9c20e83cee6717d6e553c3032a34d13981b93296282392789ca8c8f319e69973

Sharing

Copy URL

Twitter E-mail

General

Target

9c20e83cee6717d6e553c3032a34d13981b93296282392789ca8c8f319e69973
Size

239KB
MD5

83b006b21b21f290092c212442161b90
SHA1

e5617d7d3c3da9a5a61aa665bdfe95e82beb1607
SHA256

9c20e83cee6717d6e553c3032a34d13981b93296282392789ca8c8f319e69973
SHA512

0cdf4b9cbca0f89f044015d402bf78cb013c0a7f14143a789c321d42a28adb1e45ae405b5df105a760fda326bccb7ddd1523a38f267cd5561832feb343ae4d4d
SSDEEP

6144:k1FmuIfi1VMhNyCWkKl+ZJU0SLrxB6lAI0UN1OH6DpX83VaX:kyuIfi1MyCWkKl+rTGrxB6WIpOH

Score

N/A

Malware Config

Signatures

Files

9c20e83cee6717d6e553c3032a34d13981b93296282392789ca8c8f319e69973
.exe windows x86

1325abba33f337332a80d3d29874eb3b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

TraceMessage
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
MD5Init
MD5Update
MD5Final
EqualSid
RegisterWaitChainCOMCallback
OpenThreadWaitChainSession
GetThreadWaitChain
CloseThreadWaitChainSession
StartTraceW
EnableTrace
FlushTraceW
StopTraceW
GetTokenInformation
RegGetValueW
DuplicateToken
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegOpenKeyW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegisterEventSourceW
ReportEventW
DeregisterEventSource
OpenSCManagerW
OpenServiceW
QueryServiceConfigW
CloseServiceHandle
RegQueryValueExW
RegEnumValueW
CreateProcessAsUserW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteKeyW
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
RegCloseKey
OpenProcessToken

kernel32

GetLastError
GetVersionExW
WTSGetActiveConsoleSessionId
SetThreadPriority
GetThreadPriority
GetCurrentThread
CreateMutexW
ReleaseMutex
WaitForSingleObject
CreateProcessW
GetModuleFileNameW
DeleteFileW
FileTimeToSystemTime
WriteFile
GetFileAttributesExW
FindClose
FindNextFileW
FindFirstFileW
GetSystemDirectoryW
CreateFileW
GetSystemDefaultLangID
GetProductInfo
GetSystemInfo
ReadFile
GetLocalTime
CreateDirectoryW
SetPriorityClass
LocalFree
OpenProcess
GetFileAttributesW
ReadProcessMemory
LoadLibraryW
DuplicateHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
SystemTimeToFileTime
GetSystemTime
GetProcessTimes
Module32FirstW
CreateToolhelp32Snapshot
GetProcessId
OpenFileMappingW
CreateThread
lstrlenW
MultiByteToWideChar
lstrlenA
GetWindowsDirectoryW
GetSystemWow64DirectoryW
GetModuleHandleW
CompareStringW
GetFileSize
ExpandEnvironmentStringsW
RemoveDirectoryW
GetLongPathNameW
GetTempPathW
SetLastError
CheckRemoteDebuggerPresent
IsWow64Process
VirtualQuery
SetEvent
GetPriorityClass
SetEnvironmentVariableW
InitializeCriticalSection
LeaveCriticalSection
SetThreadpoolWait
EnterCriticalSection
CloseThreadpoolWait
WaitForThreadpoolWaitCallbacks
DeleteCriticalSection
CreateThreadpoolWait
InitializeConditionVariable
WakeConditionVariable
GlobalFree
GetStringTypeExW
SleepConditionVariableCS
Process32NextW
Process32FirstW
SearchPathW
CreateEventW
GetProcessIoCounters
GetThreadTimes
GetFileSizeEx
GetExitCodeProcess
FormatMessageW
GetThreadId
OpenThread
Thread32Next
Thread32First
VirtualQueryEx
GetThreadContext
Module32NextW
GetProcessIdOfThread
LCMapStringW
OutputDebugStringA
OpenEventW
GlobalMemoryStatus
QueryDosDeviceW
GetLogicalDriveStringsW
GetDriveTypeW
FindNextFileNameW
FindFirstFileNameW
GetCommandLineW
CloseHandle
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
Sleep
InterlockedExchange
DelayLoadFailureHook
HeapSetInformation
GetTempFileNameW
OpenMutexW
LoadLibraryA
FreeLibrary
GetProcAddress
SetErrorMode
InterlockedCompareExchange

user32

SetForegroundWindow
SendMessageW
IsWindowEnabled
GetClassNameW
RegisterWindowMessageW
ChangeWindowMessageFilter
CheckWindowThreadDesktop
RegisterErrorReportingDialog
GetWindowThreadProcessId
IsWindow
CloseDesktop
CloseWindowStation
GetUserObjectInformationW
GetThreadDesktop
GetProcessWindowStation
LoadStringW
GetWindow
IsHungAppWindow

msvcrt

exit
_vsnwprintf
__CxxFrameHandler3
wcschr
_wcsicmp
memset
??3@YAXPAX@Z
??2@YAPAXI@Z
wcsrchr
_wtoi
_wtoi64
_wcsnicmp
_vscwprintf
memmove
iswspace
wcspbrk
_CxxThrowException
memcpy
_wcstoui64
wcsstr
_purecall
rand
srand
_XcptFilter
_vsnprintf
wcsncmp
_wtol
tolower
towlower
??1type_info@@UAE@XZ
_initterm
_amsg_exit
__setusermatherr
_onexit
_lock
__dllonexit
_unlock
_controlfp
_except_handler4_common
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
_exit
_cexit
time
__wgetmainargs

ntdll

NtQuerySystemInformation
RtlFreeHeap
RtlAllocateHeap
NtSetSystemInformation
RtlAdjustPrivilege
NtOpenProcessToken
NtSystemDebugControl
RtlNtStatusToDosError
RtlCompareMemory
RtlUpcaseUnicodeChar
ShipAssert
WinSqmEndSession
WinSqmStartSession
WinSqmEventEnabled
WinSqmEventWrite
NtQueryInformationProcess
RtlInitUnicodeString
RtlAllocateAndInitializeSid
NtAlpcConnectPort
NtAlpcSendWaitReceivePort
RtlFreeSid
NtClose
NtQueryInformationToken
DbgPrint
NtQueryInformationThread
NtOpenThreadToken

ole32

CLSIDFromString
ProgIDFromCLSID
CoCreateGuid
CoUninitialize
CoGetCallState
CoGetActivationState
CoGetObject
StringFromGUID2
CoSetProxyBlanket
CoInitializeEx
CoTaskMemFree

oleaut32

SysAllocString
SysFreeString

shlwapi

StrToInt64ExW
StrToIntExW

imm32

ImmDisableIME

ncrypt

BCryptCreateHash
BCryptFinishHash
BCryptHashData
BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider
BCryptDestroyHash
BCryptGetProperty

wer

WerReportSetParameter
WerpSetReportFlags
WerpSetDynamicParameter
WerpSetEventName
WerpAddAppCompatData
WerpIsTransportAvailable
WerReportAddDump
WerpReportCancel
WerReportCreate
WerpGetReportConsent
WerpSetCallBack
WerReportAddFile
WerReportSetUIOption
WerReportSubmit
WerReportCloseHandle
WerpAddFile
WerpPromtUser
WerpAddSecondaryParameter
WerpGetReportFlags

faultrep

WerpInitiateCrashReporting
UpdatePerUserLastCrossProcessCollectionTime
CheckPerUserCrossProcessThrottle

Sections

.text
Size: 188KB - Virtual size: 188KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

qhcyivp
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1325abba33f337332a80d3d29874eb3b

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

msvcrt

ntdll

ole32

oleaut32

shlwapi

imm32

ncrypt

wer

faultrep

Sections

.text Size: 188KB - Virtual size: 188KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 5KB - Virtual size: 5KB

.reloc Size: 42KB - Virtual size: 43KB

qhcyivp Size: - Virtual size: 4KB

.text
Size: 188KB - Virtual size: 188KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 5KB - Virtual size: 5KB

.reloc
Size: 42KB - Virtual size: 43KB

qhcyivp
Size: - Virtual size: 4KB