996b3c8e57cc8982c99be733487c347b58ace05f576a5b1008c1f1b59cd9014d

Sharing

Copy URL Twitter E-mail

General

Target

996b3c8e57cc8982c99be733487c347b58ace05f576a5b1008c1f1b59cd9014d
Size

1.8MB
MD5

b55cb45a9f605817f9adb99ca9e43fb0
SHA1

30d2bb7129aa1d9830d3483a5d8217574729af02
SHA256

996b3c8e57cc8982c99be733487c347b58ace05f576a5b1008c1f1b59cd9014d
SHA512

c51fad58e1e696b0bab6129528ca88ab9f3e6d17b776ad6529d814fe674f6f56540e77ee0a926092707316198282e2181dc8723b6c62498f20767218329ffb11
SSDEEP

24576:H7BdEiDRCy8cQXEFS2FIbclEpotinxOl191tjVtegF:NiiDRCZRXEnFplEvnxOl19fVH

Score

N/A

Malware Config

Signatures

Files

996b3c8e57cc8982c99be733487c347b58ace05f576a5b1008c1f1b59cd9014d
.exe windows x64

b2d63901199864b3c1a8974f9312b307

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

SearchPathW
GetCurrentDirectoryW
Sleep
CreateFileW
CloseHandle
GetCurrentThread
GetProcAddress
GetModuleHandleW
WriteConsoleW
HeapSize
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
WaitForSingleObjectEx
GetExitCodeThread
QueryPerformanceCounter
QueryPerformanceFrequency
WideCharToMultiByte
GetSystemTimeAsFileTime
LocalFree
EncodePointer
DecodePointer
MultiByteToWideChar
LCMapStringEx
GetStringTypeW
GetCPInfo
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetCurrentProcessId
InitializeSListHead
GetCurrentProcess
TerminateProcess
GetLastError
RtlUnwindEx
RtlPcToFileHeader
RaiseException
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
ReadFile
GetConsoleMode
ReadConsoleW
GetFileType
GetModuleFileNameW
GetStdHandle
WriteFile
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapFree
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileSizeEx
SetFilePointerEx
FlushFileBuffers
GetConsoleOutputCP
SetStdHandle
SetEndOfFile
HeapReAlloc
FindClose
RtlUnwind

oleaut32

VariantClear

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 290KB - Virtual size: 290KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b2d63901199864b3c1a8974f9312b307

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

oleaut32

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 290KB - Virtual size: 290KB

.data Size: 6KB - Virtual size: 2.3MB

.pdata Size: 28KB - Virtual size: 27KB

_RDATA Size: 51KB - Virtual size: 51KB

.rsrc Size: 66KB - Virtual size: 66KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 290KB - Virtual size: 290KB

.data
Size: 6KB - Virtual size: 2.3MB

.pdata
Size: 28KB - Virtual size: 27KB

_RDATA
Size: 51KB - Virtual size: 51KB

.rsrc
Size: 66KB - Virtual size: 66KB