a95b4e72f3f785b9d88ec7e65581490998548ebfb06fabefb11920297d44b2ac

Sharing

Copy URL Twitter E-mail

General

Target

a95b4e72f3f785b9d88ec7e65581490998548ebfb06fabefb11920297d44b2ac
Size

767KB
MD5

9258eaffd315d4aaf603120092301170
SHA1

cbb20dedd510f45a519aaf2a79c968414249e20c
SHA256

a95b4e72f3f785b9d88ec7e65581490998548ebfb06fabefb11920297d44b2ac
SHA512

a7e1c90e8bde30bfeefe275e00b9403dc312caf17f0574e558a7955688661e15914ce9aaa6297e78bd57ce815a81a6ddc0ae4ddcc53579acdef598bc19393fc2
SSDEEP

12288:mKKhnfpS9vxkS4n/3lRkRc4YFwjsW6NcPGw0vMnUNW/XorGT82PQCE3ufpwFivoX:qnfQZxkSY3/kRc4la6PGw0vMUCorGLIi

Score

N/A

Malware Config

Signatures

Files

a95b4e72f3f785b9d88ec7e65581490998548ebfb06fabefb11920297d44b2ac
.exe windows x64

80c35ec2a04ea2ce13976b15b90633fa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

AllocateAndInitializeSid
FreeSid
CheckTokenMembership
RegCloseKey
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegisterEventSourceW
DeregisterEventSource
ReportEventW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetEntriesInAclW
GetSecurityDescriptorDacl
OpenProcessToken
GetTokenInformation
DuplicateToken
RegDeleteKeyValueW
CreateWellKnownSid

kernel32

GetLastError
HeapAlloc
GlobalSize
HeapFree
GlobalLock
GetProcessHeap
GlobalAlloc
GlobalUnlock
SetLastError
GlobalFree
GlobalReAlloc
InitializeCriticalSectionAndSpinCount
Sleep
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetDateFormatW
GetFileSize
WaitForSingleObject
WriteFile
FormatMessageW
GetTimeFormatW
CreateFileW
lstrlenW
GetCurrentThreadId
ReleaseMutex
CloseHandle
ExpandEnvironmentStringsW
LoadLibraryW
SetFilePointer
WideCharToMultiByte
GetLocalTime
IsDebuggerPresent
OutputDebugStringA
LocalFree
GetTempFileNameW
GetDriveTypeW
SetErrorMode
DeviceIoControl
GetDiskFreeSpaceExW
DeleteFileW
GetVolumeInformationW
FreeLibrary
VerSetConditionMask
GetCurrentProcess
SetEvent
SetThreadUILanguage
OpenProcess
GetConsoleMode
GetVolumePathNamesForVolumeNameW
WriteConsoleW
ReleaseSemaphore
GetConsoleOutputCP
VerifyVersionInfoW
GetStdHandle
ResetEvent
CreateSemaphoreW
GetFileType
SetConsoleCtrlHandler
CreateEventW
WaitForMultipleObjects
HeapSetInformation
DuplicateHandle
GetVolumeNameForVolumeMountPointW
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter

msvcrt

_exit
_cexit
exit
_initterm
_amsg_exit
__setusermatherr
_commode
_fmode
__set_app_type
_XcptFilter
memcpy
memcmp
__C_specific_handler
__wgetmainargs
wcsrchr
?terminate@@YAXXZ
malloc
memset
_vsnwprintf
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
free
swscanf
wcsncmp
_wcsicmp
localeconv
atoi
_vsnprintf

ntdll

RtlCaptureContext
NtFsControlFile
NtWaitForSingleObject
RtlVirtualUnwind
RtlLookupFunctionEntry
NtQueryVolumeInformationFile

user32

LoadStringW

ole32

CoUninitialize
ReleaseStgMedium
CoInitializeEx
CoTaskMemAlloc
CoCreateInstanceEx
CoCreateGuid
StringFromCLSID
CoTaskMemFree
CoRegisterClassObject

Sections

.text
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 176KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vmp1
Size: 540KB - Virtual size: 1.8MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

80c35ec2a04ea2ce13976b15b90633fa

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

ntdll

user32

ole32

Sections

.text Size: 47KB - Virtual size: 47KB

.data Size: 512B - Virtual size: 5KB

.pdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 176KB - Virtual size: 176KB

.reloc Size: 512B - Virtual size: 372B

.vmp1 Size: 540KB - Virtual size: 1.8MB

.text
Size: 47KB - Virtual size: 47KB

.data
Size: 512B - Virtual size: 5KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 176KB - Virtual size: 176KB

.reloc
Size: 512B - Virtual size: 372B

.vmp1
Size: 540KB - Virtual size: 1.8MB