0061ab8ac237d05c5f19c320901d8d590e244856af41da3910bf1bcce8e1b768

Sharing

Copy URL

Twitter E-mail

General

Target

0061ab8ac237d05c5f19c320901d8d590e244856af41da3910bf1bcce8e1b768
Size

208KB
MD5

a2b63c4ee9d393d81106c0e155fe46c0
SHA1

843a8999feab2a71c627fb95a2c0a720cb6f42fc
SHA256

0061ab8ac237d05c5f19c320901d8d590e244856af41da3910bf1bcce8e1b768
SHA512

ed4cc79767543322b51ff80684e8d92b3fc65328007e923cbaca370bd51fa3a993a75de2dcb5894239a3d6306cd11958417941f21c6050eb08bc2d42ee902083
SSDEEP

3072:oGTiapwPDCZWpQQ/ye6MqInJM1SVKfeZDY9JKwxls7QTOuIH4G/ymwiOwayKdlpo:o7V/yXRI4eZDY9JOPH4mIfdlpXWv

Score

N/A

Malware Config

Signatures

Files

0061ab8ac237d05c5f19c320901d8d590e244856af41da3910bf1bcce8e1b768
.exe windows x86

85eeda1139037fe0ba54896b7ad8b977

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
SetUnhandledExceptionFilter
GetCPInfo
GetOEMCP
LoadLibraryA
LCMapStringA
LCMapStringW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
DeleteTimerQueueTimer
CreateTimerQueueTimer
lstrcmpW
DuplicateHandle
GetProcAddress
LoadLibraryW
GetCurrentThread
CreateThread
lstrcpyW
GetCurrentProcessId
CloseHandle
GetCurrentThreadId
GetVersionExA
lstrcatW
lstrcmpiW
SetProcessWorkingSetSize
CreateEventW
LockResource
GetThreadLocale
GetLastError
InterlockedExchange
RaiseException
GetTempPathW
lstrlenW
MultiByteToWideChar
GetACP
GetModuleFileNameW
lstrcpynW
GetVersionExW
SizeofResource
Sleep
OpenProcess
InitializeCriticalSection
GetModuleHandleW
SetEvent
WaitForSingleObject
GetCommandLineW
GetCurrentProcess
InterlockedDecrement
InterlockedIncrement
LoadLibraryExW
LoadResource
FreeLibrary
FindResourceW
FindResourceExW
GetLocaleInfoA
DeleteTimerQueueEx
CreateTimerQueue
GetTempFileNameW
GetStdHandle
GetStringTypeW
GetStringTypeA
IsBadWritePtr
VirtualFree
HeapDestroy
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
DeleteCriticalSection
FreeEnvironmentStringsW
HeapCreate
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
RtlUnwind
GetStartupInfoW
GetModuleHandleA
GetSystemInfo
VirtualAlloc
VirtualProtect
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
SetLastError
FindFirstFileW
DeleteFileW
FindNextFileW
GetFileAttributesW
RemoveDirectoryW
GetTickCount
GetExitCodeProcess
FindClose
ResetEvent
CreateFileW
CreateProcessW
CreateMutexW
ReleaseMutex
EnterCriticalSection
LeaveCriticalSection
InterlockedCompareExchange
QueryPerformanceFrequency
QueryPerformanceCounter
VirtualQuery
GetFileAttributesExW
CopyFileW
MoveFileExW
FlushFileBuffers
SetFilePointer
WriteFile
GetSystemTimeAsFileTime
CompareFileTime
FileTimeToSystemTime
WideCharToMultiByte
GetSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
GetDateFormatW
GetTimeFormatW
ExitProcess
TerminateProcess
HeapAlloc

user32

SetTimer
CharLowerW
GetMessageW
CharNextW
wvsprintfW
KillTimer
TranslateMessage
LoadStringW
PostThreadMessageW
DispatchMessageW

ole32

CoRegisterClassObject
CoRevertToSelf
CoImpersonateClient
CoInitialize
CoRevokeClassObject
CoInitializeSecurity
StringFromGUID2
CoTaskMemRealloc
CoUninitialize
CoTaskMemAlloc
CoTaskMemFree
CoCreateGuid
CoCreateInstance

oleaut32

RegisterTypeLi
SysAllocString
LoadTypeLi
UnRegisterTypeLi
SysFreeString
VarUI4FromStr

advapi32

AllocateAndInitializeSid
FreeSid
CheckTokenMembership
OpenThreadToken
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
RegSetValueExW
RegCloseKey
RegEnumKeyExW
ControlService
GetLengthSid
ReportEventW
RegisterServiceCtrlHandlerW
MakeSelfRelativeSD
GetSecurityDescriptorSacl
AddAce
InitializeSid
GetSidLengthRequired
RegOpenKeyExW
IsValidSid
GetSecurityDescriptorOwner
SetSecurityDescriptorOwner
SetServiceStatus
InitializeAcl
ChangeServiceConfigW
MakeAbsoluteSD
RegDeleteValueW
QueryServiceStatus
StartServiceW
ChangeServiceConfig2W
GetSecurityDescriptorLength
SetSecurityDescriptorDacl
RegDeleteKeyW
InitializeSecurityDescriptor
DeregisterEventSource
RegQueryInfoKeyW
RegQueryValueExW
GetSecurityDescriptorControl
RegCreateKeyExW
CopySid
GetAclInformation
OpenServiceW
SetSecurityDescriptorGroup
SetSecurityDescriptorControl
StartServiceCtrlDispatcherW
OpenSCManagerW
DeleteService
GetSidSubAuthority
CloseServiceHandle
RegisterEventSourceW
CreateServiceW

shlwapi

StrRetToStrW
SHQueryValueExW
PathFindExtensionW

crypt32

CertEnumCertificatesInStore
CryptQueryObject
CertNameToStrW
CertFreeCertificateContext
CertDuplicateCertificateContext
CertCloseStore

shell32

SHFileOperationW
SHGetFolderLocation
SHCreateDirectoryExW
SHGetDesktopFolder

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

wintrust

WinVerifyTrust

Sections

.text
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 82KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

85eeda1139037fe0ba54896b7ad8b977

Headers

File Characteristics

Imports

kernel32

user32

ole32

oleaut32

advapi32

shlwapi

crypt32

shell32

version

wintrust

Sections

.text Size: 94KB - Virtual size: 93KB

.rdata Size: 20KB - Virtual size: 20KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 82KB - Virtual size: 84KB

.text
Size: 94KB - Virtual size: 93KB

.rdata
Size: 20KB - Virtual size: 20KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 82KB - Virtual size: 84KB