90bfbc09206a27842c82bc1376a17157d6fe3df38f7e45ab8b4b208711205335

Sharing

Copy URL Twitter E-mail

General

Target

90bfbc09206a27842c82bc1376a17157d6fe3df38f7e45ab8b4b208711205335
Size

355KB
MD5

0e245dbe60f4aed7f0b6a6f7b6e78d4d
SHA1

3577bde4121cfb5831dcc5273a1ff2b108e4b123
SHA256

90bfbc09206a27842c82bc1376a17157d6fe3df38f7e45ab8b4b208711205335
SHA512

3ec197798272ce33f09dd5e67f983b8db9a184137f7e709e76740a0a0bbec2b38fdae2ad7d6b46ad8ee4cd72559192b63a38094b6fdd03783cab4f5d7fa7f889
SSDEEP

6144:COllyOFActw072Gr6c4EDC4Qx5y6zkCAP/nQ5/C4M2nVpi+OA6q5KrDAH:CN0wM6c4gsx5HzkCk/nQ5/C4VLhOA6qv

Score

N/A

Malware Config

Signatures

Files

90bfbc09206a27842c82bc1376a17157d6fe3df38f7e45ab8b4b208711205335
.exe windows x86

49ba1576cfcfa7bc7bbfd016a442dbc6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wintrust

WinVerifyTrust

psapi

EnumProcesses
EnumProcessModules
GetModuleBaseNameW

rpcrt4

UuidToStringW
RpcStringFreeW

kernel32

CreateMutexW
GetCurrentProcessId
WritePrivateProfileStructA
GetPrivateProfileStructA
GetPrivateProfileStringA
GetFileAttributesW
CreateDirectoryW
WriteFile
SetFilePointer
ReadFile
GetFileSize
CreateFileA
GetWindowsDirectoryA
MoveFileExW
SetFileAttributesW
DeleteFileW
RemoveDirectoryW
GetCurrentDirectoryW
InterlockedDecrement
InterlockedIncrement
ReleaseMutex
OutputDebugStringW
GetLocalTime
GetCurrentThreadId
CreateFileW
WaitForSingleObject
lstrlenW
GetCurrentThread
IsBadStringPtrW
PulseEvent
GetSystemPowerStatus
OpenThread
GetModuleHandleW
SetUnhandledExceptionFilter
ExitProcess
OpenProcess
GetExitCodeThread
GetUserDefaultLCID
lstrlenA
VirtualQuery
InterlockedCompareExchange
lstrcatA
GetShortPathNameA
Module32FirstW
GetModuleFileNameA
CreateToolhelp32Snapshot
Module32NextW
lstrcpyA
SetErrorMode
SystemTimeToFileTime
GetVersionExA
LoadLibraryA
GetSystemDirectoryA
Module32Next
Module32First
FindFirstFileA
IsBadWritePtr
GetLocaleInfoW
GetConsoleMode
GetConsoleCP
WaitForMultipleObjects
ResetEvent
MultiByteToWideChar
FindFirstFileW
IsBadReadPtr
FindNextFileW
FindClose
GetCurrentProcess
GlobalAlloc
GlobalFree
GetShortPathNameW
EnterCriticalSection
GetSystemDirectoryW
LeaveCriticalSection
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
WideCharToMultiByte
GetModuleFileNameW
LoadLibraryW
GetProcAddress
FreeLibrary
GetModuleHandleA
DeleteCriticalSection
InitializeCriticalSection
CloseHandle
CreateEventW
GetLastError
SetEvent
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
Sleep
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetTickCount
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
InitializeCriticalSectionAndSpinCount
IsValidCodePage
GetOEMCP
GetStdHandle
VirtualFree
HeapCreate
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStringTypeW
LCMapStringW
LCMapStringA
GetCPInfo
RtlUnwind
RaiseException
GetStartupInfoA
GetCommandLineA
GetSystemTimeAsFileTime
CreateThread
ExitThread
GetSystemInfo
VirtualAlloc
VirtualProtect
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
InterlockedExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy

user32

GetSystemMetrics
ExitWindowsEx
wsprintfW

advapi32

GetTokenInformation
RegDeleteKeyA
InitiateSystemShutdownW
RegNotifyChangeKeyValue
AdjustTokenPrivileges
LookupPrivilegeValueW
RegisterServiceCtrlHandlerExW
SetServiceStatus
StartServiceCtrlDispatcherW
OpenThreadToken
SetThreadToken
RegOpenKeyExW
RegQueryValueExW
RegQueryValueExA
OpenProcessToken
AllocateAndInitializeSid
EqualSid
FreeSid
RegCreateKeyExA
RegEnumKeyExA
RegOpenKeyExA
RegCloseKey
RegSetValueExA
MakeAbsoluteSD
InitializeSecurityDescriptor
GetAclInformation
InitializeAcl
AddAce
SetSecurityDescriptorDacl
GetSecurityDescriptorControl
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
IsValidSid
CopySid
GetLengthSid

shell32

SHGetFolderPathW

ole32

CoCreateFreeThreadedMarshaler
CoRegisterClassObject
CoResumeClassObjects
CoRevokeClassObject
CoReleaseServerProcess
CoImpersonateClient
CoRevertToSelf
CoGetClassObject
CoCreateInstance
CoAddRefServerProcess
CoUninitialize
CoInitializeEx

oleaut32

VariantClear
DispInvoke
DispGetIDsOfNames
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SafeArrayGetDim
VariantCopy
VarBstrCmp
VarBstrCat
SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
SysStringLen
VarBstrFromCy
VarBstrFromDec
VarBstrFromDate
SysFreeString
SafeArrayRedim
SafeArrayUnlock
SafeArrayLock
SafeArrayDestroy
SafeArrayCreate
SafeArrayGetUBound
VariantCopyInd
SafeArrayGetLBound
VariantChangeType
SafeArrayGetElement
SystemTimeToVariantTime
SafeArrayCopy
SafeArrayGetVartype
SysAllocString
LoadRegTypeLi
VariantInit

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory

Sections

.text
Size: 258KB - Virtual size: 257KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

49ba1576cfcfa7bc7bbfd016a442dbc6

Headers

DLL Characteristics

File Characteristics

Imports

wintrust

psapi

rpcrt4

kernel32

user32

advapi32

shell32

ole32

oleaut32

wtsapi32

Sections

.text Size: 258KB - Virtual size: 257KB

.rdata Size: 54KB - Virtual size: 53KB

.data Size: 6KB - Virtual size: 14KB

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 20KB - Virtual size: 19KB

.text
Size: 258KB - Virtual size: 257KB

.rdata
Size: 54KB - Virtual size: 53KB

.data
Size: 6KB - Virtual size: 14KB

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 20KB - Virtual size: 19KB