f634f6c5a737c4272a9fcd9447cf64b1dbb23bf44156c658cad3ffd47d002a72

Sharing

Copy URL

Twitter E-mail

General

Target

f634f6c5a737c4272a9fcd9447cf64b1dbb23bf44156c658cad3ffd47d002a72
Size

247KB
MD5

836e18c018588519430982935da69d6c
SHA1

3dbc6535d9c8c66056d3c0876158463a7dd3fb32
SHA256

f634f6c5a737c4272a9fcd9447cf64b1dbb23bf44156c658cad3ffd47d002a72
SHA512

c27e1f0fca5c3ed7224f4075de00a96d955d256258e134d39fa1e52711b022af5a8cbc90e1ed852ef19d6eccb6264647f017dd971e0a17a4974989279a73efff
SSDEEP

6144:6ny1h5rNO7m3olar0Qmk/RETwnyPJ0r4R:6ytNB38jQmmSwnyPJ

Score

N/A

Malware Config

Signatures

Files

f634f6c5a737c4272a9fcd9447cf64b1dbb23bf44156c658cad3ffd47d002a72
.exe windows x86

4064630da72a31c1ae8fe6b6b6d66e8a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegEnumKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumKeyW
RegQueryInfoKeyW
RegEnumValueW
ConvertStringSidToSidW
CreateWellKnownSid
EqualSid
GetAce
OpenThreadToken
ImpersonateSelf
AdjustTokenPrivileges
LookupPrivilegeValueW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
GetSecurityInfo
RevertToSelf
SetEntriesInAclW
QueryServiceStatusEx
StartServiceW
ControlService
CloseServiceHandle
OpenServiceW
OpenSCManagerW
ConvertSidToStringSidW
GetTokenInformation
OpenProcessToken
ChangeServiceConfigW

kernel32

lstrlenW
QueryFullProcessImageNameW
OpenProcess
MultiByteToWideChar
CloseHandle
SetEvent
OpenEventW
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
CreateThread
WideCharToMultiByte
WaitForMultipleObjects
LocalFree
GetModuleHandleW
GetCurrentThread
CreateDirectoryW
CreateFileW
FindClose
FindNextFileW
FindFirstFileW
GetFileAttributesW
lstrlenA
InterlockedDecrement
GetSystemTime
WriteFile
SetFilePointer
GetCurrentProcessId
GetCurrentThreadId
GetLocalTime
GetWindowsDirectoryW
GetTickCount64
CompareStringW
GetCurrentProcess
CreateProcessW
CopyFileW
GetModuleFileNameW
GetTempPathW
CreateEventW
DelayLoadFailureHook
FreeLibrary
InterlockedCompareExchange
LoadLibraryExA
GetStartupInfoW
SetUnhandledExceptionFilter
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
InterlockedIncrement
GetProcAddress
LoadLibraryW
FlushFileBuffers
DeleteFileW
CompareFileTime
GetLastError
LocalAlloc
SetEndOfFile
MoveFileExW
OutputDebugStringW
CreateMutexW
OpenMutexW
ReleaseMutex
InterlockedExchange

msvcrt

wcsncat_s
wcscpy_s
wprintf_s
wcstol
_wcslwr_l
_controlfp
_except_handler4_common
_onexit
__dllonexit
_unlock
?terminate@@YAXXZ
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
wcscat_s
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_callnewh
??0exception@@QAE@XZ
wcschr
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
_lock
iswpunct
swscanf
wcsncmp
_wcsicmp
??0exception@@QAE@ABQBD@Z
memmove_s
_resetstkoflw
_purecall
_vsnwprintf
iswspace
memcpy
_wtoi
iswdigit
memset
__CxxFrameHandler3
wcsstr
_wcslwr_s_l
_CxxThrowException
free
_wcmdln
?what@exception@@UBEPBDXZ
wcsncpy_s
towlower
memcpy_s
malloc
_wcsdup

user32

LoadStringW
CharLowerBuffW

ole32

CoUninitialize
CoInitializeEx
CoCreateInstance
StringFromGUID2
CoTaskMemFree
CLSIDFromString
StringFromCLSID
CoSetProxyBlanket
CoTaskMemAlloc
CoCreateGuid
StringFromIID

slc

SLInstallProofOfPurchase
SLGetPKeyInformation
SLConsumeWindowsRight
SLClose
SLOpen

slcext

SLActivateProduct

oleaut32

SafeArrayGetVartype
SysStringLen
SysFreeString
VarBstrCat
SafeArrayCopy
VariantClear
VariantCopy
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayLock
SafeArrayUnlock
SysAllocStringLen
SysAllocStringByteLen
SysAllocString
SysStringByteLen
SafeArrayCreate
SafeArrayDestroy
VariantInit
VarBstrCmp
VariantChangeType
VariantCopyInd

wmdrmsdk

WMDRMCreateProvider

ws2_32

WSAStringToAddressW
inet_addr
GetNameInfoW

shlwapi

PathFindFileNameW
UrlGetPartW
PathCombineW

iphlpapi

GetAdaptersInfo

propsys

PSRegisterPropertySchema
PSUnregisterPropertySchema

Sections

.text
Size: 205KB - Virtual size: 205KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 38KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

fnpuvnc
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4064630da72a31c1ae8fe6b6b6d66e8a

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

user32

ole32

slc

slcext

oleaut32

wmdrmsdk

ws2_32

shlwapi

iphlpapi

propsys

Sections

.text Size: 205KB - Virtual size: 205KB

.data Size: 512B - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 38KB - Virtual size: 39KB

fnpuvnc Size: - Virtual size: 4KB

.text
Size: 205KB - Virtual size: 205KB

.data
Size: 512B - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 38KB - Virtual size: 39KB

fnpuvnc
Size: - Virtual size: 4KB