8f044c279b60ff71fc45575e04f26ddcae4e2b7ca02372c5e17dbe807dc81d4d

Sharing

Copy URL Twitter E-mail

General

Target

8f044c279b60ff71fc45575e04f26ddcae4e2b7ca02372c5e17dbe807dc81d4d
Size

247KB
MD5

0ddfc8d30b787a459539f78417511120
SHA1

398a8dda17b4083f7a4482ead3c1b4b0e277ab08
SHA256

8f044c279b60ff71fc45575e04f26ddcae4e2b7ca02372c5e17dbe807dc81d4d
SHA512

9a16a5d71c298be505b320f18a6d8f459d03e80085dba34321718db3a06976b57a7b159a49ba1e3d58f111b1e05cc2f68d6833153fb04c2d0534590b5c928097
SSDEEP

3072:bhanmNC/fCSNmFcBHxgoP/zS0G0nRh1ejw8lCUx3FMhqulJawOARtI0sPoU0RJjg:bQnm5FueK/u0G0ZbUx3sMARJvU8g

Score

N/A

Malware Config

Signatures

Files

8f044c279b60ff71fc45575e04f26ddcae4e2b7ca02372c5e17dbe807dc81d4d
.exe windows x86

47cf11c19e35fe3c7fafe22ef73af8b3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegEnumKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumKeyW
RegQueryInfoKeyW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegEnumValueW
ConvertStringSidToSidW
CreateWellKnownSid
EqualSid
GetAce
OpenThreadToken
ImpersonateSelf
AdjustTokenPrivileges
LookupPrivilegeValueW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
GetSecurityInfo
RevertToSelf
SetEntriesInAclW
QueryServiceStatusEx
StartServiceW
ControlService
CloseServiceHandle
OpenServiceW
OpenSCManagerW
ConvertSidToStringSidW
GetTokenInformation
OpenProcessToken
ChangeServiceConfigW

kernel32

lstrlenW
QueryFullProcessImageNameW
OpenProcess
MultiByteToWideChar
CloseHandle
LocalFree
SetEvent
CreateEventW
CreateDirectoryW
GetEnvironmentVariableW
OpenEventW
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
GetModuleHandleW
WideCharToMultiByte
WaitForMultipleObjects
LocalAlloc
GetCurrentThread
CreateFileW
FindClose
FindNextFileW
FindFirstFileW
GetFileAttributesW
lstrlenA
InterlockedDecrement
GetSystemTime
WriteFile
SetFilePointer
GetCurrentProcessId
GetCurrentThreadId
GetLocalTime
GetWindowsDirectoryW
GetTickCount64
CompareStringW
GetCurrentProcess
CreateProcessW
CopyFileW
GetModuleFileNameW
GetTempPathW
DelayLoadFailureHook
FreeLibrary
InterlockedCompareExchange
LoadLibraryExA
GetStartupInfoW
SetUnhandledExceptionFilter
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
InterlockedIncrement
GetProcAddress
LoadLibraryW
FlushFileBuffers
DeleteFileW
CompareFileTime
GetLastError
CreateThread
SetEndOfFile
MoveFileExW
OutputDebugStringW
CreateMutexW
OpenMutexW
ReleaseMutex
InterlockedExchange

msvcrt

wcsncat_s
wcscpy_s
wprintf_s
wcstol
_wcslwr_l
_controlfp
_except_handler4_common
_onexit
_lock
_unlock
?terminate@@YAXXZ
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
wcscat_s
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_callnewh
??0exception@@QAE@XZ
wcschr
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
__dllonexit
iswpunct
swscanf
wcsncmp
_wcsicmp
??0exception@@QAE@ABQBD@Z
memmove_s
_resetstkoflw
_purecall
_vsnwprintf
iswspace
memcpy
_wtoi
iswdigit
memset
__CxxFrameHandler3
wcsstr
_wcslwr_s_l
_CxxThrowException
free
_wcmdln
?what@exception@@UBEPBDXZ
wcsncpy_s
towlower
memcpy_s
malloc
_wcsdup

user32

LoadStringW
CharLowerBuffW

ole32

CoUninitialize
CoInitializeEx
CoCreateInstance
StringFromGUID2
CoTaskMemFree
CLSIDFromString
StringFromCLSID
CoSetProxyBlanket
CoTaskMemAlloc
CoCreateGuid
StringFromIID

slc

SLInstallProofOfPurchase
SLGetPKeyInformation
SLConsumeWindowsRight
SLClose
SLOpen

slcext

SLActivateProduct

oleaut32

SafeArrayGetVartype
SysStringLen
SysFreeString
VarBstrCat
SafeArrayCopy
VariantClear
VariantCopy
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayLock
SafeArrayUnlock
SysAllocStringLen
SysAllocString
SysAllocStringByteLen
SysStringByteLen
SafeArrayCreate
SafeArrayDestroy
VariantInit
VarBstrCmp
VariantChangeType
VariantCopyInd

wmdrmsdk

WMDRMCreateProvider

ws2_32

WSAStringToAddressW
inet_addr
GetNameInfoW

shlwapi

PathFindFileNameW
UrlGetPartW
PathCombineW

iphlpapi

GetAdaptersInfo

propsys

PSUnregisterPropertySchema
PSRegisterPropertySchema

Sections

.text
Size: 206KB - Virtual size: 206KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

47cf11c19e35fe3c7fafe22ef73af8b3

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

user32

ole32

slc

slcext

oleaut32

wmdrmsdk

ws2_32

shlwapi

iphlpapi

propsys

Sections

.text Size: 206KB - Virtual size: 206KB

.data Size: 512B - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 37KB - Virtual size: 39KB

.text
Size: 206KB - Virtual size: 206KB

.data
Size: 512B - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 37KB - Virtual size: 39KB