a5f8836e8f5592c7d8841670b52462d2ca6a72986974498ecf3b3fad6848cd38

Sharing

Copy URL Twitter E-mail

General

Target

a5f8836e8f5592c7d8841670b52462d2ca6a72986974498ecf3b3fad6848cd38
Size

669KB
MD5

82c79bd602ebf43427a572c8c3417d90
SHA1

f35c7d105ca6b28a2ec93a2c22d0fae4f9f81bd2
SHA256

a5f8836e8f5592c7d8841670b52462d2ca6a72986974498ecf3b3fad6848cd38
SHA512

95f90bbae44f6a9980871e11a086d779da74ac814de01b7a99f4c1d3d667c13ec470ec66b545ba3a34a403e8ecef2b8027f69ee97d0f75bb810615fe3bd90890
SSDEEP

12288:QCLjKvNH4CUGrSkxjizQqp2AGmm6H+CUNRhitOso4WphDTv1:vLjKvNH4hGrbOzQBAGLw+nNRhitDOph9

Score

N/A

Malware Config

Signatures

Files

a5f8836e8f5592c7d8841670b52462d2ca6a72986974498ecf3b3fad6848cd38
.exe windows x64

48476c179fbf9fc0cc7ae2a8a5fb1073

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

OpenProcessToken
OpenThreadToken
SetSecurityDescriptorGroup
GetTokenInformation
GetAclInformation
EventWrite
CopySid
RegCreateKeyExW
RegQueryInfoKeyW
InitializeSecurityDescriptor
LookupAccountNameW
EventUnregister
SetSecurityDescriptorDacl
GetAce
RegDeleteValueW
InitializeAcl
SetSecurityDescriptorOwner
AddAccessAllowedAce
IsValidSid
RegOpenKeyExW
AddAce
EventRegister
GetLengthSid
RegEnumKeyExW
RegCloseKey
RegSetValueExW
DeregisterEventSource
RegisterEventSourceW
RegEnumValueW
RegQueryValueExW
RegDeleteKeyExW
CreateWellKnownSid
RevertToSelf
ImpersonateLoggedOnUser
LookupAccountSidW
GetSecurityDescriptorLength
ConvertStringSecurityDescriptorToSecurityDescriptorA
ReportEventW

kernel32

WaitForMultipleObjects
lstrcmpiW
HeapSetInformation
DeleteCriticalSection
CloseHandle
GetCurrentProcessId
GetThreadTimes
MapViewOfFile
UnmapViewOfFile
SetErrorMode
GetUserDefaultUILanguage
CreateFileMappingW
CreateFileW
GetVersionExW
GetLocaleInfoW
FindResourceExW
GetSystemDefaultUILanguage
SearchPathW
ReleaseMutex
WaitForSingleObject
DeleteFileA
GetLocalTime
GetProcAddress
CopyFileA
FormatMessageW
GlobalFree
OutputDebugStringW
FlushViewOfFile
CreateFileA
FileTimeToSystemTime
GetTimeFormatW
SystemTimeToTzSpecificLocalTime
SetPriorityClass
ExpandEnvironmentStringsW
SetLastError
LocalFree
OutputDebugStringA
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep
lstrlenA
FindResourceW
FreeLibrary
LoadResource
LoadLibraryExW
GetCurrentProcess
GlobalLock
SetEvent
EnterCriticalSection
GetModuleHandleW
GetCurrentThread
InitializeCriticalSection
GetProcessTimes
GlobalAlloc
WideCharToMultiByte
LoadLibraryW
SizeofResource
GetVersionExA
GetLastError
GetHandleInformation
RaiseException
GlobalUnlock
lstrlenW
MultiByteToWideChar
GetModuleFileNameW
LeaveCriticalSection

msvcrt

bsearch
wcsncmp
_wcsnicmp
wcsncpy_s
free
_iob
_vsnprintf
fprintf
strncmp
strerror
_wtoi
_itow_s
memcpy
_CxxThrowException
_initterm
??1type_info@@UEAA@XZ
_errno
realloc
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
__set_app_type
_fmode
_commode
__setusermatherr
_amsg_exit
__CxxFrameHandler3
exit
_cexit
_exit
_XcptFilter
__wgetmainargs
__C_specific_handler
memset
memcpy_s
_purecall
malloc
_vsnwprintf
_wcsicmp

user32

CharNextW
LoadStringW
UnregisterClassA

ole32

CreateStreamOnHGlobal
CoGetMarshalSizeMax
CoInitializeSecurity
CoReleaseMarshalData
StringFromCLSID
CoTaskMemAlloc
CoInitializeEx
CoMarshalInterface
CoTaskMemRealloc
CoUninitialize
CoTaskMemFree
CoCreateInstance

oleaut32

VarUI4FromStr

tquery

?ciDelete@@YAXPEAX@Z
?ciNewNoThrow@@YAPEAX_K@Z

imm32

ImmDisableIME

msshooks

LoadMSSearchHooks

mscoree

LockClrVersion

shlwapi

SHRegGetValueW

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

Sections

.text
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 560KB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

48476c179fbf9fc0cc7ae2a8a5fb1073

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

user32

ole32

oleaut32

tquery

imm32

msshooks

mscoree

shlwapi

ntdll

Sections

.text Size: 57KB - Virtual size: 56KB

.rdata Size: 41KB - Virtual size: 41KB

.data Size: 2KB - Virtual size: 2KB

.pdata Size: 5KB - Virtual size: 4KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 560KB - Virtual size: 2.4MB

.text
Size: 57KB - Virtual size: 56KB

.rdata
Size: 41KB - Virtual size: 41KB

.data
Size: 2KB - Virtual size: 2KB

.pdata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 560KB - Virtual size: 2.4MB