546a2be75fce21f3fbce2357be0d1bd5c4567bece525f5e600b08e8a927e702f

Sharing

Copy URL

Twitter E-mail

General

Target

546a2be75fce21f3fbce2357be0d1bd5c4567bece525f5e600b08e8a927e702f
Size

115KB
MD5

1e413f688da60b026657ef86348184a2
SHA1

ce12f6b54b4311b3f213eb2b2807234fac8d7a10
SHA256

546a2be75fce21f3fbce2357be0d1bd5c4567bece525f5e600b08e8a927e702f
SHA512

18e0a0c992e5038ca0e4d0f0027e5dfe586faa2d8c0e4adf28f5164b9060133422d5ccb77fac8bf9061850c9f1eae6229b1a2b8f16943f8ab8c84bdfafe945b3
SSDEEP

3072:pRgjRlsNG14y8rq/d14X73fKa07XJMxDWkcd:pu7se8rql1O3ia8qckq

Score

N/A

Malware Config

Signatures

Files

546a2be75fce21f3fbce2357be0d1bd5c4567bece525f5e600b08e8a927e702f
.gz
sample
.tar
pshtoolkit/LICENSE
pshtoolkit/TODO
pshtoolkit/WHATSNEW
pshtoolkit/genhash/genhash.exe
.exe windows x86

12b23db495ee7b9dfb1fb120e8e83270

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
GetModuleHandleA
ExitProcess
GetLastError
MultiByteToWideChar
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
WriteFile
GetStdHandle
GetModuleFileNameA
DeleteCriticalSection
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
Sleep
RtlUnwind
HeapSize
GetLocaleInfoA
SetFilePointer
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
VirtualAlloc
HeapReAlloc
FlushFileBuffers
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CloseHandle
CreateFileA

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
pshtoolkit/iam/iam.exe
.exe windows x86

a96d9c34561f7e1005ca796dc2f5c502

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

EnumProcessModules
EnumProcesses
GetModuleFileNameExA

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

advapi32

OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
GetTokenInformation

kernel32

CreateFileA
WriteConsoleW
ReadFile
SetLastError
CloseHandle
OpenProcess
GetCurrentProcess
GetWindowsDirectoryA
VirtualFreeEx
WaitForSingleObject
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
GetModuleFileNameA
GetProcAddress
LoadLibraryA
IsBadReadPtr
GetLastError
HeapFree
HeapAlloc
GetModuleHandleA
ExitProcess
GetCommandLineA
GetVersionExA
GetProcessHeap
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
VirtualAlloc
HeapReAlloc
WriteFile
GetStdHandle
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
InitializeCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
Sleep
GetCPInfo
GetACP
GetOEMCP
RtlUnwind
SetFilePointer
GetConsoleCP
GetConsoleMode
HeapSize
MultiByteToWideChar
GetLocaleInfoA
FlushFileBuffers
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP

Sections

.text
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
pshtoolkit/iam/iamdll.dll
.dll windows x86

da08c10d836f5b0b204987710cbacc32

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetProcAddress
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
WriteFile
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize
MultiByteToWideChar
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW

Exports

Exports

ChangeCreds

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pshtoolkit/whosthere/whosthere.exe
.exe windows x86

3ef994b31185b57f7c9046599269f14f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

EnumProcesses
EnumProcessModules
GetModuleFileNameExA

advapi32

OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

kernel32

SetLastError
CloseHandle
OpenProcess
GetLastError
GetCurrentProcess
FreeLibrary
LoadLibraryA
ReadProcessMemory
IsBadReadPtr
HeapFree
HeapAlloc
GetProcAddress
GetModuleHandleA
ExitProcess
GetCommandLineA
GetVersionExA
GetProcessHeap
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
VirtualAlloc
HeapReAlloc
WriteFile
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
GetStartupInfoA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
InitializeCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
Sleep
GetCPInfo
GetACP
GetOEMCP
RtlUnwind
SetFilePointer
GetConsoleCP
GetConsoleMode
HeapSize
MultiByteToWideChar
GetLocaleInfoA
FlushFileBuffers
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA

Sections

.text
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

12b23db495ee7b9dfb1fb120e8e83270

Headers

File Characteristics

Imports

kernel32

Sections

.text Size: 36KB - Virtual size: 35KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 8KB - Virtual size: 11KB

a96d9c34561f7e1005ca796dc2f5c502

Headers

File Characteristics

Imports

psapi

version

advapi32

kernel32

Sections

.text Size: 52KB - Virtual size: 49KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 8KB - Virtual size: 13KB

da08c10d836f5b0b204987710cbacc32

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 25KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 6KB

.reloc Size: 4KB - Virtual size: 3KB

3ef994b31185b57f7c9046599269f14f

Headers

File Characteristics

Imports

psapi

advapi32

kernel32

Sections

.text Size: 48KB - Virtual size: 44KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 8KB - Virtual size: 14KB

.text
Size: 36KB - Virtual size: 35KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 8KB - Virtual size: 11KB

.text
Size: 52KB - Virtual size: 49KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 8KB - Virtual size: 13KB

.text
Size: 28KB - Virtual size: 25KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 6KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 48KB - Virtual size: 44KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 8KB - Virtual size: 14KB