d44cb7771779416747170d9652235e922e90af2b44050571d11cc7a6d86b290b

Sharing

Copy URL

Twitter E-mail

General

Target

d44cb7771779416747170d9652235e922e90af2b44050571d11cc7a6d86b290b
Size

677KB
MD5

850c55994e71624e9aec226400a9b340
SHA1

4e4effab654ea4cfb68d0b8a1c849cbbb56ed080
SHA256

d44cb7771779416747170d9652235e922e90af2b44050571d11cc7a6d86b290b
SHA512

4f102039564335c2c789105a896c146f76dea3728027d8934abddf2f574f6c7ff114b2d52eb3901dde8867fa8c82f1c494eafde4ce58dea9a5b1d82eafb72043
SSDEEP

12288:u4379upn+Okiztj89Bn7lWGKm/XVMln6kzgme1Ydr8Ut5:Xwaj7YmPVMF6kzNe1Yp82

Score

N/A

Malware Config

Signatures

Files

d44cb7771779416747170d9652235e922e90af2b44050571d11cc7a6d86b290b
.exe windows x64

d91c016c4dc4059b0611264c2e132aff

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

TraceMessage
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegSetValueExW
RegDeleteValueW
RegQueryValueExW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
CloseTrace
OpenTraceW
ProcessTrace
ControlTraceW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids

kernel32

CompareFileTime
HeapAlloc
GetTickCount
IsWow64Process
HeapSetInformation
MultiByteToWideChar
K32EnumProcesses
GetSystemTime
FindClose
FindNextFileW
FindFirstFileW
GetSystemTimeAsFileTime
MoveFileExW
DeleteFileW
GetCurrentProcess
LocalAlloc
LocalFree
ReleaseMutex
CreateMutexW
CloseHandle
SetFilePointerEx
ReadFile
GetFileSizeEx
CreateFileW
RtlCompareMemory
GetLastError
Sleep
SetUnhandledExceptionFilter
GetModuleHandleW
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
UnhandledExceptionFilter
GetFileSize
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OutputDebugStringA
GetSystemInfo
HeapFree
GetProcessHeap
SetFilePointer
SetEndOfFile
WriteFile
SystemTimeToFileTime
WideCharToMultiByte
SetLastError

msvcrt

memcpy_s
_vsnprintf
strnlen
swscanf_s
_wcslwr_s
??2@YAPEAX_K@Z
__wgetmainargs
wcscpy_s
__C_specific_handler
_XcptFilter
_exit
_cexit
exit
_initterm
_amsg_exit
__setusermatherr
_commode
_fmode
__set_app_type
?terminate@@YAXXZ
??3@YAXPEAX@Z
wcsnlen
_wcsnicmp
_wcsicmp
_vsnwprintf
iswalpha
wcschr
wcscat_s
memcpy
memset
memcmp

ntdll

NtSetValueKey
NtQueryValueKey
RtlComputeCrc32
RtlNtStatusToDosError
NtOpenKey
RtlGUIDFromString
RtlInitUnicodeString
EtwEventWrite
EtwEventUnregister
EtwEventRegister
NtClose
EtwTraceMessage
RtlFreeHeap
RtlAllocateHeap
RtlReAllocateHeap
WinSqmIsOptedIn
NtApphelpCacheControl
WinSqmGetInstrumentationProperty
NtSetSystemInformation
WinSqmEndSession
WinSqmStartSession
WinSqmAddToStreamEx
RtlRandomEx
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

aepic

PicRetrieveFileInfo
PicFreeFileInfo

profapi

ord104

sfc

SfcIsFileProtected

ole32

OleRun
CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

SysFreeString
SysAllocString

Sections

.text
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 556KB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d91c016c4dc4059b0611264c2e132aff

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

ntdll

aepic

profapi

sfc

ole32

oleaut32

Sections

.text Size: 114KB - Virtual size: 113KB

.data Size: 1KB - Virtual size: 3KB

.pdata Size: 3KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 556KB - Virtual size: 2.4MB

.text
Size: 114KB - Virtual size: 113KB

.data
Size: 1KB - Virtual size: 3KB

.pdata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 556KB - Virtual size: 2.4MB