e29a95d2c3301b4c1187434fd6c3a265691908c1286c0748fb20a645fc42f3b7

Sharing

Copy URL Twitter E-mail

General

Target

e29a95d2c3301b4c1187434fd6c3a265691908c1286c0748fb20a645fc42f3b7
Size

994KB
MD5

0a56df85d618b5a21fdd66bacb33a350
SHA1

974f056e070a96f29c9a833bb2876a38562a0ad2
SHA256

e29a95d2c3301b4c1187434fd6c3a265691908c1286c0748fb20a645fc42f3b7
SHA512

816647443636f25441a3192795c218d74ffc8d3845dae3ad6f4f086b0900c9b616386bc797100b7bd05ed37bf5c7dd975c53436fd431e69ca10a13155ae0d8c7
SSDEEP

1536:UFS1NRDyQvgjOAaj9WZmwxmHp7Y9nB6GoVDlt/8:UFSbRfIjQjSYYz6flt/8

Score

N/A

Malware Config

Signatures

Files

e29a95d2c3301b4c1187434fd6c3a265691908c1286c0748fb20a645fc42f3b7
.exe windows x86

86d38a7d78e5b8f774e6b938f0a434b2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

AllocateAndInitializeSid
ChangeServiceConfigA
CloseServiceHandle
ControlService
ConvertStringSecurityDescriptorToSecurityDescriptorA
CreateProcessAsUserW
EqualSid
FreeSid
GetTokenInformation
LockServiceDatabase
LsaFreeMemory
OpenProcessToken
OpenSCManagerW
OpenServiceW
QueryServiceConfigA
QueryServiceStatus
RegCloseKey
RegCreateKeyExA
RegCreateKeyExW
RegDeleteKeyA
RegEnumKeyExA
RegEnumValueA
RegEnumValueW
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
StartServiceA
StartServiceW
SystemFunction012
UnlockServiceDatabase
OpenServiceA
RegDeleteKeyW

gdi32

GetKerningPairsA
ScaleViewportExtEx
FixBrushOrgEx
GetNearestPaletteIndex
EngAlphaBlend

kernel32

CloseHandle
CreateEventA
CreateFileA
CreateFileW
CreateProcessA
DisableThreadLibraryCalls
DuplicateHandle
EnumResourceLanguagesA
ExpandEnvironmentStringsW
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetDateFormatA
GetDiskFreeSpaceExW
GetFileSize
GetLocalTime
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetTimeFormatA
GetVersionExA
InterlockedDecrement
InterlockedIncrement
LoadLibraryA
LocalAlloc
LocalFree
MultiByteToWideChar
OpenEventA
OutputDebugStringA
ReadConsoleInputA
SetCalendarInfoW
SetEndOfFile
SetFilePointer
SetUnhandledExceptionFilter
Sleep
TerminateProcess
UnhandledExceptionFilter
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcmpiA
lstrcpyW
lstrlenA
lstrlenW
VirtualAlloc
FindResourceW
GetProcessHeap
LoadResource
LockResource
ReplaceFile
TransmitCommChar
GetLastError
GetProcAddress
GetModuleHandleW
ExitProcess
DecodePointer
GetCommandLineA
HeapSetInformation
GetStartupInfoW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
IsDebuggerPresent
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
SetConsoleCtrlHandler
InterlockedExchange
LoadLibraryW
GetLocaleInfoW
GetStdHandle
IsProcessorFeaturePresent
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
LCMapStringW
GetStringTypeW
HeapFree
HeapSize
RtlUnwind
HeapAlloc
HeapReAlloc

rpcrt4

NdrClientCall2
NdrServerContextNewMarshall
RpcBindingFromStringBindingW
RpcImpersonateClient
RpcStringBindingComposeW
TowerExplode
IUnknown_AddRef_Proxy
RpcStringFreeW

shell32

ShellExecuteW

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 527KB - Virtual size: 527KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 415KB - Virtual size: 422KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

86d38a7d78e5b8f774e6b938f0a434b2

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

gdi32

kernel32

rpcrt4

shell32

Sections

.text Size: 50KB - Virtual size: 50KB

.rdata Size: 527KB - Virtual size: 527KB

.data Size: 415KB - Virtual size: 422KB

.text
Size: 50KB - Virtual size: 50KB

.rdata
Size: 527KB - Virtual size: 527KB

.data
Size: 415KB - Virtual size: 422KB