73af3b8f0d2e21990476df32a534191dbfd3ca15fc74aa9e99c07f564a13ae96

Sharing

Copy URL Twitter E-mail

General

Target

73af3b8f0d2e21990476df32a534191dbfd3ca15fc74aa9e99c07f564a13ae96
Size

275KB
MD5

3b538e153f487a88ff0169c0a77e27c0
SHA1

5a3ebadbb4efe0e3f65134e2d2f185a61b49a31c
SHA256

73af3b8f0d2e21990476df32a534191dbfd3ca15fc74aa9e99c07f564a13ae96
SHA512

5b60183497b101075f04be4f933fa772c90fa003bb81da88eefec6a26a5600c1036c64623491a1844c9b70243539bfa08c875c23ed6b939260f4b1237f9729f0
SSDEEP

6144:KilKvqrIcCazlZ2TJcvlc+3hqFjdP6PexqHJ5G6+G7:OvqHBZ2T+vlT34F5Pye8HDG+7

Score

N/A

Malware Config

Signatures

Files

73af3b8f0d2e21990476df32a534191dbfd3ca15fc74aa9e99c07f564a13ae96
.exe windows x86

95ddc6ac890faad6ad318d6358e3f906

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteConsoleInputW
FreeConsole
GetSystemDirectoryW
CloseHandle
OpenProcess
GetLocalTime
GetStdHandle
SetErrorMode
CreateNamedPipeW
lstrlenW
VirtualFree
CancelIo
SetEnvironmentVariableW
DuplicateHandle
GetCPInfo
GetCurrentProcess
WaitForMultipleObjects
GetModuleFileNameA
CreateFileW
GetLastError
GetConsoleScreenBufferInfo
ReadConsoleOutputW
GetSystemDirectoryA
GetLocaleInfoW
ExpandEnvironmentStringsA
GetSystemTimeAsFileTime
GetExitCodeProcess
HeapAlloc
InitializeCriticalSection
SetUnhandledExceptionFilter
WriteConsoleW
GetConsoleCP
QueryPerformanceCounter
GenerateConsoleCtrlEvent
WriteFile
ReadConsoleOutputA
MultiByteToWideChar
GetOverlappedResult
GetACP
GetCurrentProcessId
DeleteFileA
LocalAlloc
GetSystemDefaultLCID
CreateEventW
IsDBCSLeadByte
SetEnvironmentVariableA
HeapFree
lstrcpyA
GlobalAlloc
GetConsoleMode
FormatMessageW
LoadLibraryW
GetComputerNameW
GetModuleHandleA
ReadFile
GlobalFree
FreeLibrary
AllocConsole
LoadLibraryExW
SetHandleInformation
GetCurrentThread
CreateFileA
LocalFree
FormatMessageA
GetProcessHeap
SetConsoleCtrlHandler
GlobalFindAtomW
SetLastError
WriteConsoleInputA
lstrcpyW
lstrcatA
WideCharToMultiByte
ExpandEnvironmentStringsW
GetStartupInfoA
WaitForSingleObject
SetConsoleScreenBufferSize
GetProcAddress
SetConsoleWindowInfo
ReleaseMutex

msvcrt

_itoa
??3@YAXPAX@Z
isdigit
_XcptFilter
strrchr
wcscpy
wcscmp
_wcsnicmp
free
wcsrchr
_wcsicmp
toupper
strchr
_snprintf
_cexit
__initenv
_stricmp
_strcmpi
__setusermatherr
_adjust_fdiv
towlower
__getmainargs
wcslen
__p__fmode
_snwprintf
wcscat
wcsncpy
strtoul
_c_exit
wcschr
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
calloc
sprintf
_exit
wcsncat
memmove
??2@YAPAXI@Z
_except_handler3
_controlfp
malloc
memchr
_initterm
strncpy

advapi32

CreateProcessAsUserW
LookupPrivilegeValueW
EqualSid
GetSecurityDescriptorLength
DuplicateTokenEx
GetSidIdentifierAuthority
RegCloseKey
InitializeAcl
GetLengthSid
CryptAcquireContextW
LookupAccountSidW
LsaOpenPolicy
RegOpenKeyExA
RegisterEventSourceW
FreeSid
CryptGenRandom
InitializeSecurityDescriptor
RegSetKeySecurity
IsValidSid
RegOpenKeyExW
GetSidSubAuthority
GetTokenInformation
LookupAccountNameW
LogonUserW
RegCreateKeyA
CryptReleaseContext
LsaQueryInformationPolicy
LsaFreeMemory
GetAce
AllocateAndInitializeSid
ImpersonateLoggedOnUser
RevertToSelf
OpenThreadToken
DeregisterEventSource
LsaClose
OpenProcessToken
AdjustTokenPrivileges
RegCreateKeyExW
AddAccessAllowedAce
RegLoadKeyA
RegQueryValueExW
MakeSelfRelativeSD
ReportEventW
RegOpenKeyW
GetSidSubAuthorityCount
RegSetValueExW
RegQueryValueExA
SetSecurityDescriptorDacl

netapi32

NetApiBufferFree
NetUserGetInfo
NetGetAnyDCName

user32

OpenDesktopW
GetProcessWindowStation
CloseWindowStation
LoadStringW
MapVirtualKeyW
CloseDesktop
VkKeyScanW
CharToOemA
wsprintfW
SetUserObjectSecurity

security

AcceptSecurityContext
DeleteSecurityContext
RevertSecurityContext
ImpersonateSecurityContext
FreeContextBuffer
QuerySecurityPackageInfoW
AcquireCredentialsHandleW
FreeCredentialsHandle

ntdll

RtlSubAuthorityCountSid
RtlSubAuthoritySid
RtlInitUnicodeString
DbgPrint
RtlEqualUnicodeString

mpr

WNetCloseEnum
WNetEnumResourceW
WNetOpenEnumW
WNetAddConnection2W
WNetCancelConnection2W

psapi

EnumProcesses

ws2_32

WSASocketW

shell32

SHGetFolderPathW

Sections

.text
Size: 121KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

95ddc6ac890faad6ad318d6358e3f906

Headers

File Characteristics

Imports

kernel32

msvcrt

advapi32

netapi32

user32

security

ntdll

mpr

psapi

ws2_32

shell32

Sections

.text Size: 121KB - Virtual size: 120KB

.rdata Size: 15KB - Virtual size: 15KB

.data Size: 58KB - Virtual size: 57KB

.rsrc Size: 78KB - Virtual size: 78KB

.text
Size: 121KB - Virtual size: 120KB

.rdata
Size: 15KB - Virtual size: 15KB

.data
Size: 58KB - Virtual size: 57KB

.rsrc
Size: 78KB - Virtual size: 78KB