b6b0d44f5f54e584c8981a0a86adb39b4af24a0b33554f44af5c7931bcde8940

Sharing

Copy URL Twitter E-mail

General

Target

b6b0d44f5f54e584c8981a0a86adb39b4af24a0b33554f44af5c7931bcde8940
Size

398KB
MD5

0f22d238c91af8380ab7d13fc24c1a1f
SHA1

53fbcaa6c028aa995a28ac335aa44f48120dec5c
SHA256

b6b0d44f5f54e584c8981a0a86adb39b4af24a0b33554f44af5c7931bcde8940
SHA512

f8a2d24a584b32d190d431f93223cec720290253783d09a54077a43f48f9f710f4b585673684f4b48971e015dcbf19f4237d9612a7625271cdcdb46d63260671
SSDEEP

12288:Gpxkq+HTMSonwFTBX8uanW2OXLca17LXN6Z:GpxHUTenwvWnW2o17s

Score

N/A

Malware Config

Signatures

Files

b6b0d44f5f54e584c8981a0a86adb39b4af24a0b33554f44af5c7931bcde8940
.exe windows x86

d60440bd20170808f7fdc5e78227793a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileAttributesExW
CreateFileW
GetCommandLineW
GetProcAddress
GetModuleHandleW
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
Sleep
CloseHandle
DeleteCriticalSection
InitializeCriticalSection
SetLastError
GetCurrentThreadId
GetModuleFileNameW
QueryPerformanceCounter
QueryPerformanceFrequency
GetLastError
LeaveCriticalSection
EnterCriticalSection
InterlockedIncrement
GetEnvironmentVariableW
LocalFree
InterlockedDecrement
GetConsoleMode
GetConsoleCP
IsValidCodePage
FormatMessageA
GetProcessTimes
SetEndOfFile
WriteConsoleW
SetStdHandle
SetFilePointer
LoadLibraryW
GetOEMCP
GetACP
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetStartupInfoW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
ReadFile
WideCharToMultiByte
InterlockedCompareExchange
InterlockedExchange
MultiByteToWideChar
GetStringTypeW
EncodePointer
DecodePointer
HeapSetInformation
RtlUnwind
RaiseException
LCMapStringW
GetCPInfo
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitProcess
IsProcessorFeaturePresent
WriteFile
GetStdHandle
GetLocaleInfoW
HeapCreate
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
FlushFileBuffers

advapi32

CryptAcquireContextW
CryptReleaseContext
CryptVerifySignatureW
CryptDestroyKey
CryptDestroyHash
CryptCreateHash
CryptHashData
CryptImportKey
RegOpenKeyExW
RegCloseKey

ole32

CoUninitialize
CoInitializeEx
CoCreateInstance
CLSIDFromProgID

shell32

CommandLineToArgvW

oleaut32

SysStringByteLen
SysAllocStringLen
SysStringLen
SysAllocStringByteLen
VariantClear
VariantCopy
VariantInit
SysFreeString
SysAllocString
GetErrorInfo

Sections

.text
Size: 142KB - Virtual size: 142KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vmp0
Size: 192KB - Virtual size: 1.3MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d60440bd20170808f7fdc5e78227793a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

ole32

shell32

oleaut32

Sections

.text Size: 142KB - Virtual size: 142KB

.rdata Size: 37KB - Virtual size: 36KB

.data Size: 8KB - Virtual size: 16KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 16KB - Virtual size: 15KB

.vmp0 Size: 192KB - Virtual size: 1.3MB

.text
Size: 142KB - Virtual size: 142KB

.rdata
Size: 37KB - Virtual size: 36KB

.data
Size: 8KB - Virtual size: 16KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 16KB - Virtual size: 15KB

.vmp0
Size: 192KB - Virtual size: 1.3MB