59dd13e2bf7c579c713a9b5e25c48e5532078b5c86e876cec84a5e247cbf0707

Sharing

Copy URL Twitter E-mail

General

Target

59dd13e2bf7c579c713a9b5e25c48e5532078b5c86e876cec84a5e247cbf0707
Size

205KB
MD5

830dffcdb21696fdcfb81575c5f20e40
SHA1

d963191c9d74d38b967575673b6366f99d8f0a13
SHA256

59dd13e2bf7c579c713a9b5e25c48e5532078b5c86e876cec84a5e247cbf0707
SHA512

74e55e0c2c9d0f1edac04c61c8ff2906da7ca2944896d1c8f97622cae59492fe33b8ed1860937164938376a0afe2d1485bb9adec3d68bfe403fcfb1bc4345abb
SSDEEP

6144:AuABCVNumpP43/VGO/qM6dwboDR1wJK6ip:RvvS6CM/2K66

Score

N/A

Malware Config

Signatures

Files

59dd13e2bf7c579c713a9b5e25c48e5532078b5c86e876cec84a5e247cbf0707
.exe windows x86

626c2f416efb1cc0b0ccd74c31380c3e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
CopySid
GetLengthSid
IsValidSid
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
GetTokenInformation
AddAce
GetAce
GetAclInformation
AddAccessAllowedAce
InitializeAcl
RegEnumKeyExW
SetSecurityDescriptorDacl
OpenProcessToken
OpenThreadToken
ConvertStringSidToSidW
FreeSid
OpenSCManagerW
OpenServiceW
QueryServiceStatus
StartServiceW
CloseServiceHandle
AllocateAndInitializeSid

kernel32

GetModuleHandleW
lstrcmpiW
CloseHandle
WaitForSingleObject
GetModuleFileNameW
GetCurrentProcess
GetCurrentThread
Sleep
LocalFree
GetCurrentThreadId
CreateThread
CreateEventW
InterlockedIncrement
InterlockedDecrement
GetProcAddress
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetCommandLineW
GetProcessHeap
HeapSetInformation
EnterCriticalSection
LeaveCriticalSection
LoadLibraryW
GetLastError
DeleteCriticalSection
InitializeCriticalSection
RaiseException
HeapFree
HeapAlloc
OutputDebugStringA
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
GetStartupInfoW
InterlockedCompareExchange
InterlockedExchange
GetVersionExA
lstrlenW
SetEvent

user32

CharUpperW
DispatchMessageW
TranslateMessage
GetMessageW
CharNextW
UnregisterClassA
PostThreadMessageW

msvcrt

_unlock
_errno
_lock
_onexit
?terminate@@YAXXZ
_controlfp
__dllonexit
realloc
_except_handler4_common
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_wcmdln
_initterm
_XcptFilter
_exit
_cexit
__wgetmainargs
wcsncat_s
_purecall
memset
??_U@YAPAXI@Z
??2@YAPAXI@Z
wcscat_s
wcsncpy_s
wcscpy_s
memcpy_s
free
malloc
??_V@YAXPAX@Z
??3@YAXPAX@Z
exit

userenv

ExpandEnvironmentStringsForUserW

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoInitializeSecurity
CoCreateInstance
StringFromGUID2
CoUninitialize
CoInitialize
CoTaskMemFree
CoRegisterClassObject
CoRevokeClassObject

oleaut32

VariantInit
SysStringLen
SysAllocString
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
LoadRegTypeLi
SysStringByteLen
SysFreeString
VariantClear
VarUI4FromStr

shell32

ShellExecuteExW

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

rpcrt4

RpcBindingFromStringBindingW
RpcBindingSetAuthInfoExW
RpcStringFreeW
NdrClientCall2
RpcStringBindingComposeW

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vmp0
Size: 164KB - Virtual size: 428KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

626c2f416efb1cc0b0ccd74c31380c3e

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

msvcrt

userenv

ole32

oleaut32

shell32

wtsapi32

rpcrt4

Sections

.text Size: 31KB - Virtual size: 31KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 5KB - Virtual size: 5KB

.reloc Size: 2KB - Virtual size: 2KB

.vmp0 Size: 164KB - Virtual size: 428KB

.text
Size: 31KB - Virtual size: 31KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 5KB - Virtual size: 5KB

.reloc
Size: 2KB - Virtual size: 2KB

.vmp0
Size: 164KB - Virtual size: 428KB