cf491a4411b2d383c2259d165b7788b6143d8081995b8b4fb6f7739fe29bff78

Sharing

Copy URL

Twitter E-mail

General

Target

cf491a4411b2d383c2259d165b7788b6143d8081995b8b4fb6f7739fe29bff78
Size

839KB
MD5

a2e803991fd2aef909f4f2b00df00220
SHA1

3309b472ec933f22ebbc96299020923f6c0c7999
SHA256

cf491a4411b2d383c2259d165b7788b6143d8081995b8b4fb6f7739fe29bff78
SHA512

f81511bf71f528ea0e94f2022eb68363d0e744c905ecab5b9c9ec2de574c4bc1029916999901316d2c296a881425e233f5f6757380203e5bfcd68a932aa5569a
SSDEEP

12288:WBZanE0M7ZCrQzJHMed87JSRq6nqtm4KazrpZZzaOcWeB7FWc1F0sMF7Tc05:IOw7ZCIJ7daJ1pK0PZeOc/7FdrMFEc

Score

N/A

Malware Config

Signatures

Files

cf491a4411b2d383c2259d165b7788b6143d8081995b8b4fb6f7739fe29bff78
.exe windows x64

da176886a29e670159901f86d0d4ea4d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegDeleteKeyW
RegCloseKey
RegCreateKeyExW
RegDeleteValueW
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW

kernel32

SizeofResource
EnterCriticalSection
LoadResource
FindResourceW
LoadLibraryExW
RaiseException
LeaveCriticalSection
DeleteCriticalSection
lstrlenW
MultiByteToWideChar
GetModuleHandleW
InitializeCriticalSection
FreeLibrary
lstrcmpiW
GetLastError
GetModuleFileNameW
LoadLibraryW
DeactivateActCtx
ActivateActCtx
ReleaseActCtx
CreateActCtxW
OutputDebugStringA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetStartupInfoW
Sleep
GetVersionExA

user32

UnregisterClassA
LoadStringW
MessageBoxW
CharNextW

msvcrt

memset
?terminate@@YAXXZ
_errno
realloc
_onexit
_lock
__C_specific_handler
??_U@YAPEAX_K@Z
free
malloc
memcpy_s
wcsncpy_s
??_V@YAXPEAX@Z
??3@YAXPEAX@Z
__wgetmainargs
_XcptFilter
_exit
_cexit
exit
_wcmdln
_initterm
_amsg_exit
__setusermatherr
_commode
_fmode
__set_app_type
_unlock
__dllonexit

ole32

CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance

oleaut32

VarUI4FromStr

shell32

ShellExecuteW
SHGetFolderPathW

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 232KB - Virtual size: 231KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 580KB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

da176886a29e670159901f86d0d4ea4d

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

msvcrt

ole32

oleaut32

shell32

Sections

.text Size: 23KB - Virtual size: 23KB

.data Size: 1KB - Virtual size: 3KB

.pdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 232KB - Virtual size: 231KB

.reloc Size: 580KB - Virtual size: 2.5MB

.text
Size: 23KB - Virtual size: 23KB

.data
Size: 1KB - Virtual size: 3KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 232KB - Virtual size: 231KB

.reloc
Size: 580KB - Virtual size: 2.5MB