5c95fdbb13a11bcffbae713c1dcead2b711a81b2a4b3ab4dfedb7d6ade8eb07f

Sharing

Copy URL

Twitter E-mail

General

Target

5c95fdbb13a11bcffbae713c1dcead2b711a81b2a4b3ab4dfedb7d6ade8eb07f
Size

274KB
MD5

a20ff298046237a94a7a2e7482561200
SHA1

9ff986cf5a4f285d55c3ccac7669a22fd8e8dc33
SHA256

5c95fdbb13a11bcffbae713c1dcead2b711a81b2a4b3ab4dfedb7d6ade8eb07f
SHA512

de22dbaec3f6a3bd7aac4dc02235b656b13049c43972d6e41209706e5d2aec20c30e26e53d7fc56bfba658f17d2a9b1aab5cf302ae9f52bbef42eb9276af16db
SSDEEP

6144:sjNG+3SxcXjaSIQ8mlhb1pV2TWQ/MZXlhZOodp84vLZUe/:uG+3SxcXjaSIQ8mlhb1pk/2fdy4

Score

N/A

Malware Config

Signatures

Files

5c95fdbb13a11bcffbae713c1dcead2b711a81b2a4b3ab4dfedb7d6ade8eb07f
.exe windows x86

1f1928fb43f8234d4334e6ec22d8e898

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

TraceMessage
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
ControlTraceW
EnableTrace
StartTraceW
FreeSid
ConvertSidToStringSidW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
LookupAccountNameW
RegFlushKey
InitiateShutdownW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken

kernel32

GetSystemDefaultLCID
SetCurrentDirectoryW
GetCurrentProcessId
SetLastError
CreateEventW
WaitForSingleObjectEx
WaitForSingleObject
InterlockedIncrement
SetEvent
Sleep
InterlockedDecrement
CreateThread
EnumUILanguagesW
GetWindowsDirectoryW
SystemTimeToFileTime
GetSystemTime
GetFileMUIPath
GetProductInfo
DeviceIoControl
LocalFree
LocalAlloc
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
FreeLibrary
GetProcAddress
LoadLibraryW
GetUILanguageInfo
GetModuleFileNameW
CreateDirectoryW
DeleteFileW
GetTempFileNameW
GetTempPathW
GetSystemWindowsDirectoryW
FindClose
FindNextFileW
FindFirstFileW
lstrlenW
HeapFree
HeapReAlloc
HeapAlloc
GetProcessHeap
GetEnvironmentVariableW
FreeResource
SizeofResource
LockResource
LoadResource
FindResourceW
GetExitCodeProcess
CreateProcessW
GetSystemWow64DirectoryW
ReadFile
SetFilePointer
GetFileSize
GetFullPathNameW
WriteFile
SetEndOfFile
GetFileAttributesExW
ReleaseMutex
GetVersionExW
GetCurrentProcess
IsWow64Process
GetFileAttributesW
CreateFileW
GetFileSizeEx
CloseHandle
CreateMutexW
GetModuleHandleW
GetLastError
GetSystemPowerStatus
MoveFileExW
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
InterlockedCompareExchange
InterlockedExchange

user32

LoadStringW
MessageBoxW

msvcrt

__set_app_type
?terminate@@YAXXZ
__p__fmode
??3@YAXPAX@Z
_except_handler4_common
_vsnwprintf
_wtol
_controlfp
isdigit
_wcsicmp
_ftol2
wcsrchr
_wtoi
wcstok
??2@YAPAXI@Z
__p__commode
memset
_adjust_fdiv
wcsstr
wcsncmp
towupper
_wcsnicmp
wcstol
memcpy
wcschr
wcstoul
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_initterm
__setusermatherr
_amsg_exit

shell32

SHFileOperationW

ole32

CoInitializeEx
CoGetMalloc
CoInitialize
CoInitializeSecurity
CoCreateInstance
CoUninitialize

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

ntdll

RtlNumberOfClearBits
RtlAreBitsClear
RtlAreBitsSet
RtlSetBits
RtlInitializeBitMap

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

spwizui

?StartInstallUI@@YGJPAUISPInstall@@H@Z
?ShowError@@YGJJPBG@Z

sqmapi

SqmEndSession
SqmWaitForUploadComplete
SqmStartUpload
SqmAddToStreamV
SqmSet
SqmSetMachineId
SqmWriteSharedMachineId
SqmCreateNewId
SqmReadSharedMachineId
SqmSetEnabled
SqmSetAppId
SqmGetSession
SqmIsWindowsOptedIn

Sections

.text
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 121KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1f1928fb43f8234d4334e6ec22d8e898

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

msvcrt

shell32

ole32

version

ntdll

wtsapi32

spwizui

sqmapi

Sections

.text Size: 106KB - Virtual size: 106KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 35KB - Virtual size: 36KB

.text Size: 121KB - Virtual size: 124KB

.text
Size: 106KB - Virtual size: 106KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 35KB - Virtual size: 36KB

.text
Size: 121KB - Virtual size: 124KB