcschr
_wcsicmp
__wgetmainargs
_cexit
_exit
_XcptFilter
_except_handler4_common
_controlfp
??2@YAPAXI@Z
??3@YAXPAX@Z
memset
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_amsg_exit
_initterm
exit

user32

LoadStringW
CharPrevW
CharNextW
CharLowerW

setupapi

SetupUninstallOEMInfW
SetupDiGetClassDescriptionExW
SetupGetStringFieldW
SetupEnumPublishedInfW
SetupOpenInfFileW
SetupVerifyInfFileW
SetupCloseInfFile
SetupFindFirstLineW
SetupCopyOEMInfW

ole32

CLSIDFromString

newdev

DiInstallDriverW

advapi32

IsValidSecurityDescriptor
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
SetNamedSecurityInfoW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetKernelObjectSecurity
DuplicateTokenEx
SetThreadToken
AdjustTokenPrivileges
OpenThreadToken
OpenProcessToken

ntdll

RtlNtStatusToDosError

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d51b0b765424b117e7408b04e0b3d8f2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

user32

setupapi

ole32

newdev

advapi32

ntdll

Sections

.text Size: 26KB - Virtual size: 25KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 20KB - Virtual size: 23KB

.text
Size: 26KB - Virtual size: 25KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 20KB - Virtual size: 23KB