21fe0c56c6fdb72de02fe5036d7ec7f2c801db63e1a4e5ac4778b62f7b3fdce5

Sharing

Copy URL

Twitter E-mail

General

Target

21fe0c56c6fdb72de02fe5036d7ec7f2c801db63e1a4e5ac4778b62f7b3fdce5
Size

160KB
MD5

822c5d2867cf9d9359cd0d3ec852fb2e
SHA1

ca1518b34e02661df09de8f0ad29d18d7ea5d149
SHA256

21fe0c56c6fdb72de02fe5036d7ec7f2c801db63e1a4e5ac4778b62f7b3fdce5
SHA512

cf6fe091f231555b9e190e38a15e8e336c1617ec0a843a570f97838e19de11a3f2293bc16b1a1af52d6a5aa6e2a55a5afafa270132c86cd2e19e4f723bc9f3bf
SSDEEP

3072:1SQxg3vJpwIy4h+a8Eba0CKZBg8zk9yx6VmUBETZlaBZMTSZ:je3Dwza8t09BXA9RTyqBZnZ

Score

N/A

Malware Config

Signatures

Files

21fe0c56c6fdb72de02fe5036d7ec7f2c801db63e1a4e5ac4778b62f7b3fdce5
.exe windows x86

81b6db9c6ee75862d24a94a05792249c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

nmi

ord3
ord1
ord2

nv_common

ord4

advapi32

CreateProcessAsUserW
AllocateAndInitializeSid
DuplicateToken
CheckTokenMembership
FreeSid
GetTokenInformation
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
ImpersonateLoggedOnUser
DuplicateTokenEx
LookupAccountSidW
OpenProcessToken

iphlpapi

GetNumberOfInterfaces
GetAdaptersInfo

kernel32

SetStdHandle
HeapDestroy
HeapCreate
VirtualFree
ReadFile
LoadLibraryA
SetEnvironmentVariableA
GetOEMCP
GetComputerNameW
lstrlenA
lstrlenW
MultiByteToWideChar
CloseHandle
WaitForSingleObject
CreateProcessW
GetStdHandle
GetLastError
OpenProcess
FreeLibrary
GetProcAddress
LoadLibraryW
GetACP
CompareStringW
CompareStringA
GetCPInfo
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
FlushFileBuffers
SetFilePointer
SetUnhandledExceptionFilter
IsBadWritePtr
GetVersionExA
VirtualAlloc
RtlUnwind
WideCharToMultiByte
GetCommandLineA
GetVersion
ExitProcess
HeapFree
RaiseException
TerminateProcess
GetCurrentProcess
HeapAlloc
LCMapStringA
LCMapStringW
HeapReAlloc
HeapSize
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
GetModuleHandleA
GetEnvironmentVariableA
WriteFile

user32

wsprintfW

ole32

CoSetProxyBlanket
CoCreateInstance
CoUninitialize
CoInitializeSecurity
CoInitializeEx

oleaut32

SysAllocStringLen
SysAllocString
VariantClear
SysFreeString
SysStringLen

Sections

.text
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 16KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rrdata
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

81b6db9c6ee75862d24a94a05792249c

Headers

File Characteristics

Imports

nmi

nv_common

advapi32

iphlpapi

kernel32

user32

ole32

oleaut32

Sections

.text Size: 68KB - Virtual size: 64KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 16KB - Virtual size: 19KB

.rrdata Size: 60KB - Virtual size: 60KB

.text
Size: 68KB - Virtual size: 64KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 16KB - Virtual size: 19KB

.rrdata
Size: 60KB - Virtual size: 60KB