0b307812bd7f346731fdaa16516043ee4dbeb09b0f915a181ca8e012633aaea6

Sharing

Copy URL

Twitter E-mail

General

Target

0b307812bd7f346731fdaa16516043ee4dbeb09b0f915a181ca8e012633aaea6
Size

644KB
MD5

8226f4669655bb3c9a32019bfd6c3226
SHA1

c405e3bc0d34e631082fa91ed0438394e34b2886
SHA256

0b307812bd7f346731fdaa16516043ee4dbeb09b0f915a181ca8e012633aaea6
SHA512

19feb1ff936b037dab29472001d4ec07be793a84081e81bef4a9539258ead5a0075382c48c499e58607d4c1edd8f0fe845f0725ff08e7b70a95911087bc0057a
SSDEEP

6144:hViVGJJUxj+kCJoKmjWzbQWFn5Hr2vSTtBXUU5o9qR+9VqFwlGVw2vGmW:hV4G2+EMQ0n5H3t2U5A9I+lgvT

Score

N/A

Malware Config

Signatures

Files

0b307812bd7f346731fdaa16516043ee4dbeb09b0f915a181ca8e012633aaea6
.exe windows x86

9cc24559698c7cb125446a4d71fc379d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

libclamav

cl_retdbdir
cl_dup
cl_scanfile
sc_scan_buffer
cl_build
cl_load
cl_free

shlwapi

PathStripPathA
PathRemoveFileSpecA
StrToIntA
PathStripToRootA
SHDeleteKeyA

psapi

GetProcessMemoryInfo
EnumProcessModules
GetModuleBaseNameA
EnumProcesses

netapi32

NetUserEnum
NetApiBufferFree

kernel32

SetConsoleCtrlHandler
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetTickCount
CloseHandle
WriteFile
CreateFileA
GetFileAttributesA
DeleteFileA
ExpandEnvironmentStringsA
FreeLibrary
GetProcAddress
LoadLibraryA
Sleep
CreateThread
FlushViewOfFile
GetFileInformationByHandle
MapViewOfFile
CreateFileMappingA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleFileNameA
GetExitCodeThread
WaitForSingleObject
GetLongPathNameA
GetShortPathNameA
ReadFile
DisconnectNamedPipe
FlushFileBuffers
ConnectNamedPipe
CreateNamedPipeA
InterlockedIncrement
DeviceIoControl
GetVersionExA
GetModuleHandleA
CreateEventA
lstrcatA
lstrcpyA
InterlockedExchange
MultiByteToWideChar
WideCharToMultiByte
GetVersion
lstrlenW
CompareStringA
CompareStringW
lstrcmpiA
lstrcmpiW
lstrlenA
HeapDestroy
GetEnvironmentVariableW
GetStringTypeExA
GetStringTypeExW
Process32Next
GetPriorityClass
OpenProcess
Process32First
CreateToolhelp32Snapshot
CreateProcessA
MoveFileExA
CopyFileA
InterlockedDecrement
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
GetVolumeNameForVolumeMountPointA
FindNextVolumeA
GetDriveTypeA
GetVolumeInformationA
FindVolumeClose
FindFirstVolumeA
ExitThread
SetEvent
ResetEvent
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileSectionNamesA
GetPrivateProfileSectionA
TerminateProcess
SetUnhandledExceptionFilter
SetErrorMode
TerminateThread
GetCurrentThread
SetFilePointer
GetFileSize
QueryDosDeviceA
LocalFree
FatalAppExitA
CreateDirectoryA
GetComputerNameA
HeapFree
GetProcessHeap
ExitProcess
HeapSize
GetFileType
GetStdHandle
SetHandleCount
SetLastError
TlsFree
TlsSetValue
HeapCreate
VirtualFree
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
SetStdHandle
GetConsoleCP
GetConsoleMode
SetEnvironmentVariableA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoW
SetEndOfFile
GetThreadLocale
GetEnvironmentVariableA
FormatMessageA
TlsAlloc
TlsGetValue
IsValidCodePage
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LCMapStringW
GetOEMCP
GetACP
GetCPInfo
GetStartupInfoA
GetCommandLineA
GetDateFormatA
GetTimeFormatA
GetSystemTimeAsFileTime
VirtualQuery
GetSystemInfo
VirtualAlloc
UnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RtlUnwind
HeapAlloc
HeapReAlloc
VirtualProtect
LCMapStringA

user32

wsprintfA
CharLowerA
CharUpperA
CharUpperW
LoadAcceleratorsA
LoadStringA
UnregisterClassA
CharLowerW

advapi32

OpenSCManagerA
CreateServiceA
CloseServiceHandle
OpenServiceA
DeleteService
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
SetServiceStatus
RegQueryInfoKeyA
RegEnumValueA
RegCreateKeyExA
RegDeleteValueA
RegSetValueExA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegOpenKeyExA
RegEnumKeyExA
RegCloseKey
RegQueryValueExA
RegDeleteKeyA

shell32

ShellExecuteExA
SHFileOperationA

ole32

CoUninitialize
CoInitializeEx
CoSetProxyBlanket
CoCreateInstance
CoInitializeSecurity

oleaut32

GetErrorInfo
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantChangeType
VariantClear
SysFreeString
SysAllocString
SetErrorInfo
CreateErrorInfo
VariantInit

Sections

.text
Size: 516KB - Virtual size: 514KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9cc24559698c7cb125446a4d71fc379d

Headers

File Characteristics

Imports

libclamav

shlwapi

psapi

netapi32

kernel32

user32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 516KB - Virtual size: 514KB

.rdata Size: 80KB - Virtual size: 76KB

.data Size: 12KB - Virtual size: 40KB

.idata Size: 8KB - Virtual size: 7KB

.rsrc Size: 24KB - Virtual size: 21KB

.text
Size: 516KB - Virtual size: 514KB

.rdata
Size: 80KB - Virtual size: 76KB

.data
Size: 12KB - Virtual size: 40KB

.idata
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 24KB - Virtual size: 21KB