515e2a976976258de5ea9c564f8ce5fb8475b57d15d7dfd6c978c0a54ea07f05

Sharing

Copy URL

Twitter E-mail

General

Target

515e2a976976258de5ea9c564f8ce5fb8475b57d15d7dfd6c978c0a54ea07f05
Size

103KB
MD5

a39a941652f4ff0dff5ad20ad9ab1050
SHA1

d27e962d0d5c2752d5642fe5399a054080580947
SHA256

515e2a976976258de5ea9c564f8ce5fb8475b57d15d7dfd6c978c0a54ea07f05
SHA512

f116e98d6fa84d1cb84051fca1ad9cbea0d47aa96b440a47e86f5f3222e6a55f10f63db26635c8f42b1f8dafeeff9b29b534585973b7ee40e37324ae34ff3a6a
SSDEEP

3072:r3K3J/jOYqL5KxZAeaTiCNPS886yfXSI6Sp4GfJ:UJ/jOY8ofaTZql6yvS/HGfJ

Score

N/A

Malware Config

Signatures

Files

515e2a976976258de5ea9c564f8ce5fb8475b57d15d7dfd6c978c0a54ea07f05
.exe windows x86

ab325e7c9bb329dd601e1276ba56bf18

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathCombineW

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
TerminateProcess
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetCurrentProcess
GetVersionExW
FindFirstFileW
MoveFileExW
DeleteFileW
FindNextFileW
FindClose
RemoveDirectoryW
CreateProcessW
GetModuleFileNameW
lstrlenW
UnhandledExceptionFilter
GetCurrentThreadId
IsDebuggerPresent
GetStartupInfoA
InterlockedCompareExchange
Sleep
InterlockedExchange

user32

GetMessageW
SendMessageW
PostQuitMessage
TranslateMessage
DispatchMessageW
CharUpperW
FindWindowW

advapi32

RegDeleteValueW
RegCreateKeyW
RegOpenKeyW
RegEnumKeyW
RegEnumKeyExW
RegDeleteKeyW
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
GetSecurityDescriptorLength
RegSetValueExA
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegQueryValueExW

shell32

SHFileOperationW

ole32

CoUninitialize
CoRevokeClassObject
CoRegisterClassObject
CoInitialize
CoCreateInstance
StringFromGUID2

msvcr90

_crt_debugger_hook
_controlfp_s
_invoke_watson
_except_handler4_common
_decode_pointer
strstr
_vsnwprintf
memcmp
??3@YAXPAX@Z
memset
wcslen
wcscmp
_wcsicmp
wcsncmp
towupper
_stricmp
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
exit
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_unlock
__dllonexit
_lock
_onexit

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 78KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ab325e7c9bb329dd601e1276ba56bf18

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

user32

advapi32

shell32

ole32

msvcr90

Sections

.text Size: 11KB - Virtual size: 11KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 78KB - Virtual size: 80KB

.text
Size: 11KB - Virtual size: 11KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 78KB - Virtual size: 80KB