1fa95a63147a5cd3b278e540680a710f10ee276d77a3a836f0781bf1ffb8e0a9

Sharing

Copy URL Twitter E-mail

General

Target

1fa95a63147a5cd3b278e540680a710f10ee276d77a3a836f0781bf1ffb8e0a9
Size

132KB
MD5

07d0920d314d4aad914e3e2ebc677b2b
SHA1

b4c0083033209b448f222070644ca4484fb7c8c7
SHA256

1fa95a63147a5cd3b278e540680a710f10ee276d77a3a836f0781bf1ffb8e0a9
SHA512

fb30313e65aeefe00b74487b6aefd44672837c0b29a43897de6b2c000346541638ef11fce2d8c742579d75315a7e03557a718dd136f0a20090599529949ed69a
SSDEEP

3072:/A3IC1uDQZnWwfFi3h1zaqi3uO/hQJ7P2HDB/zU:/jCwDHM03hxNkuEhQJ7+1/z

Score

N/A

Malware Config

Signatures

Files

1fa95a63147a5cd3b278e540680a710f10ee276d77a3a836f0781bf1ffb8e0a9
.exe windows x86

28c440249c9ebd455d6bac855af403db

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcatA
GetVolumeInformationA
DeleteFileA
CreateFileA
GetDriveTypeA
GetCurrentProcess
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
VirtualProtect
LockResource
SizeofResource
LoadResource
FindResourceA
CreateProcessW
GetModuleFileNameW
lstrcatW
lstrcpyW
GetProcessHeap
GetModuleFileNameA
Sleep
ExitProcess
GetLastError
CreateMutexA
SetLastError
GetCommandLineA
FindFirstFileA
SetThreadContext
GetThreadContext
GetModuleHandleA
GetCommandLineW
GetTickCount
VirtualQuery
VirtualFreeEx
HeapFree
HeapAlloc
IsBadReadPtr
MoveFileExA
GetTempPathA
SetCurrentDirectoryA
FindClose
CreateDirectoryA
GetWindowsDirectoryA
CreateProcessA
TerminateProcess
OpenProcess
Process32Next
lstrcmpiA
Process32First
CreateToolhelp32Snapshot
GetVersionExA
WideCharToMultiByte
lstrcmpA
lstrcpyA
MoveFileA
SetFileAttributesA
GetFileAttributesA
CopyFileA
MultiByteToWideChar
FindNextFileA
LoadLibraryA
GetProcAddress
SetFileAttributesW
DeleteFileW
CreateFileW
lstrlenA
ResumeThread
CloseHandle

user32

wsprintfA
DestroyWindow
DispatchMessageA
PostQuitMessage
DefWindowProcA
RegisterDeviceNotificationA
TranslateMessage
GetMessageA
CreateWindowExA
RegisterClassA
CharLowerA
FindWindowExA
GetDesktopWindow
UnregisterDeviceNotification

advapi32

RegEnumKeyA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegEnumValueA
RegOpenKeyExA
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegQueryValueExA
InitiateSystemShutdownExA
RegCloseKey

shell32

SHGetFolderPathW
SHGetFolderPathA

ole32

CoCreateInstance
CoUninitialize
CLSIDFromString
CoCreateGuid

shlwapi

StrChrA
StrRChrA
StrStrA

rpcrt4

UuidToStringA

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

28c440249c9ebd455d6bac855af403db

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

shlwapi

rpcrt4

Sections

.text Size: 24KB - Virtual size: 24KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 96KB - Virtual size: 96KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 24KB - Virtual size: 24KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 96KB - Virtual size: 96KB

.reloc
Size: 4KB - Virtual size: 1KB