8c1ce19720da64b085948a6f458ab2bb2d0b8d908475c7e86302409b31fa8bf1

Sharing

Copy URL Twitter E-mail

General

Target

8c1ce19720da64b085948a6f458ab2bb2d0b8d908475c7e86302409b31fa8bf1
Size

180KB
MD5

908a5bf0e63e379661a9377baf8b6450
SHA1

811516255821c6bd7bd0e788ccf163a4beaf3873
SHA256

8c1ce19720da64b085948a6f458ab2bb2d0b8d908475c7e86302409b31fa8bf1
SHA512

a46a43cb1cd676a2286428c518490f74ff390c6a684f02bb432b38480d851d0ab01f19388e8725dd94cb6adeaebdf14cc13b84138a575dcd9f9ef45dce518f71
SSDEEP

3072:9WGrmFrxEWmbI3d0N42RLTDUATUfw/NZjVbxkuAL:9HSNmst0N42RvDNMAVAL

Score

N/A

Malware Config

Signatures

Files

8c1ce19720da64b085948a6f458ab2bb2d0b8d908475c7e86302409b31fa8bf1
.exe windows x86

d254b62f670827c90376fa30e7f7f8ef

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

TraceEvent
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
FreeSid
CreateProcessAsUserW
CreateRestrictedToken
LogonUserW
GetUserNameW
OpenProcessToken
RegCloseKey
ReadEventLogW
RegQueryValueExW
RegOpenKeyExW
CloseEventLog
GetNumberOfEventLogRecords
GetOldestEventLogRecord
OpenEventLogW
CloseServiceHandle
QueryServiceStatusEx
OpenServiceW
OpenSCManagerW
RegEnumValueW
RegEnumKeyExW
CheckTokenMembership
IsValidSid
AllocateAndInitializeSid

kernel32

CreateEventW
UnhandledExceptionFilter
GetSystemTimeAsFileTime
Sleep
ExpandEnvironmentStringsW
LoadLibraryExW
FileTimeToLocalFileTime
FileTimeToSystemTime
DeleteFileW
SetFileAttributesW
HeapFree
HeapAlloc
GetFileInformationByHandle
FileTimeToDosDateTime
MultiByteToWideChar
WideCharToMultiByte
GetSystemPowerStatus
GetFileAttributesW
CreateTimerQueueTimer
SetFilePointerEx
WriteFile
GetModuleHandleW
GetSystemDirectoryW
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
InterlockedCompareExchange
InterlockedExchange
FindFirstFileW
FindNextFileW
FindClose
CopyFileW
CreateDirectoryW
CreateFileW
TerminateProcess
DeleteTimerQueueTimer
GetSystemTime
GetCurrentProcess
WaitForSingleObject
GetExitCodeProcess
SetEvent
InterlockedIncrement
GetCommandLineW
GetTickCount
GetLocalTime
GetDateFormatW
GetTimeFormatW
SetLastError
GetLastError
CloseHandle
SetErrorMode
FormatMessageW
InterlockedDecrement
LoadLibraryW
GetProcAddress
FreeLibrary
LocalAlloc
LocalFree

msvcrt

??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
malloc
free
??0exception@@QAE@XZ
swscanf
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABQBD@Z
fclose
iswspace
feof
fgetws
__RTDynamicCast
towlower
__dllonexit
_errno
_wfopen
?terminate@@YAXXZ
_vsnprintf
__doserrno
_wopen
_read
_write
_close
_lseek
_wremove
_wtempnam
memcpy
_lock
_onexit
wprintf
__CxxFrameHandler3
memcpy_s
_CxxThrowException
memmove_s
_purecall
_getch
iswprint
swscanf_s
wcstoul
vwprintf
wcschr
wcsstr
memset
_vsnwprintf
_except_handler4_common
_controlfp
wcsrchr
_unlock
printf
_wcsicmp
memmove

ole32

CoInitializeEx
StringFromGUID2
CoUninitialize
CoCreateInstance

oleaut32

SysAllocString
SysFreeString

rpcrt4

UuidFromStringW

userenv

LoadUserProfileW
CreateEnvironmentBlock
DestroyEnvironmentBlock
UnloadUserProfile

mpclient

MpUtilsExportFunctions
MpConfigDelValue
MpConfigIteratorOpen
MpConfigIteratorEnum
MpConfigIteratorClose
MpConfigGetValueAlloc
MpUpdateStart
MpManagerVersionQuery
MpManagerOpen
MpScanStart
MpCleanOpen
MpCleanStart
MpConfigOpen
MpConfigClose
MpScanResult
MpConfigGetValue
MpHandleClose
MpConfigUninitialize
MpConfigInitialize
MpFreeMemory
MpClientUtilExportFunctions

cabinet

ord11
ord14
ord13
ord10

Sections

.text
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 39KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ujvpnsm
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d254b62f670827c90376fa30e7f7f8ef

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

ole32

oleaut32

rpcrt4

userenv

mpclient

cabinet

Sections

.text Size: 136KB - Virtual size: 135KB

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 39KB - Virtual size: 40KB

ujvpnsm Size: - Virtual size: 4KB

.text
Size: 136KB - Virtual size: 135KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 39KB - Virtual size: 40KB

ujvpnsm
Size: - Virtual size: 4KB