c9111d4a390746f3ff65e69eea2e61607e50d76d26a688844c59cd0cca358626

Sharing

Copy URL Twitter E-mail

General

Target

c9111d4a390746f3ff65e69eea2e61607e50d76d26a688844c59cd0cca358626
Size

829KB
MD5

090a7910483b926317d09957e4d69bf0
SHA1

665a7ce8c887e88b7444b5ed503e864387ac62c7
SHA256

c9111d4a390746f3ff65e69eea2e61607e50d76d26a688844c59cd0cca358626
SHA512

6cdf2a5c2851614bdea6b6d8ddf0aea738b891b9e2ac4d4109a34c2872b0428c002affe08e55efa7636005d04f1cb34565080f2865ccdd726df9cb17c4c75e0a
SSDEEP

24576:9TAnlfRCv/y7DWAIoDVAJe5IP9q0kWH6GG+wMaDP:9TAnlfRm67/IoDa+IP9q0kS6Ewb

Score

N/A

Malware Config

Signatures

Files

c9111d4a390746f3ff65e69eea2e61607e50d76d26a688844c59cd0cca358626
.exe windows x86

fd7510d52f66b05a6b96334e67ea8cd7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
CryptGenRandom
CryptAcquireContextW
CryptReleaseContext
RegQueryValueExW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
GetTokenInformation
RegEnumKeyExW
EventUnregister
EventWrite

kernel32

LocalFree
FormatMessageW
Sleep
HeapFree
HeapReAlloc
HeapAlloc
GetProcessHeap
GetCurrentProcess
lstrlenW
WideCharToMultiByte
GlobalFree
ReadFile
CreateFileW
GetWindowsDirectoryW
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
FreeLibrary
GetProcAddress
LoadLibraryW
InterlockedIncrement
GetFullPathNameW
CreateMutexW
ReleaseMutex
SetEvent
InterlockedDecrement
OutputDebugStringA
SetLastError
FindClose
FindNextFileW
FindFirstFileW
WriteFile
SetEndOfFile
SetFilePointer
GetTempPathW
GetCommandLineW
InterlockedExchange
HeapSize
HeapDestroy
GetVersionExA
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetSystemWindowsDirectoryW
GetModuleFileNameW
GetFileAttributesW
CreateDirectoryW
CreateEventW
CreateThread
CloseHandle
GetLastError
FindResourceExW
InterlockedCompareExchange
SetUnhandledExceptionFilter
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetEnvironmentVariableW
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
DeleteFileW
CompareFileTime
SetFileTime
MoveFileExW
GetSystemTime
GetFileAttributesExW
FindResourceW
LoadResource
LockResource
SizeofResource
MultiByteToWideChar

user32

UnregisterClassA

msvcrt

_cexit
_exit
??1type_info@@UAE@XZ
_vsnprintf
wcsspn
wcsstr
_XcptFilter
wcscspn
__wgetmainargs
_vscprintf
wcsrchr
??2@YAPAXI@Z
_wtoi
memcpy
_resetstkoflw
_ftol2
calloc
vswprintf_s
_vscwprintf
exit
vsprintf_s
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_initterm
_amsg_exit
free
malloc
_wcsicmp
wcstoul
_wcsnicmp
wcschr
memset
memmove_s
_CxxThrowException
memcpy_s
_vsnwprintf
??_V@YAXPAX@Z
__CxxFrameHandler3
??_U@YAPAXI@Z
??3@YAXPAX@Z
_controlfp
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
_except_handler4_common
iswdigit

shell32

SHFileOperationW

ole32

CoInitializeSecurity
CoUninitialize
CoGetMalloc
CoCreateInstance
CoInitializeEx

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

userenv

UnloadUserProfile

spwizui

SPInstallFailed
SPInstallSucceeded

sperror

GetErrorDescription

sqmapi

SqmStartUpload
SqmEndSession
SqmIsWindowsOptedIn
SqmSet
SqmSetMachineId
SqmWriteSharedMachineId
SqmCreateNewId
SqmReadSharedMachineId
SqmSetString
SqmSetAppId
SqmSetEnabled
SqmGetSession
SqmAddToStreamV
SqmWaitForUploadComplete

winbrand

BrandingFormatString

Sections

.text
Size: 244KB - Virtual size: 243KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 580KB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fd7510d52f66b05a6b96334e67ea8cd7

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

msvcrt

shell32

ole32

version

userenv

spwizui

sperror

sqmapi

winbrand

Sections

.text Size: 244KB - Virtual size: 243KB

.data Size: 1KB - Virtual size: 3KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 580KB - Virtual size: 2.3MB

.text
Size: 244KB - Virtual size: 243KB

.data
Size: 1KB - Virtual size: 3KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 580KB - Virtual size: 2.3MB