afe54cf52954c4c12f82b96dbb07ce4467890085207a225c65d34e7248cf290a

Sharing

Copy URL Twitter E-mail

General

Target

afe54cf52954c4c12f82b96dbb07ce4467890085207a225c65d34e7248cf290a
Size

604KB
MD5

a19c582cf7944c37c85fed775ff7d320
SHA1

94b87b8a716eb4a96dc1bab25d04fc484786f06b
SHA256

afe54cf52954c4c12f82b96dbb07ce4467890085207a225c65d34e7248cf290a
SHA512

fed669c2921b99415b89f828c5f3237b37ea587d5d879189e5d33ef3d88e0d9c2309133d357ed46c2e25aaf50f60b8667bf83862eda41723ea77eccea192a8ee
SSDEEP

12288:uNcGGJ4dod/JOMx5UgC4eHDBMhxu0/gy:WcGGJdd/JOG5UgC4eHDOu0/

Score

N/A

Malware Config

Signatures

Files

afe54cf52954c4c12f82b96dbb07ce4467890085207a225c65d34e7248cf290a
.exe windows x64

9f3e40ee7c749347c709ed5d9aa24776

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

WideCharToMultiByte
MultiByteToWideChar
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetStartupInfoW
HeapFree
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlCaptureContext
RtlLookupFunctionEntry
RtlUnwindEx
RaiseException
RtlPcToFileHeader
LCMapStringW
LCMapStringA
GetStringTypeW
GetModuleHandleW
GetProcAddress
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
ExpandEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
FlsFree
SetLastError
GetCurrentThreadId
GetCurrentThread
FlsAlloc
HeapSetInformation
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
RtlVirtualUnwind
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
HeapSize
GetStringTypeA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
HeapReAlloc
FreeLibrary
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
OutputDebugStringW
GetLocalTime
FindFirstFileW
CompareFileTime
FindClose
FindNextFileW
DeleteFileW
LoadLibraryW
CreateFileW
GetTempPathW
CreateMutexW
WaitForSingleObject
GetVersionExW
ReleaseMutex
MapViewOfFile
UnmapViewOfFile
ProcessIdToSessionId
CreateFileMappingW
GetCurrentProcessId
CloseHandle
GetProcessId
GetLastError
GetModuleFileNameW
CreateProcessW
GetProcessHeap
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
SetFilePointer
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers

user32

WaitForInputIdle

shell32

ord165
SHGetSpecialFolderPathW
ShellExecuteExW

shlwapi

PathUnquoteSpacesW
PathFileExistsW

userenv

UnloadUserProfile

advapi32

GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetLengthSid
MakeSelfRelativeSD
GetSecurityDescriptorSacl
AddAce
InitializeSid
GetSidLengthRequired
IsValidSid
RegisterEventSourceW
RegQueryValueExW
DeregisterEventSource
RegOpenKeyExW
ReportEventW
RegCloseKey
OpenProcessToken
OpenThreadToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegOpenKeyW
GetSidSubAuthority
SetSecurityDescriptorGroup
GetTokenInformation
GetAclInformation
CopySid
GetSecurityDescriptorControl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetSecurityDescriptorLength
MakeAbsoluteSD
InitializeAcl
SetSecurityDescriptorOwner
GetSecurityDescriptorOwner

faultrep

ReportFault

Sections

.text
Size: 329KB - Virtual size: 328KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 248KB - Virtual size: 472KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9f3e40ee7c749347c709ed5d9aa24776

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

shlwapi

userenv

advapi32

faultrep

Sections

.text Size: 329KB - Virtual size: 328KB

.data Size: 10KB - Virtual size: 20KB

.pdata Size: 13KB - Virtual size: 13KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 248KB - Virtual size: 472KB

.text
Size: 329KB - Virtual size: 328KB

.data
Size: 10KB - Virtual size: 20KB

.pdata
Size: 13KB - Virtual size: 13KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 248KB - Virtual size: 472KB