0fecfc3b6efa7e8756edf4d8d118415e516815b282c7f3665ee59e80bf906494

Sharing

Copy URL Twitter E-mail

General

Target

0fecfc3b6efa7e8756edf4d8d118415e516815b282c7f3665ee59e80bf906494
Size

33KB
MD5

9328ddbc19e6e028f75229b83e52bb20
SHA1

bef15bdb2c3ab95ea87517000d0d51375f45830f
SHA256

0fecfc3b6efa7e8756edf4d8d118415e516815b282c7f3665ee59e80bf906494
SHA512

2053f567da3a0926b6efe18df59de20f201e181f29999cd2a5a7b8b87ee97b1f94fb2fd344765de2131e43ee4994e99f3fe82e9123828c57c9d90a821973cdbb
SSDEEP

768:1OtAiY9ZNyUCnMtBljsLQZSnSMHuPuwoiW:1OA9ZFRljanFuCiW

Score

N/A

Malware Config

Signatures

Files

0fecfc3b6efa7e8756edf4d8d118415e516815b282c7f3665ee59e80bf906494
.dll windows x86

f9a5f65df40f207485c1d017028d257a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__dllonexit
_unlock
??1type_info@@UAE@XZ
_amsg_exit
_onexit
_lock
?terminate@@YAXXZ
_initterm
free
malloc
_XcptFilter
_except_handler4_common
_CxxThrowException
memset
memcpy
rand
_wcsicmp
__CxxFrameHandler3

ntdll

RtlAcquireSRWLockExclusive
EtwEventUnregister
EtwEventRegister
TpWaitForWait
TpSetWait
TpReleaseWait
TpWaitForTimer
NtSetEvent
TpReleaseTimer
NtOpenEvent
RtlReleaseSRWLockExclusive
EtwEventWrite
RtlReleaseSRWLockShared
RtlAcquireSRWLockShared
RtlInitializeSRWLock
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
NtMapViewOfSection
NtOpenSection

api-ms-win-core-localregistry-l1-1-0

RegDeleteKeyExW
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
RegQueryValueExW

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId
TerminateProcess

oleaut32

SysAllocString
SysStringLen
SysFreeString

ole32

CoCreateInstance
CoInitializeEx
CoUninitialize

shlwapi

PathAppendW

kernel32

FindCloseChangeNotification
CloseHandle
GetTickCount
DisableThreadLibraryCalls
InterlockedDecrement
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
QueryPerformanceCounter
LoadLibraryExA
InterlockedCompareExchange
DelayLoadFailureHook
LocalAlloc
Sleep
GetSystemDirectoryW
LoadLibraryW
GetProcAddress
FreeLibrary
InterlockedExchange
InterlockedIncrement
InterlockedExchangeAdd
GetLastError
GetModuleFileNameW
LocalFree
MulDiv

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f9a5f65df40f207485c1d017028d257a

Headers

File Characteristics

Imports

msvcrt

ntdll

api-ms-win-core-localregistry-l1-1-0

api-ms-win-core-processthreads-l1-1-0

oleaut32

ole32

shlwapi

kernel32

Sections

.text Size: 24KB - Virtual size: 23KB

.data Size: 512B - Virtual size: 1024B

.rsrc Size: 5KB - Virtual size: 4KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 24KB - Virtual size: 23KB

.data
Size: 512B - Virtual size: 1024B

.rsrc
Size: 5KB - Virtual size: 4KB

.reloc
Size: 2KB - Virtual size: 2KB