1a46fa4f2158f7a186dd390f24d14ad54da0fca282227ada670938ea2408a457

Sharing

Copy URL Twitter E-mail

General

Target

1a46fa4f2158f7a186dd390f24d14ad54da0fca282227ada670938ea2408a457
Size

274KB
MD5

3a0de664a4d753d6ec3887b8ad5d0b90
SHA1

a8f87fc58205ee4359aed3238ce62c851f6d6add
SHA256

1a46fa4f2158f7a186dd390f24d14ad54da0fca282227ada670938ea2408a457
SHA512

d7df75ad364afbcf2af110af0c6fb8ee6072e0d9be28076f90c82fa20fa1b611ba3a45119f663483d7ba850b28d78ccf9ca057a22e3cebdf324d219072bd52f5
SSDEEP

6144:aoY1sFRVGQQ5AkmzMgwo/n0x4jhqQa3sHqsJQjb/yQjaFScijKMKkw1Vw1VUY:ao/zGQQ5GQmjUZ8pJQ7jamvcVS

Score

N/A

Malware Config

Signatures

Files

1a46fa4f2158f7a186dd390f24d14ad54da0fca282227ada670938ea2408a457
.exe windows x86

20eea0c56f21ff7ac025150e208c56f6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

strchr
__initenv
_stricmp
__getmainargs
malloc
__setusermatherr
wcscat
_exit
wcschr
_itoa
wcslen
??3@YAXPAX@Z
strrchr
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
wcsrchr
_snprintf
toupper
_c_exit
??2@YAPAXI@Z
wcscpy
_except_handler3
wcscmp
_snwprintf
isdigit
_initterm
memmove
sprintf
free
strncpy
memchr
towlower
_wcsicmp
calloc
strtoul
_controlfp
_strcmpi
_cexit
wcsncpy
wcsncat
__p__fmode
_wcsnicmp
_XcptFilter
_adjust_fdiv

ws2_32

WSASocketW

advapi32

AllocateAndInitializeSid
LsaClose
RegOpenKeyExW
RegisterEventSourceW
DuplicateTokenEx
GetSecurityDescriptorLength
LookupPrivilegeValueW
AdjustTokenPrivileges
RegSetValueExW
GetLengthSid
FreeSid
RegLoadKeyA
RegQueryValueExA
GetSidSubAuthority
RegOpenKeyW
LookupAccountSidW
RegOpenKeyExA
LogonUserW
InitializeAcl
ReportEventW
RegCreateKeyExW
GetSidSubAuthorityCount
RegCloseKey
OpenThreadToken
RegCreateKeyA
LsaOpenPolicy
InitializeSecurityDescriptor
RevertToSelf
LookupAccountNameW
SetSecurityDescriptorDacl
IsValidSid
CryptAcquireContextW
RegQueryValueExW
EqualSid
CreateProcessAsUserW
GetAce
RegSetKeySecurity
CryptGenRandom
OpenProcessToken
LsaFreeMemory
GetSidIdentifierAuthority
LsaQueryInformationPolicy
AddAccessAllowedAce
GetTokenInformation
DeregisterEventSource
MakeSelfRelativeSD
CryptReleaseContext
ImpersonateLoggedOnUser

kernel32

GetCurrentProcess
GetExitCodeProcess
CloseHandle
SetLastError
WriteFile
CreateFileW
lstrlenW
lstrcatA
GetStdHandle
LocalAlloc
HeapFree
GetLocalTime
ExpandEnvironmentStringsW
WriteConsoleInputA
GetOverlappedResult
GetSystemDefaultLCID
FreeLibrary
CreateFileA
SetConsoleScreenBufferSize
ReleaseMutex
IsDBCSLeadByte
GetProcessHeap
GlobalFree
GetConsoleScreenBufferInfo
ReadFile
LocalFree
GetCPInfo
GetConsoleCP
WriteConsoleInputW
WaitForSingleObject
SetUnhandledExceptionFilter
FormatMessageW
OpenProcess
GetTickCount
GetCurrentProcessId
DuplicateHandle
lstrcpyW
GlobalAlloc
WideCharToMultiByte
VirtualFree
SetEnvironmentVariableA
SetConsoleWindowInfo
GetACP
WriteConsoleW
FormatMessageA
ReadConsoleOutputA
HeapAlloc
LoadLibraryW
ExpandEnvironmentStringsA
FreeConsole
lstrcpyA
LoadLibraryExW
GetCurrentThread
GetLocaleInfoW
GenerateConsoleCtrlEvent
CreateNamedPipeW
GetStartupInfoA
GetModuleHandleA
CreateEventW
GetModuleFileNameA
MultiByteToWideChar
WaitForMultipleObjects
AllocConsole
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetSystemDirectoryW
SetConsoleCtrlHandler
GetLastError
GetSystemDirectoryA
SetEnvironmentVariableW
GetConsoleMode
GetProcAddress
GetComputerNameW
SetErrorMode
SetHandleInformation
ReadConsoleOutputW
GlobalFindAtomA
CancelIo

mpr

WNetAddConnection2W
WNetCloseEnum
WNetEnumResourceW
WNetOpenEnumW
WNetCancelConnection2W

netapi32

NetApiBufferFree
NetUserGetInfo
NetGetAnyDCName

aclui

IID_ISecurityInformation
EditSecurity
CreateSecurityPage

shell32

SHGetFolderPathW

Sections

.text
Size: 125KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

20eea0c56f21ff7ac025150e208c56f6

Headers

File Characteristics

Imports

msvcrt

ws2_32

advapi32

kernel32

mpr

netapi32

aclui

shell32

Sections

.text Size: 125KB - Virtual size: 124KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 58KB - Virtual size: 57KB

.rsrc Size: 78KB - Virtual size: 78KB

.text
Size: 125KB - Virtual size: 124KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 58KB - Virtual size: 57KB

.rsrc
Size: 78KB - Virtual size: 78KB