49edaefeb89a970de6c49532e09eca0c99747b21fd4417a74da936e34e696a35

Sharing

Copy URL Twitter E-mail

General

Target

49edaefeb89a970de6c49532e09eca0c99747b21fd4417a74da936e34e696a35
Size

56KB
MD5

11f95ce5a0a00eae49a530e3cfb21c83
SHA1

643c1f04695ebd9d01648d71237b30695ef111dd
SHA256

49edaefeb89a970de6c49532e09eca0c99747b21fd4417a74da936e34e696a35
SHA512

1a05826a1c3e59fd6a7d20884988cde466f5d440d749db948cdc709195954c6145d4af0087954da1061b5a6a813964dca23cd62a1dde4d15cdb4d73f84b5f322
SSDEEP

1536:rbYRo22UsLgxiYFOEaTCCAztXLgahVzF+qcKlA:rY9iiCAQlKm

Score

N/A

Malware Config

Signatures

Files

49edaefeb89a970de6c49532e09eca0c99747b21fd4417a74da936e34e696a35
.exe windows x86

209d8fa8e64a6961346d0e13473ac1de

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegRestoreKeyA
QueryServiceStatus
CreateProcessAsUserA
DeregisterEventSource
RegOpenKeyExA
LookupPrivilegeValueA
CloseEventLog
InitiateSystemShutdownA
RegNotifyChangeKeyValue
GetUserNameW
OpenEncryptedFileRawW
GetUserNameA
RegCreateKeyA
RegGetKeySecurity
RegFlushKey
DuplicateTokenEx
CloseServiceHandle
RegSetValueExA
RegQueryInfoKeyA
OpenServiceW
OpenSCManagerA
RegEnumKeyExW
GetTokenInformation
AdjustTokenPrivileges
RegCreateKeyExW
GetFileSecurityA
RegEnumKeyExA
RegCreateKeyExA
RegSetKeySecurity
GetNumberOfEventLogRecords
IsValidSid
BackupEventLogA
OpenProcessToken
RegCloseKey
RegQueryValueExA

user32

GetCapture

msi

ord241

kernel32

SetFilePointerEx
SetFilePointer
SetLastError
GetEnvironmentStrings
GetCurrentThread
GetCurrentProcessId
GetModuleHandleA
lstrcmpA
InitializeCriticalSectionAndSpinCount
WideCharToMultiByte
GetVersionExW
InterlockedCompareExchange
CreateFileA
InterlockedExchange
WriteFile
LeaveCriticalSection
ExitProcess
FreeLibrary
WaitForSingleObject
HeapAlloc
DeleteCriticalSection
GetEnvironmentStringsW
LoadLibraryA
MultiByteToWideChar
EnterCriticalSection
GetModuleHandleW
HeapFree
WaitForSingleObjectEx
GetStartupInfoA

msvcrt

_onexit
__dllonexit
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.xcode
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 526B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

209d8fa8e64a6961346d0e13473ac1de

Headers

File Characteristics

Imports

advapi32

user32

msi

kernel32

msvcrt

Sections

.text Size: 8KB - Virtual size: 7KB

.xcode Size: 4KB - Virtual size: 2KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 16KB - Virtual size: 31KB

.rsrc Size: 16KB - Virtual size: 15KB

.reloc Size: 4KB - Virtual size: 526B

.text
Size: 8KB - Virtual size: 7KB

.xcode
Size: 4KB - Virtual size: 2KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 16KB - Virtual size: 31KB

.rsrc
Size: 16KB - Virtual size: 15KB

.reloc
Size: 4KB - Virtual size: 526B