880a93c9819bc1d94071e3d7fec4f1f01fed63bb1f8267eaacb3705648e4fec0

Sharing

Copy URL Twitter E-mail

General

Target

880a93c9819bc1d94071e3d7fec4f1f01fed63bb1f8267eaacb3705648e4fec0
Size

170KB
MD5

a31d96feea2e10ae3418e248fa27eea0
SHA1

0d0f45a22cff069e4cf215dc39f67033abd7217a
SHA256

880a93c9819bc1d94071e3d7fec4f1f01fed63bb1f8267eaacb3705648e4fec0
SHA512

02b2d884ef723468eaf2d70f81d1af15288843b70e5c9529da0df37dfed0fa800c71f0fff8c239dea864980cfa35041bcf9fed94ba55e8b064cd11eb204215ea
SSDEEP

3072:SMdKLYFshIxpIFnN2MSPWGdNOCEvIfxmjHHDXCnzF5Qn4/NPK2+ftF5:SMQLYFtAGhEKsjHL4xlPK7tF

Score

N/A

Malware Config

Signatures

Files

880a93c9819bc1d94071e3d7fec4f1f01fed63bb1f8267eaacb3705648e4fec0
.exe windows x86

1a16d1b3988c58f85caa16730bac4ae7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetUnhandledExceptionFilter
OutputDebugStringA
GetModuleHandleA
Sleep
InterlockedExchange
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
LoadLibraryW
GetProcAddress
FreeLibrary
FormatMessageW
GetStdHandle
GetFileType
GetConsoleMode
WriteConsoleW
GetConsoleOutputCP
WideCharToMultiByte
GetProcessHeap
HeapAlloc
WriteFile
HeapFree
GetModuleFileNameW
GetLastError
InterlockedCompareExchange
SetLastError
UnhandledExceptionFilter
LoadLibraryExW
QueryDosDeviceW
LocalFree
GetFileAttributesW
GetVolumeInformationW
GetVolumePathNameW
SetFileAttributesW
FindClose
FindNextFileW
FindFirstFileW
CreateFileW
GetCurrentThread
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetFileSizeEx
GetLocaleInfoW
DeviceIoControl
CopyFileExW
GetFullPathNameW
CreateDirectoryW
GetVersionExW
GetCurrentProcess
SearchPathW
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
LoadResource
FindResourceExW

msvcrt

bsearch
wcsstr
strncmp
wcsncmp
ungetc
_isatty
_write
_lseeki64
_fileno
_wcsnicmp
__pioinfo
__badioinfo
realloc
wcstombs
ferror
wctomb
_itoa
_snprintf
localeconv
isxdigit
isleadbyte
mbtowc
isdigit
calloc
fwprintf
fflush
_read
wcsrchr
_controlfp
?terminate@@YAXXZ
iswctype
free
malloc
memcpy
memset
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_iob
__mb_cur_max
wcschr
_vsnwprintf
_wcsupr
_wcslwr
_errno
_wsetlocale
_wcsicmp
wcstoul

imagehlp

CheckSumMappedFile

shlwapi

PathRemoveBackslashW

ntdll

NtAllocateUuids
NtOpenSymbolicLinkObject
NtQuerySymbolicLinkObject
RtlGetVersion
NtResetEvent
LdrGetDllHandle
RtlInitAnsiString
LdrGetProcedureAddress
NtDeleteKey
NtCreateFile
NtSaveKey
NtSetValueKey
NtQueryValueKey
NtDeleteValueKey
NtCreateKey
NtSetSecurityObject
RtlAllocateAndInitializeSid
RtlLengthSid
RtlCreateAcl
RtlAddAccessAllowedAceEx
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlLengthSecurityDescriptor
RtlSetOwnerSecurityDescriptor
NtOpenThreadToken
NtOpenProcessToken
NtAdjustPrivilegesToken
NtLoadKey
NtUnloadKey
NtQueryAttributesFile
NtQueryKey
NtEnumerateKey
NtOpenKey
RtlFreeUnicodeString
RtlStringFromGUID
RtlAllocateHeap
RtlFreeHeap
NtSetInformationFile
LdrFindResource_U
LdrAccessResource
NtQueryInformationFile
NtOpenProcess
NtQueryInformationProcess
NtSetInformationThread
NtOpenFile
NtCreateEvent
NtDeviceIoControlFile
NtWaitForSingleObject
NtQueryInformationThread
NtClose
NtQuerySystemInformation
RtlNtStatusToDosError
RtlCompareMemory
RtlUnwind
RtlInitUnicodeString
RtlGUIDFromString
RtlFreeSid

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

advapi32

LookupPrivilegeValueW
OpenThreadToken
SetNamedSecurityInfoW
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
GetSecurityDescriptorControl
ConvertStringSecurityDescriptorToSecurityDescriptorW
AdjustTokenPrivileges
ConvertSidToStringSidW
GetTokenInformation
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
OpenProcessToken

Sections

.text
Size: 129KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1a16d1b3988c58f85caa16730bac4ae7

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

imagehlp

shlwapi

ntdll

version

advapi32

Sections

.text Size: 129KB - Virtual size: 128KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 5KB - Virtual size: 4KB

.reloc Size: 34KB - Virtual size: 35KB

.text
Size: 129KB - Virtual size: 128KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 5KB - Virtual size: 4KB

.reloc
Size: 34KB - Virtual size: 35KB