aa9151ff49b72edce7aea268b3fa03a89c130595e6f3fcd7b74a12c0de3a3f20

General

Target

aa9151ff49b72edce7aea268b3fa03a89c130595e6f3fcd7b74a12c0de3a3f20
Size

221KB
MD5

935d522549d591dc5d8271976fcc6e56
SHA1

18d72091a9eb58dba37541518b9f2a4567c22d18
SHA256

aa9151ff49b72edce7aea268b3fa03a89c130595e6f3fcd7b74a12c0de3a3f20
SHA512

0bacca9bdb915376f1fe70f9cc562509d434ff2e99c1a09a28894f51abb08855c1d223553b4924bbc7bec168fc4fba11dd214ee7a282dc48ee37f410e779e1c1
SSDEEP

6144:FTz+TKO1zLxISNdjFpUoQwqaxGloNOLUqpNKOHB:h+TD1LxISNbCwqaQlyOLbNK6

Score

N/A

Malware Config

Signatures

Files

aa9151ff49b72edce7aea268b3fa03a89c130595e6f3fcd7b74a12c0de3a3f20
.exe windows x86

12f17f41a1f092e05548d65a3b996025

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

NtQuerySystemInformation
ZwCreateEvent
NtCreateSection
ZwQueryInformationThread

kernel32

WriteConsoleA
GetLocaleInfoA
CreateFileMappingA
FreeEnvironmentStringsA
InitializeCriticalSection
GetModuleHandleW
GetCurrentProcess
GetVersion
SearchPathA
GetProcessHeap
HeapReAlloc
ExitProcess
CreateEventA
MapViewOfFileEx
SleepEx
CreateFileMappingA
GetEnvironmentVariableA
GetCurrentThread
GlobalFree
GetCommandLineA
UnhandledExceptionFilter
TlsGetValue
CompareStringA
SetUnhandledExceptionFilter
GetCommandLineA
GetTimeFormatA
lstrcatA
QueryPerformanceCounter
VirtualFree
HeapSize
InitializeCriticalSectionAndSpinCount
GetDateFormatA
WaitForSingleObject
GetFileType
GetModuleFileNameA
OpenMutexA
GetSystemTimeAsFileTime
DeleteFileA
GetSystemDirectoryA
ExitThread
CreateThread
UnmapViewOfFile
CreateFileA
SetHandleCount
RaiseException
CloseHandle
EnterCriticalSection
GetCurrentProcessId
GetFullPathNameA
GetTickCount
IsValidLocale
ReadFile
GetEnvironmentStrings
WriteFileEx
SetProcessAffinityMask
MapViewOfFile
FormatMessageA
FreeLibrary
GlobalUnlock
TlsFree
FreeEnvironmentStringsW
HeapCreate
FindFirstFileA
LocalAlloc
GetConsoleCP
IsValidCodePage
GetLocaleInfoW
lstrcpynA
LoadLibraryA
GetOEMCP
HeapAlloc
GlobalLock
WaitForMultipleObjects
RtlUnwind
CreateMutexA
LeaveCriticalSection
GlobalMemoryStatus
SetEnvironmentVariableA
ResetEvent
GetCPInfo
LCMapStringA
lstrcpyA
FlushFileBuffers
GetProcAddress
TlsSetValue
WriteFile
WideCharToMultiByte
CompareStringW
GetCurrentThreadId
IsDebuggerPresent
FindClose

Sections

.text
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

12f17f41a1f092e05548d65a3b996025

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

Sections

.text Size: 164KB - Virtual size: 164KB

.data Size: 53KB - Virtual size: 52KB

.rsrc Size: 2KB - Virtual size: 4KB

.text
Size: 164KB - Virtual size: 164KB

.data
Size: 53KB - Virtual size: 52KB

.rsrc
Size: 2KB - Virtual size: 4KB