769417d659d4c7177a8797f0e1995b50cb3de787a496c8fb133dc8e5df19530d

Sharing

Copy URL Twitter E-mail

General

Target

769417d659d4c7177a8797f0e1995b50cb3de787a496c8fb133dc8e5df19530d
Size

62KB
MD5

0e724654cd7dd64e41e15cb800478e0e
SHA1

083d2c2b719600a4f3dd2d329a36a3448e862ab5
SHA256

769417d659d4c7177a8797f0e1995b50cb3de787a496c8fb133dc8e5df19530d
SHA512

a2c7ba8014eb7336964425c288b3bcb000d1714ec532b0bbcd474b0190b316368009fefc2576cebfec37ac3f6adea6f0397f3b25f7c5efbd8e52dc6d18e2f66a
SSDEEP

768:XtSzx+fEICvgsoTd5T5n9Fsh7CJllt4mQilVqThVUz452lR6qJYsVB3ybCmn:sxelmgsArN33cilV6aLlcsn36Cmn

Score

N/A

Malware Config

Signatures

Files

769417d659d4c7177a8797f0e1995b50cb3de787a496c8fb133dc8e5df19530d
.exe windows x86

801177a172f9be15b3f1b338943b9de9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteFile
GetCurrentProcessId
WaitNamedPipeW
CreateFileW
FreeLibrary
LoadLibraryW
lstrcatW
GetSystemDirectoryW
DeviceIoControl
CreateEventW
CreateThread
GetExitCodeThread
SetEvent
WaitForMultipleObjects
ExitThread
FindFirstFileW
FindClose
lstrcpyW
SetThreadPriority
GetModuleHandleW
GetProcAddress
GetCommandLineW
GlobalFree
OpenFileMappingW
GetVersionExW
ReadFile
GetShortPathNameW
GetCurrentProcess
WTSGetActiveConsoleSessionId
WaitForSingleObject
SetLastError
CloseHandle
MapViewOfFile
UnmapViewOfFile
LocalFree
Sleep
GetLastError
LCMapStringW
LCMapStringA
SetStdHandle
LoadLibraryA
IsBadWritePtr
HeapReAlloc
VirtualAlloc
HeapAlloc
GetOEMCP
GetACP
GetCPInfo
SetFilePointer
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
RtlUnwind
LocalSize
LocalReAlloc
LocalAlloc
lstrcmpiW
CreateFileMappingW
lstrlenW
WideCharToMultiByte
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
FlushFileBuffers

advapi32

OpenSCManagerW
RegNotifyChangeKeyValue
RegSetValueExW
RegCreateKeyExW
StartServiceCtrlDispatcherW
OpenServiceW
QueryServiceStatus
ControlService
CloseServiceHandle
RegisterServiceCtrlHandlerExW
RegQueryValueExW
LookupPrivilegeValueW
OpenProcessToken
AdjustTokenPrivileges
SetServiceStatus
AllocateAndInitializeSid
SetEntriesInAclW
SetNamedSecurityInfoW
FreeSid
DuplicateTokenEx
SetTokenInformation
ImpersonateLoggedOnUser
CreateProcessAsUserW
RevertToSelf
RegOpenKeyExW
RegQueryValueExA
RegCloseKey

wtsapi32

WTSFreeMemory
WTSQueryUserToken
WTSQuerySessionInformationW

shell32

CommandLineToArgvW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW

wintrust

WinVerifyTrust

crypt32

CertEnumCertificatesInStore
CertGetNameStringW
CertFreeCertificateContext
CertCloseStore
CryptQueryObject

Sections

.text
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

801177a172f9be15b3f1b338943b9de9

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

wtsapi32

shell32

userenv

setupapi

wintrust

crypt32

Sections

.text Size: 36KB - Virtual size: 36KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 13KB - Virtual size: 18KB

.rsrc Size: 3KB - Virtual size: 3KB

.text
Size: 36KB - Virtual size: 36KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 13KB - Virtual size: 18KB

.rsrc
Size: 3KB - Virtual size: 3KB