8a2e8a70e926c9143c6688b88156133e4b389ee023ed14dea5109e50a088276d

Sharing

Copy URL Twitter E-mail

General

Target

8a2e8a70e926c9143c6688b88156133e4b389ee023ed14dea5109e50a088276d
Size

1.1MB
MD5

8396f1a01c3aa1ff9b2faa71066d3b50
SHA1

ecc19fb8343ddb7c88e29e96cb8cf317ed35ad2b
SHA256

8a2e8a70e926c9143c6688b88156133e4b389ee023ed14dea5109e50a088276d
SHA512

972f8969aae758d76420a10f5edb5c25ab1e5ddd23f28a8856bf71f48b017d44f6f3a910a0cf6be9dbdee67d9ce141dba9e49f1dca8fe7990f7e70d3b51944d1
SSDEEP

12288:kLE3a3egacWlUlqGH0nh2Sk6PtGCMEUSEQHwRBQYzKULjhiSAscV/GSq2xHx7Bly:kLE3a35iGMCLS+CypiIExHn7DpoGki

Score

N/A

Malware Config

Signatures

Files

8a2e8a70e926c9143c6688b88156133e4b389ee023ed14dea5109e50a088276d
.exe windows x64

15585cb74052b4739a900fcb332f06ea

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegOpenKeyExW
RegQueryValueExW
OpenProcessToken
AdjustTokenPrivileges
GetTokenInformation
RegCloseKey

kernel32

GetLastError
SetLastError
GetLocalTime
GetFileSizeEx
CopyFileW
WriteFile
FormatMessageW
GetStdHandle
GetConsoleScreenBufferInfo
GetFileType
GetComputerNameW
GetSystemDefaultUILanguage
MultiByteToWideChar
CompareStringW
WideCharToMultiByte
GetLocaleInfoW
GetUserPreferredUILanguages
SetConsoleCursorPosition
WriteConsoleW
GetConsoleMode
SetConsoleMode
ReadConsoleW
SetConsoleScreenBufferSize
SetFilePointer
GetCurrentProcess
GetSystemDirectoryW
LoadLibraryW
FreeLibrary
GetProcAddress
HeapSetInformation
DeleteFileW
GetCommandLineW
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
InitializeCriticalSection
SetConsoleCtrlHandler
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
CreateEventW
CreateThread
SetEvent
GetModuleHandleW
SetUnhandledExceptionFilter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
OutputDebugStringA
Sleep
lstrlenA
CreateFileW
CloseHandle
LocalFree
lstrlenW
GetCurrentThreadId
LocalAlloc
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
QueryPerformanceCounter

msvcrt

wcsncmp
fputws
fwprintf
fflush
fprintf
fseek
fclose
fread
free
_initterm
wctomb
wcstombs
fgets
fwrite
_wfopen
wcstoul
wcsstr
exit
_cexit
_exit
_XcptFilter
__C_specific_handler
__wgetmainargs
__CxxFrameHandler3
_fileno
_filelength
fgetws
_iob
_itow
_wtoi
_wsystem
memset
ceilf
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
??1type_info@@UEAA@XZ
__set_app_type
_fmode
_commode
__setusermatherr
feof
_amsg_exit
_wfreopen
_kbhit
_callnewh
_CxxThrowException
??0exception@@QEAA@AEBQEBDH@Z
towlower
_getch
swscanf
_wremove
_wcsnicmp
_vsnprintf
_wtol
wcstok
_wcsicmp
??0exception@@QEAA@XZ
memmove_s
??0exception@@QEAA@AEBQEBD@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
memcpy_s
??0exception@@QEAA@AEBV0@@Z
_vsnwprintf
_ltow
malloc
memcpy

ole32

CoUninitialize
CoInitializeEx
CoSetProxyBlanket
CoCreateInstanceEx
CoCreateInstance
CoInitializeSecurity

oleaut32

VariantChangeType
SafeArrayGetVartype
VariantCopy
SysStringByteLen
SafeArrayPutElement
SafeArrayCreate
SafeArrayDestroy
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayGetLBound
VariantClear
SysStringLen
SysAllocStringByteLen
VariantInit
SysFreeString
SysAllocString

user32

CloseClipboard
LoadStringW
OpenClipboard
EmptyClipboard
CharUpperW
SetClipboardData

framedynos

?Mid@CHString@@QEBA?AV1@H@Z
??4CHString@@QEAAAEBV0@AEBV0@@Z
?Left@CHString@@QEBA?AV1@H@Z
??H@YA?AVCHString@@AEBV0@PEBG@Z
??YCHString@@QEAAAEBV0@AEBV0@@Z
?Find@CHString@@QEBAHPEBG@Z
??0CHString@@QEAA@AEBV0@@Z
?GetBuffer@CHString@@QEAAPEAGH@Z
?FindOneOf@CHString@@QEBAHPEBG@Z
?TrimRight@CHString@@QEAAXXZ
?TrimLeft@CHString@@QEAAXXZ
?GetData@CHString@@IEBAPEAUCHStringData@@XZ
??YCHString@@QEAAAEBV0@PEBG@Z
?Empty@CHString@@QEAAXXZ
??0CHString@@QEAA@PEBD@Z
?Right@CHString@@QEBA?AV1@H@Z
??0CHString@@QEAA@PEBG@Z
?Format@CHString@@QEAAXPEBGZZ
??1CHString@@QEAA@XZ
??0CHString@@QEAA@XZ
??4CHString@@QEAAAEBV0@PEBG@Z

shlwapi

StrStrIW

ws2_32

WSACleanup
getaddrinfo
WSAStartup
freeaddrinfo

secur32

GetUserNameExW

iphlpapi

IcmpSendEcho
Icmp6CreateFile
Icmp6SendEcho2
IcmpCloseHandle
IcmpCreateFile

Sections

.text
Size: 450KB - Virtual size: 450KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 556KB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

15585cb74052b4739a900fcb332f06ea

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

ole32

oleaut32

user32

framedynos

shlwapi

ws2_32

secur32

iphlpapi

Sections

.text Size: 450KB - Virtual size: 450KB

.data Size: 1024B - Virtual size: 3KB

.pdata Size: 28KB - Virtual size: 27KB

.rsrc Size: 71KB - Virtual size: 71KB

.reloc Size: 556KB - Virtual size: 1.9MB

.text
Size: 450KB - Virtual size: 450KB

.data
Size: 1024B - Virtual size: 3KB

.pdata
Size: 28KB - Virtual size: 27KB

.rsrc
Size: 71KB - Virtual size: 71KB

.reloc
Size: 556KB - Virtual size: 1.9MB