945c8392b10b05daf6f90fd73ed3e8c0b9dd41582595179fa57c0989837f4bc3

Sharing

Copy URL Twitter E-mail

General

Target

945c8392b10b05daf6f90fd73ed3e8c0b9dd41582595179fa57c0989837f4bc3
Size

103KB
MD5

525a43af352435f260ae31e64b2e3670
SHA1

ee27022e326b65c5462bb4d3aeeb9ec34676504d
SHA256

945c8392b10b05daf6f90fd73ed3e8c0b9dd41582595179fa57c0989837f4bc3
SHA512

e9abc59340456544dd0d49a38a44fcaf2354636e337dc99255578e377e1cef9781d097323042ef80d92a630fff8e08a0ae3e16dd1df7b85f0c83e747c44efb78
SSDEEP

3072:cJEwi0Bd96Bn4TDKTpnTpj6Rux8VM0Xh+B:cJEwi0Bd96Bn43KTVpj6Rux8EB

Score

N/A

Malware Config

Signatures

Files

945c8392b10b05daf6f90fd73ed3e8c0b9dd41582595179fa57c0989837f4bc3
.exe windows x86

b92284996b58e51158ace38adf33ea37

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegQueryValueExW
RegCloseKey
RegConnectRegistryW
LookupAccountSidW
CloseServiceHandle
EnumServicesStatusExW
OpenSCManagerW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken

kernel32

InterlockedDecrement
CloseHandle
OpenProcess
TerminateProcess
GetExitCodeProcess
InterlockedIncrement
LocalAlloc
lstrlenW
FormatMessageW
WriteConsoleW
GetStdHandle
FreeLibrary
GetProcAddress
LoadLibraryW
GetSystemDirectoryW
GetCurrentProcessId
GetCurrentProcess
GetComputerNameExW
GetCurrentThreadId
ReadFile
ReadConsoleW
ExitProcess
GetConsoleOutputCP
HeapReAlloc
HeapFree
HeapSize
HeapAlloc
GetProcessHeap
HeapValidate
WideCharToMultiByte
MultiByteToWideChar
CompareStringA
GetThreadLocale
CompareStringW
lstrlenA
GetFileType
GetConsoleMode
VerSetConditionMask
VerifyVersionInfoW
SetThreadUILanguage
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
InterlockedCompareExchange
Sleep
InterlockedExchange
LocalFree
GetLastError
SetLastError
SetConsoleMode
GetModuleFileNameW

msvcrt

_get_osfhandle
wcsstr
_fileno
_vsnwprintf
fflush
wcstod
wcstol
wcstok
_controlfp
_except_handler4_common
?terminate@@YAXXZ
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_CxxThrowException
wcstoul
_errno
wcschr
_wtoi64
memcpy
_wcsicmp
wcsrchr
??2@YAPAXI@Z
free
_wcsdup
__iob_func
??3@YAXPAX@Z
memset
__CxxFrameHandler3
fprintf
_memicmp

ntdll

RtlLargeIntegerToChar
RtlTimeToElapsedTimeFields

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

user32

IsHungAppWindow
GetWindow
FindWindowExW
GetWindowThreadProcessId
GetWindowLongW
CharUpperW
LoadStringW
wsprintfW
PostMessageW
EnumWindowStationsW
GetProcessWindowStation
OpenWindowStationW
SetProcessWindowStation
CloseWindowStation
EnumDesktopsW
GetThreadDesktop
OpenDesktopW
SetThreadDesktop
CloseDesktop
EnumWindows
GetWindowTextW

mpr

WNetGetLastErrorW
WNetCancelConnection2W
WNetAddConnection2W

ole32

CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoInitializeSecurity
CoInitializeEx
CoUninitialize

oleaut32

VariantChangeType
SysAllocStringByteLen
SysAllocString
VariantCopy
SysStringLen
VariantClear
VariantInit
SysFreeString

secur32

GetUserNameExW

ws2_32

WSAGetLastError
WSAStartup
GetNameInfoW
WSACleanup
FreeAddrInfoW
GetAddrInfoW

framedynos

??4CHString@@QAEABV0@ABV0@@Z
??4CHString@@QAEABV0@PBG@Z
?ReleaseBuffer@CHString@@QAEXH@Z
?GetBufferSetLength@CHString@@QAEPAGH@Z
?GetBuffer@CHString@@QAEPAGH@Z
??4CHString@@QAEABV0@PBD@Z
?GetData@CHString@@IBEPAUCHStringData@@XZ
?Left@CHString@@QBE?AV1@H@Z
?Find@CHString@@QBEHG@Z
?FindOneOf@CHString@@QBEHPBG@Z
?Compare@CHString@@QBEHPBG@Z
?Empty@CHString@@QAEXXZ
?Mid@CHString@@QBE?AV1@HH@Z
?Find@CHString@@QBEHPBG@Z
??YCHString@@QAEABV0@PBG@Z
??0CHString@@QAE@XZ
?Format@CHString@@QAAXPBGZZ
??YCHString@@QAEABV0@ABV0@@Z
??1CHString@@QAE@XZ
?Mid@CHString@@QBE?AV1@H@Z

netapi32

NetApiBufferFree
NetServerGetInfo

dbghelp

EnumerateLoadedModulesW64

shlwapi

StrChrW
StrChrIW
StrStrW
StrStrIW

Sections

.text
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b92284996b58e51158ace38adf33ea37

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

ntdll

version

user32

mpr

ole32

oleaut32

secur32

ws2_32

framedynos

netapi32

dbghelp

shlwapi

Sections

.text Size: 68KB - Virtual size: 68KB

.data Size: 1KB - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 30KB - Virtual size: 31KB

.text
Size: 68KB - Virtual size: 68KB

.data
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 30KB - Virtual size: 31KB