3e8fe8dbeced5dda5a380480280791cf8cf2b4471e447476924f0e8bd6f16ffa

Sharing

Copy URL Twitter E-mail

General

Target

3e8fe8dbeced5dda5a380480280791cf8cf2b4471e447476924f0e8bd6f16ffa
Size

839KB
MD5

924216552baa692ff5d2811252476240
SHA1

ba5167c96b66d9317d377391eddc4f9a70172d1e
SHA256

3e8fe8dbeced5dda5a380480280791cf8cf2b4471e447476924f0e8bd6f16ffa
SHA512

a9c1302d9bc9b7a68ac94908c8ccfbfaeaf5d65098a869d1459888ab20466ac4857f272394f0bddf86c20b27b585307207ab02f722a5d3df5c2384d5c3fd9b17
SSDEEP

12288:vy06RaZqeYxNhyqutM/Z0knu8TefBfszfFj+z8SrFrByuyu5PQGoWDKikTdS0w3R:quZqeDM/GUefBfsbl+9rDyOGisdHB

Score

N/A

Malware Config

Signatures

Files

3e8fe8dbeced5dda5a380480280791cf8cf2b4471e447476924f0e8bd6f16ffa
.exe windows x64

c91654890260637f98bbf2f67038f65a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

TraceMessage
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
EventRegister
EventUnregister
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
RegNotifyChangeKeyValue
EventWrite
RegGetValueW
RegQueryValueExW

kernel32

LoadLibraryW
GetModuleHandleW
lstrcmpiW
RaiseException
LeaveCriticalSection
EnterCriticalSection
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetModuleFileNameW
InitializeCriticalSection
DeleteCriticalSection
GetTickCount
WaitForSingleObject
ReleaseSemaphore
SetLastError
CreateSemaphoreW
GetProcAddress
CreateEventW
GetCurrentThreadId
SetEvent
GetCommandLineW
CreateThread
Sleep
ResetEvent
CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolTimer
GetSystemTimeAsFileTime
ExpandEnvironmentStringsW
FormatMessageW
LocalFree
GetCurrentProcess
FlushInstructionCache
InitializeCriticalSectionAndSpinCount
lstrlenW
CloseHandle
FreeLibrary
FindClose
FindNextFileW
MoveFileW
CopyFileExW
SetFileAttributesW
CreateMutexW
FindFirstFileW
CompareStringOrdinal
CreateFileW
SetFilePointer
GetFileAttributesW
GetFileMUIPath
CompareFileTime
GetSystemInfo
LCMapStringW
LCIDToLocaleName
GetSystemDefaultLCID
GetUserDefaultLCID
GetUserGeoID
SystemTimeToFileTime
OutputDebugStringA
UnhandledExceptionFilter
TerminateProcess
GetCurrentProcessId
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetStartupInfoW
InterlockedPushEntrySList
VirtualAlloc
InterlockedPopEntrySList
GetProcessHeap
VirtualFree
HeapFree
HeapAlloc
GetVersionExA
GetLastError

gdi32

DeleteObject
CreateRectRgn
CreateCompatibleBitmap
DeleteDC
SetLayout
SelectObject
CreateCompatibleDC
CreateDIBSection

user32

UnregisterClassA
GetSystemMenu
GetWindowLongW
DefWindowProcW
LoadStringW
InsertMenuW
ModifyMenuW
RegisterWindowMessageW
CheckMenuItem
ShowWindow
SetWindowRgn
PostQuitMessage
IsIconic
GetSystemMetrics
SendMessageW
LoadImageW
GetMenuState
PostMessageW
DestroyIcon
CreateIconIndirect
DrawIconEx
GetIconInfo
IsWindowUnicode
GetMessageA
CharNextW
SetWindowTextW
RegisterClassExW
GetClassInfoExW
LoadCursorW
CreateWindowExW
DispatchMessageA
CharUpperW
PostThreadMessageW
GetMessageW
MsgWaitForMultipleObjects
DispatchMessageW
EnumWindows
TranslateMessage
PeekMessageW
DeleteMenu
CallWindowProcW
GetWindowLongPtrW
SetWindowLongPtrW

msvcrt

??3@YAXPEAX@Z
??_V@YAXPEAX@Z
??_U@YAPEAX_K@Z
_vsnwprintf
wcsncpy_s
malloc
free
memcpy_s
??2@YAPEAX_K@Z
memmove_s
_purecall
wcscpy_s
wcscat_s
swprintf_s
bsearch
qsort
memset
__C_specific_handler
memcmp
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
_errno
realloc
__set_app_type
_fmode
_commode
__setusermatherr
_amsg_exit
_initterm
_wcmdln
exit
wcstoul
swscanf_s
iswspace
__wgetmainargs
_exit
_XcptFilter
_cexit
memcpy

ole32

CoFreeUnusedLibrariesEx
CoDisconnectObject
PropVariantCopy
CoSuspendClassObjects
CoRevokeClassObject
CoRegisterClassObject
CoResumeClassObjects
CoCreateInstance
CoUninitialize
CoInitializeEx
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
CoCreateGuid
PropVariantClear

oleaut32

VariantChangeType
VariantClear
SysFreeString
VarUI4FromStr
RegisterTypeLi
SysStringLen
SysAllocString
LoadTypeLi
UnRegisterTypeLi
VariantInit

shlwapi

PathParseIconLocationW
SHCreateStreamOnFileW
UrlEscapeW
ord16
SHStrDupW
PathFileExistsW
PathRemoveFileSpecW
PathAppendW
ord615
ord487
SHCreateStreamOnFileEx

propsys

PropVariantCompareEx
PSGetPropertyDescriptionByName
PSGetPropertyDescriptionListFromString
PropVariantToGUID
PSGetPropertyKeyFromName
StgDeserializePropVariant
PropVariantToStringAlloc
PropVariantChangeType
PSCreateMemoryPropertyStore

shell32

SHGetPropertyStoreForWindow
SHQueryUserNotificationState
Shell_NotifyIconW
ord6
SHCreateShellItemArrayFromIDLists
ord155
ShellExecuteExW
SHParseDisplayName
ord165

dwmapi

DwmSetWindowAttribute
DwmSetIconicThumbnail

gdiplus

GdipDrawImageRectI
GdipSetSmoothingMode
GdipDeleteGraphics
GdipCreateFromHDC
GdipGetImageHeight
GdipGetImageWidth
GdiplusShutdown
GdipDisposeImage
GdipFree
GdipCloneImage
GdipAlloc
GdipCreateBitmapFromFile
GdiplusStartup

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
WinSqmSetString
WinSqmAddToStreamEx
WinSqmEndSession
WinSqmSetDWORD
WinSqmIncrementDWORD
WinSqmStartSession
WinSqmIsOptedIn
RtlGetNativeSystemInformation

xmllite

CreateXmlReader

rpcrt4

UuidFromStringW

msi

ord113

crypt32

CertVerifyCertificateChainPolicy

wintrust

CryptCATAdminReleaseContext
WinVerifyTrust
WTHelperProvDataFromStateData
CryptCATAdminReleaseCatalogContext
CryptCATCatalogInfoFromContext
CryptCATAdminEnumCatalogFromHash
CryptCATAdminAcquireContext
WTHelperGetProvSignerFromChain
CryptCATAdminCalcHashFromFileHandle

Sections

.text
Size: 205KB - Virtual size: 205KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 584KB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c91654890260637f98bbf2f67038f65a

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

msvcrt

ole32

oleaut32

shlwapi

propsys

shell32

dwmapi

gdiplus

ntdll

xmllite

rpcrt4

msi

crypt32

wintrust

Sections

.text Size: 205KB - Virtual size: 205KB

.data Size: 3KB - Virtual size: 6KB

.pdata Size: 5KB - Virtual size: 5KB

.rsrc Size: 40KB - Virtual size: 39KB

.reloc Size: 584KB - Virtual size: 1.9MB

.text
Size: 205KB - Virtual size: 205KB

.data
Size: 3KB - Virtual size: 6KB

.pdata
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 40KB - Virtual size: 39KB

.reloc
Size: 584KB - Virtual size: 1.9MB