b2dd0d8f79a181957eb2716c504616c4f46335490eb73bc2ccfca7d5094e1f08

Sharing

Copy URL Twitter E-mail

General

Target

b2dd0d8f79a181957eb2716c504616c4f46335490eb73bc2ccfca7d5094e1f08
Size

443KB
MD5

906d120fc921c3cd087289182a61f9d0
SHA1

d5bb52892ddfe4ef64a87b5b105b941d6406730c
SHA256

b2dd0d8f79a181957eb2716c504616c4f46335490eb73bc2ccfca7d5094e1f08
SHA512

1123d95d8aa0de89f36f9b03379fe9787c304e335ba03780e226d781bb49a75f71541d0169e759d710d2e6f5d10a2fbd45628684f2bf167c2fd0e282dd06d997
SSDEEP

6144:rmAXVQ73GpKQAWGP6iRgjhuYp7OlB8YXGuvX1h9ST6TB5CPCKZ6AfY1:rIGpJA3VDYtZEGuvX1u63CPR

Score

N/A

Malware Config

Signatures

Files

b2dd0d8f79a181957eb2716c504616c4f46335490eb73bc2ccfca7d5094e1f08
.exe windows x86

c3d3ff38ce19e786957d110ba5ab2ab3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetEntriesInAclW
CreateWellKnownSid
InitializeSecurityDescriptor
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegSetValueExW
RegCreateKeyExW
UnregisterTraceGuids
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW

kernel32

GetModuleHandleW
CreateEventW
GetProductInfo
InitializeCriticalSection
DeleteCriticalSection
ExpandEnvironmentStringsW
LoadLibraryW
GetProcAddress
FreeLibrary
GetCurrentProcess
CloseHandle
MultiByteToWideChar
GetLastError
LocalFree
InterlockedExchange
Sleep
InterlockedCompareExchange
GetStartupInfoA
SetUnhandledExceptionFilter
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
HeapAlloc
GetProcessHeap
HeapFree
CreateFileW
GetVersionExW
SetLastError
WriteFile
lstrlenA
WideCharToMultiByte
SetFilePointer
CreateDirectoryW
GetLocalTime

user32

ExitWindowsEx
LoadStringW
PostMessageW
FindWindowW

msvcrt

_onexit
_lock
__dllonexit
_unlock
_controlfp
_except_handler4_common
?terminate@@YAXXZ
__set_app_type
__CxxFrameHandler3
__p__commode
__setusermatherr
_amsg_exit
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
memset
_CxxThrowException
__p__fmode
??3@YAXPAX@Z
_vsnwprintf
wcschr
memcpy
memmove
??1type_info@@UAE@XZ

ole32

CoInitializeSecurity
CoUninitialize
CoInitializeEx
CoCreateInstance

oleaut32

SysAllocString
SysFreeString

pidgenx

PidGenX

slc

SLGetWindowsInformationDWORD

ntdll

RtlFreeHeap
RtlAllocateHeap
WinSqmEndSession
WinSqmSetDWORD
WinSqmSetString
WinSqmStartSession
WinSqmIsOptedIn

Sections

.text
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 208KB - Virtual size: 207KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vmp0
Size: 192KB - Virtual size: 1.3MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c3d3ff38ce19e786957d110ba5ab2ab3

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

msvcrt

ole32

oleaut32

pidgenx

slc

ntdll

Sections

.text Size: 37KB - Virtual size: 36KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 208KB - Virtual size: 207KB

.reloc Size: 4KB - Virtual size: 4KB

.vmp0 Size: 192KB - Virtual size: 1.3MB

.text
Size: 37KB - Virtual size: 36KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 208KB - Virtual size: 207KB

.reloc
Size: 4KB - Virtual size: 4KB

.vmp0
Size: 192KB - Virtual size: 1.3MB