44469c9b49e7d1e00979aa37f1e9e0860c4c7ac12911592d54e59f67c8e56a45

Sharing

Copy URL Twitter E-mail

General

Target

44469c9b49e7d1e00979aa37f1e9e0860c4c7ac12911592d54e59f67c8e56a45
Size

665KB
MD5

a0acb3c154584706c1e555ed362484b0
SHA1

dc277d7af54e4e5117ab64c3a3d9cc275f1f8f97
SHA256

44469c9b49e7d1e00979aa37f1e9e0860c4c7ac12911592d54e59f67c8e56a45
SHA512

2bfe74244a5019610a68962ea55d5914f4f06ad98c9459ae4f609d14c27da17ea5adfd379796d030a9a4b306ec4b3f5bfb399ddf2f3fc9595a4d1b34f23f1885
SSDEEP

12288:YPx1LmTwnP2cTiDNoutfGHBkvTg28kjJR3qm2XkPH3ikE66:wLkwP5TQrdLg28kjr12Xui3

Score

N/A

Malware Config

Signatures

Files

44469c9b49e7d1e00979aa37f1e9e0860c4c7ac12911592d54e59f67c8e56a45
.exe windows x64

5018095d3bfca988e85acc63c77b8d42

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

TraceMessage
OpenProcessToken
RegOpenKeyExW
EventWrite
RegQueryInfoKeyW
RegCloseKey
RegEnumKeyExW
RegDeleteKeyW
ConvertStringSecurityDescriptorToSecurityDescriptorW
LookupPrivilegeValueW
AdjustTokenPrivileges
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
InitiateShutdownW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
EventRegister
EventUnregister
RegEnumValueW

kernel32

GetCurrentThreadId
GlobalFree
MulDiv
HeapAlloc
GetCurrentProcess
CreateFileW
WriteFile
HeapFree
OpenMutexW
CreateMutexW
GetProcAddress
GetVersionExW
FormatMessageW
GetProcessHeap
HeapSetInformation
RegisterApplicationRestart
GetSystemTime
SystemTimeToFileTime
CloseHandle
CreateEventW
OutputDebugStringA
QueryActCtxW
GetModuleHandleExW
SetLastError
GetModuleFileNameW
CreateActCtxW
FindActCtxSectionStringW
LoadLibraryW
ActivateActCtx
GetLastError
LocalFree
Sleep
GetStartupInfoW
SetUnhandledExceptionFilter
GetModuleHandleW
QueryPerformanceCounter
DeactivateActCtx
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
DeviceIoControl
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
GetVolumePathNamesForVolumeNameW

gdi32

SelectObject
DeleteObject
AbortDoc
EndDoc
EndPage
StartPage
StartDocW
CreateFontIndirectW
GetDeviceCaps
SetMapMode
SetAbortProc
DeleteDC

user32

SetDlgItemTextW
DialogBoxParamW
LoadStringW
MessageBoxW
SetFocus
TranslateMessage
IsDialogMessageW
DrawTextW
ShowWindow
CreateDialogParamW
EnableWindow
SetCursor
EndDialog
GetDlgItem
PostMessageW
GetParent
DefWindowProcW
EnumThreadWindows
SetWindowPos
SendMessageW
LoadIconW
DestroyWindow
MsgWaitForMultipleObjects
PeekMessageW
SetWindowLongPtrW
GetWindowLongPtrW
CreateWindowExW
LoadCursorW
DispatchMessageW

msvcrt

memset
memcmp
wcsstr
_wcsupr
__CxxFrameHandler3
??2@YAPEAX_K@Z
_vsnwprintf
??3@YAXPEAX@Z
__getmainargs
__C_specific_handler
_wcslwr
_amsg_exit
_XcptFilter
?terminate@@YAXXZ
__set_app_type
_fmode
_commode
__setusermatherr
memcpy
_initterm
_acmdln
exit
_cexit
_wcsicmp
_ismbblead
_exit

ole32

CoCreateGuid
CoInitializeEx
StringFromGUID2
CoInitialize
CoCreateInstance
CoUninitialize

ntdll

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry
WinSqmStartSession
WinSqmEndSession
WinSqmAddToStream
WinSqmSetDWORD
NtQuerySystemTime

userenv

GetUserProfileDirectoryW

setupapi

SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyW
SetupDiGetClassDevsW

oleaut32

VariantInit
VariantClear
SysFreeString
SysAllocString

Sections

.text
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 588KB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5018095d3bfca988e85acc63c77b8d42

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

msvcrt

ole32

ntdll

userenv

setupapi

oleaut32

Sections

.text Size: 66KB - Virtual size: 66KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 2KB - Virtual size: 1KB

.rsrc Size: 7KB - Virtual size: 6KB

.reloc Size: 588KB - Virtual size: 2.0MB

.text
Size: 66KB - Virtual size: 66KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 7KB - Virtual size: 6KB

.reloc
Size: 588KB - Virtual size: 2.0MB