dda08cb6ddac7c2f2ad95baeffdbbdd09919525768950a36d7c552f85270fd18

Sharing

Copy URL Twitter E-mail

General

Target

dda08cb6ddac7c2f2ad95baeffdbbdd09919525768950a36d7c552f85270fd18
Size

40KB
MD5

07288d8f24e960f23c6e91b2d2b7cff0
SHA1

dd05649025fba674585e74a5a367d5587b29f814
SHA256

dda08cb6ddac7c2f2ad95baeffdbbdd09919525768950a36d7c552f85270fd18
SHA512

5cfc039249168a9b010f5bcd6cf3e67a4adcb3ca267cb6143431bcfa26eba4dab017970d3a37d2227d79a044443fbcbcaba4bf1418c4abefd9bf6d4288a0da12
SSDEEP

768:UMyaD/ZUwuQDzgJ6/jkUNbpuZyNGS/3vwcBeX9GSE6vPt:UowQDloUzuZS/3BBE9w6vPt

Score

N/A

Malware Config

Signatures

Files

dda08cb6ddac7c2f2ad95baeffdbbdd09919525768950a36d7c552f85270fd18
.exe windows x86

d8a73106fe3b40ff2a6b6f7538f72355

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CredUnprotectW
CredIsProtectedW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
CheckTokenMembership

kernel32

HeapAlloc
GetProcessHeap
HeapFree
LocalFree
GetLastError
LocalAlloc
FreeLibrary
GetProcAddress
LoadLibraryW
ExpandEnvironmentStringsW
SetEvent
CloseHandle
WaitForSingleObject
CreateEventW
HeapSetInformation
DelayLoadFailureHook
InterlockedCompareExchange
LoadLibraryExA
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
GetStartupInfoA
Sleep
InterlockedExchange
UnhandledExceptionFilter

msvcrt

_controlfp
__p__commode
?terminate@@YAXXZ
_except_handler4_common
__set_app_type
__setusermatherr
_vsnwprintf
memcpy
_amsg_exit
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
memset
__p__fmode

rpcrt4

UuidFromStringW
NdrServerCall2
RpcServerUseProtseqW
RpcServerRegisterIfEx
RpcServerInqBindings
RpcEpRegisterW
RpcServerListen
RpcEpUnregister
RpcBindingVectorFree
RpcServerUnregisterIf
RpcBindingInqAuthClientW
RpcRevertToSelf
RpcImpersonateClient
I_RpcBindingIsClientLocal

ntdll

RtlNtStatusToDosError

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 916B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

geodsrv
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d8a73106fe3b40ff2a6b6f7538f72355

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

rpcrt4

ntdll

Sections

.text Size: 9KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 916B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 27KB - Virtual size: 29KB

geodsrv Size: - Virtual size: 4KB

.text
Size: 9KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 916B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 27KB - Virtual size: 29KB

geodsrv
Size: - Virtual size: 4KB