c51676918edff6d647e1429801393da1489fb4db631a7a82e7a378c7658886a6

Sharing

Copy URL Twitter E-mail

General

Target

c51676918edff6d647e1429801393da1489fb4db631a7a82e7a378c7658886a6
Size

1.0MB
MD5

a2e7628322a78be702c562454115527d
SHA1

c0505f9840c8b13d03898a0088f0c455d5fa43c8
SHA256

c51676918edff6d647e1429801393da1489fb4db631a7a82e7a378c7658886a6
SHA512

6a27ea0507629a667c984a32854ee9085b7909c90d610a5fda6a5f70f415237e673e904dc8b7cbcba5ebd2f9f49d453af98e715db7c2fc80ca75b7e022533d07
SSDEEP

24576:YUmQKQU8n4HBPEnpPppqhxq1OJRrTakkkkkkO5M+UXkOCrukfp0+k:lmQKkn4HBPEpCvq1OJR1UUOCqW0+k

Score

N/A

Malware Config

Signatures

Files

c51676918edff6d647e1429801393da1489fb4db631a7a82e7a378c7658886a6
.exe windows x86

654104cb0604886e45f080b013e975a4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetUserDefaultUILanguage
LocalAlloc
GetModuleHandleA
GetUserDefaultLangID
SetEnvironmentVariableW
WaitForSingleObject
CreateEventW
ExpandEnvironmentStringsW
GetCurrentProcess
CreateMutexW
SetFilePointer
GetTickCount
FormatMessageA
WriteFile
CreateFileW
GetLastError
SetLastError
GetCurrentThreadId
ReleaseMutex
GetCurrentProcessId
InterlockedExchange
RtlCaptureStackBackTrace
MapViewOfFile
UnmapViewOfFile
FreeLibrary
VirtualFree
GetFileAttributesW
ReadFile
GetCurrentDirectoryW
GetLongPathNameW
VirtualAlloc
CreateFileMappingW
QueryDosDeviceW
GetFileTime
GetModuleHandleW
GetSystemTimeAsFileTime
GetExitCodeProcess
TerminateProcess
GetStdHandle
HeapSetInformation
DuplicateHandle
GetVersionExW
WideCharToMultiByte
MultiByteToWideChar
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
SetCurrentDirectoryW
DeleteCriticalSection
IsDebuggerPresent
RaiseException
CreateThread
QueryPerformanceCounter
GetSystemDirectoryW
GetWindowsDirectoryW
SetEndOfFile
FlushFileBuffers
SetInformationJobObject
GetQueuedCompletionStatus
SetEvent
InitializeCriticalSection
ResetEvent
PostQueuedCompletionStatus
CreateIoCompletionPort
TerminateJobObject
ResumeThread
SignalObjectAndWait
InterlockedIncrement
InterlockedDecrement
GetThreadContext
LoadLibraryW
AssignProcessToJobObject
WriteProcessMemory
RegisterWaitForSingleObject
UnregisterWaitEx
CreateJobObjectW
VirtualFreeEx
VirtualProtectEx
VirtualAllocEx
CreateNamedPipeW
OpenEventW
SearchPathW
DebugBreak
VirtualQuery
ReadProcessMemory
SuspendThread
ReleaseSemaphore
CreateSemaphoreW
WaitNamedPipeW
TransactNamedPipe
SetNamedPipeHandleState
WaitForMultipleObjects
WTSGetActiveConsoleSessionId
FindResourceW
LoadResource
SizeofResource
LockResource
UnhandledExceptionFilter
GetStartupInfoW
HeapFree
GetConsoleCP
GetConsoleMode
SetStdHandle
GetFileType
HeapReAlloc
HeapAlloc
GetProcessHeap
RtlUnwind
GetCPInfo
LCMapStringA
LCMapStringW
GetStringTypeW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStartupInfoA
HeapCreate
GetACP
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
HeapSize
LoadLibraryA
GetStringTypeA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetProcAddress
lstrlenW
GetModuleFileNameW
LoadLibraryExW
LocalFree
CloseHandle
QueueUserWorkItem
GetTempPathW
Sleep
InterlockedCompareExchange
SetUnhandledExceptionFilter
CreateProcessW
GetEnvironmentVariableW
GetCommandLineW
EnterCriticalSection
ExitProcess

user32

SetProcessWindowStation
GetThreadDesktop
CreateWindowStationW
GetProcessWindowStation
CreateDesktopW
CharUpperW
CloseDesktop
CloseWindowStation
MessageBoxW
GetUserObjectInformationW

advapi32

OpenProcessToken
GetTokenInformation
ConvertSidToStringSidW
CreateProcessAsUserW
GetTraceEnableFlags
GetTraceLoggerHandle
TraceEvent
UnregisterTraceGuids
GetTraceEnableLevel
RegisterTraceGuidsW
SetSecurityDescriptorDacl
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegSetValueExW
InitializeSecurityDescriptor
RegDisablePredefinedCache
RevertToSelf
ConvertSecurityDescriptorToStringSecurityDescriptorW
SetFileSecurityW
GetFileSecurityW
SetEntriesInAclW
GetSecurityInfo
DuplicateTokenEx
LookupPrivilegeValueW
DuplicateToken
EqualSid
CreateRestrictedToken
CreateWellKnownSid
CopySid
GetLengthSid
GetSecurityDescriptorSacl
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidW
SetTokenInformation
SetThreadToken

shell32

SHGetFolderPathW
CommandLineToArgvW

shlwapi

PathRemoveFileSpecW
PathFileExistsW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

wtsapi32

WTSQueryUserToken

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Exports

Exports

DumpProcess
SetActiveURL
SetClientId
SetExtensionID
SetGpuInfo
SetNumberOfExtensions
SetNumberOfViews

Sections

.text
Size: 407KB - Virtual size: 406KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 413KB - Virtual size: 412KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 7KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.erdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

654104cb0604886e45f080b013e975a4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

shlwapi

userenv

wtsapi32

version

Exports

Exports

Sections

.text Size: 407KB - Virtual size: 406KB

.rdata Size: 413KB - Virtual size: 412KB

.data Size: 7KB - Virtual size: 20KB

.rsrc Size: 117KB - Virtual size: 116KB

.reloc Size: 30KB - Virtual size: 29KB

.erdata Size: 68KB - Virtual size: 68KB

.text
Size: 407KB - Virtual size: 406KB

.rdata
Size: 413KB - Virtual size: 412KB

.data
Size: 7KB - Virtual size: 20KB

.rsrc
Size: 117KB - Virtual size: 116KB

.reloc
Size: 30KB - Virtual size: 29KB

.erdata
Size: 68KB - Virtual size: 68KB