505113440bde8aa9bede448c3bb95fdac82851fc115c1e8829c36c0213e50630

Sharing

Copy URL Twitter E-mail

General

Target

505113440bde8aa9bede448c3bb95fdac82851fc115c1e8829c36c0213e50630
Size

260KB
MD5

26bfea7c1d506c4f44944c25b4076234
SHA1

f249d190a49eb5c3c08f50087000b4e5d3d548ca
SHA256

505113440bde8aa9bede448c3bb95fdac82851fc115c1e8829c36c0213e50630
SHA512

93ea94970a2e0cdc46f51e728040c81cb3dcb33f343970db5872100ee575d5dc24f2ab48bec375f98d6a60674fcfa50a955326272580462438f298d9be253e5d
SSDEEP

6144:Q+bG7PD3j+SAMFOcKQaXJT0dY+9zdhwZwC/WXQs:3G7PFnKQaXun9zdhwaCeA

Score

N/A

Malware Config

Signatures

Files

505113440bde8aa9bede448c3bb95fdac82851fc115c1e8829c36c0213e50630
.exe windows x86

98c8138f43f308f5a64ead9afe136106

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHGetFolderPathW

shlwapi

PathAppendW

kernel32

lstrlenW
IsDebuggerPresent
GetACP
HeapFree
SetThreadLocale
HeapReAlloc
GetThreadLocale
FindResourceExW
LockResource
RaiseException
CreateDirectoryW
FormatMessageW
CopyFileW
DeleteCriticalSection
LeaveCriticalSection
CreateEventW
WaitForSingleObject
CreateFileW
lstrlenA
HeapSize
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
HeapDestroy
GetCurrentThreadId
SizeofResource
EnterCriticalSection
SignalObjectAndWait
HeapAlloc
UnhandledExceptionFilter
WideCharToMultiByte
FindResourceW
CloseHandle
GetProcessHeap
LocalFree
LoadResource
CreateThread
BeginUpdateResourceW
VirtualAllocEx

advapi32

EqualSid
RegEnumValueW
InitializeSid
GetSidLengthRequired
RegQueryValueExW
ConvertStringSidToSidW
ReportEventW
RegCloseKey
IsValidSid
RegOpenKeyExW
GetSidSubAuthority
RegEnumKeyExW
OpenProcessToken
DeregisterEventSource
RegisterEventSourceW
OpenThreadToken
GetLengthSid
GetTokenInformation
CopySid

user32

UnregisterClassA

userenv

UnloadUserProfile

ole32

CLSIDFromString
CLSIDFromProgID
CoUninitialize
CoImpersonateClient
CoInitializeEx
CoCreateInstance
OleRun
CoRevertToSelf

oleaut32

SafeArrayGetVartype
SafeArrayCreate
VariantInit
SysStringByteLen
SafeArrayGetLBound
SafeArrayDestroy
VariantCopyInd
SafeArrayGetUBound
SafeArrayCopy
VariantChangeType
SysAllocStringLen
SysFreeString
VariantCopy
VariantClear
SafeArrayRedim
LoadTypeLi
SafeArrayUnlock
SysStringLen
SafeArrayLock
VarBstrCmp
SysAllocStringByteLen
GetErrorInfo
LoadRegTypeLi
SysAllocString

cmutil

CmAtolA
CmLoadImageW
CmStrCpyAllocA
ReleaseBold
CmEndOfStrW

kbduzb

KbdLayerDescriptor

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 229KB - Virtual size: 598KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

98c8138f43f308f5a64ead9afe136106

Headers

File Characteristics

Imports

shell32

shlwapi

kernel32

advapi32

user32

userenv

ole32

oleaut32

cmutil

kbduzb

Sections

.text Size: 27KB - Virtual size: 26KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 229KB - Virtual size: 598KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 27KB - Virtual size: 26KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 229KB - Virtual size: 598KB

.rsrc
Size: 512B - Virtual size: 4KB