b938dcb0b627be817eb3d217cfb076193a90c3e31fe36ee35e9262caf677beed

Sharing

Copy URL Twitter E-mail

General

Target

b938dcb0b627be817eb3d217cfb076193a90c3e31fe36ee35e9262caf677beed
Size

70KB
MD5

84cc44498a31f64971c4972181fe0950
SHA1

d9bcd407b705bbe3908a01e6009480cdd5ce20c3
SHA256

b938dcb0b627be817eb3d217cfb076193a90c3e31fe36ee35e9262caf677beed
SHA512

97efe18a7d715d0aaae6db63e3ccd7c3ac60fe4bfb62be375e74d1d2b305adb174ea77d1b2ef6201fc542a19829a52e2313ea9786164b38df6913f5d67fedc4a
SSDEEP

1536:DrEeUIUONzShS+OduPtiwVI6UksZuqgqraOGZFU:HEeUILNGEddu0P6+Zzg8at

Score

N/A

Malware Config

Signatures

Files

b938dcb0b627be817eb3d217cfb076193a90c3e31fe36ee35e9262caf677beed
.exe windows x86

4ca62241e8bf6c63434d71087c1b9334

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyW
RegCreateKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegDeleteKeyW
RegDeleteValueW
IsTextUnicode
RegGetKeySecurity
RegConnectRegistryW
RegEnumKeyExW
RegSetKeySecurity

kernel32

GetConsoleScreenBufferInfo
SetConsoleCtrlHandler
GetFileSize
ReadFile
GetFileTime
VirtualFree
CreateFileW
CopyFileW
CloseHandle
MultiByteToWideChar
SetLastError
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
OutputDebugStringA
InterlockedCompareExchange
Sleep
InterlockedExchange
VirtualAlloc
GetProcessHeap
HeapFree
HeapAlloc
GetLastError
GetStdHandle

msvcrt

iswctype
?terminate@@YAXXZ
_controlfp
_fileno
_isatty
wcstoul
atoi
_stricmp
memmove
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
_XcptFilter
_exit
_cexit
__getmainargs
wcschr
_vsnwprintf
_errno
exit
tolower
memset
_iob
_wcsnicmp
_wcsicmp
vfprintf

ntdll

RtlUnwind
RtlCompareMemory
RtlAdjustPrivilege
NtLoadKey
NtUnloadKey
NtOpenKey
RtlInitUnicodeString
RtlDosPathNameToNtPathName_U
RtlSetDaclSecurityDescriptor
RtlNtStatusToDosError
RtlCreateSecurityDescriptor
NtClose
NtFlushKey
RtlFreeUnicodeString
RtlFormatCurrentUserKeyPath
RtlCopySid
RtlAllocateHeap
RtlLengthSid
RtlAddAce
RtlFreeHeap
RtlCreateAcl
RtlGetDaclSecurityDescriptor
RtlSubAuthoritySid
RtlInitializeSid
RtlLengthRequiredSid
RtlEqualSid
RtlGetAce

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4ca62241e8bf6c63434d71087c1b9334

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

ntdll

Sections

.text Size: 35KB - Virtual size: 34KB

.data Size: 2KB - Virtual size: 4KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 30KB - Virtual size: 31KB

.text
Size: 35KB - Virtual size: 34KB

.data
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 30KB - Virtual size: 31KB