1eccd6471a9542f7484fa2bb70c55b90360bdc15ddea22ebc44b4cd742b57702

Sharing

Copy URL Twitter E-mail

General

Target

1eccd6471a9542f7484fa2bb70c55b90360bdc15ddea22ebc44b4cd742b57702
Size

715KB
MD5

a2c47644e242a374b737792fade28500
SHA1

29aedee7d926f21be7a10ff4c63fd63640ad9f49
SHA256

1eccd6471a9542f7484fa2bb70c55b90360bdc15ddea22ebc44b4cd742b57702
SHA512

f3d6e520d885aec8155874d0685879d90a6c2f291eeff9269ec5278999e4adbcb1ffdf63d29c0bab1e594cf76f02235c61442f51c9efe51386d8ad612db4496a
SSDEEP

12288:tABWa17f5hq4hbMvHIPI+HT5hJnOvyntWobrqKm6qPdsSDQUNC:Kfnq4tMvHIPIW5znO8FrqLX

Score

N/A

Malware Config

Signatures

Files

1eccd6471a9542f7484fa2bb70c55b90360bdc15ddea22ebc44b4cd742b57702
.exe windows x86

cef286b707b776035785d8eb29f799f7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

InitializeAcl
SetNamedSecurityInfoW
SetSecurityDescriptorOwner
InitializeSid
GetSecurityDescriptorOwner
GetSidLengthRequired
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
InitializeSecurityDescriptor
GetAce
GetSecurityDescriptorGroup
GetAclInformation
MakeAbsoluteSD
GetTokenInformation
OpenProcessToken
GetSidSubAuthority
GetSecurityDescriptorSacl
GetLengthSid
GetSecurityDescriptorDacl
MakeSelfRelativeSD
CopySid
GetSecurityDescriptorControl
EqualSid
IsValidSid
GetSecurityDescriptorLength
AddAce
OpenThreadToken
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegQueryValueExW
ConvertSidToStringSidW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetTraceLoggerHandle
GetTraceEnableFlags
GetTraceEnableLevel
RegisterTraceGuidsW
UnregisterTraceGuids
TraceEvent

kernel32

TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetCurrentThread
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
FreeLibrary
InterlockedExchange
LoadLibraryA
InitializeCriticalSection
Sleep
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
HeapSize
GetLocaleInfoA
WideCharToMultiByte
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
ReleaseMutex
GetEnvironmentVariableW
WaitForSingleObject
DuplicateHandle
CreateDirectoryW
RaiseException
DeleteFileW
FindResourceW
CloseHandle
DeleteCriticalSection
SizeofResource
lstrlenW
LockResource
LoadResource
FindResourceExW
WaitForMultipleObjects
lstrcmpiW
GetModuleHandleW
LocalFree
LoadLibraryW
CreateFileW
DeviceIoControl
GetPrivateProfileStringW
SetProcessWorkingSetSize
OpenProcess
CreateProcessW
CreateEventW
ResetEvent
lstrcmpW
GetFileAttributesExW
TlsAlloc
GetLocalTime
SetFilePointer
OutputDebugStringA
GetPrivateProfileIntW
OutputDebugStringW
MoveFileExW
GetFileTime
FlushFileBuffers
ReadFile
VerSetConditionMask
VerifyVersionInfoW
GetVersionExW
VirtualQuery
GetTempPathW
CreateMutexW
TryEnterCriticalSection
SetEvent
InterlockedCompareExchange
ReadProcessMemory
GetThreadLocale
lstrcpynW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
CreateThread
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
MultiByteToWideChar
FreeEnvironmentStringsA
GetModuleFileNameW
WaitNamedPipeW
TransactNamedPipe
SetNamedPipeHandleState
CreateSemaphoreW
GetProcessId
VirtualQueryEx
RtlCaptureContext
ReleaseSemaphore
GetModuleFileNameA
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleA
GetProcAddress
SetUnhandledExceptionFilter
GetLastError
GetStartupInfoW
GetProcessHeap
HeapAlloc
GetVersionExA
TlsGetValue
GetUserDefaultLangID
GetSystemDefaultLangID
WritePrivateProfileStringW
GetComputerNameExW
GetOverlappedResult
ConnectNamedPipe
CreateNamedPipeW
DisconnectNamedPipe
UnregisterWait
GetProcessTimes
UnregisterWaitEx
RegisterWaitForSingleObject
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
GetSystemInfo
VirtualProtect
HeapFree
RemoveDirectoryW

ole32

StringFromGUID2
CoCreateGuid

shell32

SHGetFolderPathW

user32

CloseClipboard
SetClipboardData
EnumWindows
IsWindowVisible
GetWindowThreadProcessId
MessageBoxW
wsprintfW
CharUpperW
CharLowerW
wvsprintfW
DispatchMessageW
OpenClipboard
UnregisterClassA
GetMessageW
PeekMessageW
PostThreadMessageW
EmptyClipboard

netapi32

NetApiBufferFree
NetWkstaGetInfo

shlwapi

PathStripPathW
SHQueryValueExW
PathRemoveFileSpecW
PathRemoveExtensionW
PathIsRelativeW
PathAppendW
PathCanonicalizeW

userenv

UnloadUserProfile

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 142KB - Virtual size: 142KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vmp0
Size: 508KB - Virtual size: 1.6MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

cef286b707b776035785d8eb29f799f7

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

ole32

shell32

user32

netapi32

shlwapi

userenv

version

Sections

.text Size: 142KB - Virtual size: 142KB

.rdata Size: 30KB - Virtual size: 29KB

.data Size: 6KB - Virtual size: 17KB

.rsrc Size: 12KB - Virtual size: 12KB

.reloc Size: 15KB - Virtual size: 14KB

.vmp0 Size: 508KB - Virtual size: 1.6MB

.text
Size: 142KB - Virtual size: 142KB

.rdata
Size: 30KB - Virtual size: 29KB

.data
Size: 6KB - Virtual size: 17KB

.rsrc
Size: 12KB - Virtual size: 12KB

.reloc
Size: 15KB - Virtual size: 14KB

.vmp0
Size: 508KB - Virtual size: 1.6MB