579384b1c71bccf1b176c18b5a74667e8ece96ce1ac88066059550435cfaa506

Sharing

Copy URL Twitter E-mail

General

Target

579384b1c71bccf1b176c18b5a74667e8ece96ce1ac88066059550435cfaa506
Size

30KB
MD5

93e757f28c6e623693524193afaf2af0
SHA1

8ba6cc218f8c6cf22292ef548784173ba7756f98
SHA256

579384b1c71bccf1b176c18b5a74667e8ece96ce1ac88066059550435cfaa506
SHA512

936481ac6b8d203af0d6fa037347424c187289b6dd8d2aa1936ab0cb9bb4dbd10e5654c9d2c1abb62065e7407915f7dec43c7ae0353b5f4e0ce8bbb75ae5df69
SSDEEP

768:PK5Gdtyu+zBcpPpJ28Sd9zUk78Whm2o+v:C52Eu+zBcpRJ28Sd9bm2b

Score

N/A

Malware Config

Signatures

Files

579384b1c71bccf1b176c18b5a74667e8ece96ce1ac88066059550435cfaa506
.exe windows x86

b868db5768501446529f5be2dcf9261a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

HeapAlloc
Process32First
CreateToolhelp32Snapshot
LeaveCriticalSection
EnterCriticalSection
GetComputerNameA
SetEvent
Sleep
WaitForSingleObject
VirtualAlloc
MultiByteToWideChar
lstrlenW
GetLastError
SetLastError
DeleteFileW
CopyFileW
CreateDirectoryW
CreateEventA
VirtualFreeEx
WriteProcessMemory
VirtualAllocEx
IsBadReadPtr
ExitProcess
CreateRemoteThread
DuplicateHandle
CreateProcessW
lstrlenA
CreateThread
MapViewOfFile
CreateFileMappingA
InitializeCriticalSection
VirtualQuery
lstrcpyW
GetModuleFileNameW
lstrcatW
GetProcessHeap
TerminateProcess
OpenProcess
GetCurrentProcessId
CreateMutexA
GetCommandLineA
ReadProcessMemory
VirtualQueryEx
lstrcmpA
VirtualFree
WideCharToMultiByte
lstrcmpiA
WriteFile
CreateFileW
TerminateThread
ResumeThread
SuspendThread
HeapFree
lstrcatA
Process32Next
GetModuleHandleA
GetSystemInfo
GetVersionExA
LoadLibraryA
GetProcAddress
GetCurrentProcess
CloseHandle
lstrcpyA
GetProcessVersion
GetTickCount

user32

GetMessageA
TranslateMessage
DispatchMessageA
CreateWindowExA
RegisterClassExA
DefWindowProcA
GetSystemMetrics
wsprintfA
wsprintfW

advapi32

OpenProcessToken
AdjustTokenPrivileges
GetUserNameA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA
RegSetValueExW
RegOpenKeyExA
RegSetValueExA
RegNotifyChangeKeyValue
RegDeleteKeyA
LookupPrivilegeValueA

shell32

SHGetFolderPathW

ole32

CoCreateGuid

shlwapi

StrStrA
StrCmpNIA

wininet

HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetOpenA
InternetGetCookieA
InternetReadFile
InternetOpenUrlA
InternetCloseHandle

urlmon

ObtainUserAgentString

rpcrt4

UuidToStringA

Sections

.text
Size: 21KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 7KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b868db5768501446529f5be2dcf9261a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

shlwapi

wininet

urlmon

rpcrt4

Sections

.text Size: 21KB - Virtual size: 24KB

.data Size: 7KB - Virtual size: 10KB

.text
Size: 21KB - Virtual size: 24KB

.data
Size: 7KB - Virtual size: 10KB