d7e8df27790b1714817544b11809947ce503bf597c41c9a235d5c04559eb5940

Sharing

Copy URL

Twitter E-mail

General

Target

d7e8df27790b1714817544b11809947ce503bf597c41c9a235d5c04559eb5940
Size

56KB
MD5

0d2572f55932db8ad5b6ac824cbba910
SHA1

532cee38535d6e59cf7938d6345f6abee1605cdf
SHA256

d7e8df27790b1714817544b11809947ce503bf597c41c9a235d5c04559eb5940
SHA512

4cd668b50228e188a3f34ad169fdd064e0d297fb25343683a6f9f079a753ec2eb7045a1aa1e87300c8819152f7a8371eb964c5c64f7c45440b6110665e58fe0c
SSDEEP

1536:p5XZchDQBxDVBYZuJ2D6DEe45gGetkVgge:p5XZchDQ7ZmuwucgGI

Score

N/A

Malware Config

Signatures

Files

d7e8df27790b1714817544b11809947ce503bf597c41c9a235d5c04559eb5940
.exe windows x86

a55c1f3c672d15089b5c25657ffeb5b3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

IsTextUnicode

kernel32

GetProcessHeap
InterlockedIncrement
GetLastError
HeapDestroy
FreeLibrary
CloseHandle
SetEvent
WaitForSingleObject
DuplicateHandle
GetCurrentProcess
LocalFree
LocalAlloc
GetProcAddress
LoadLibraryW
GetCommandLineW
WriteFile
WideCharToMultiByte
GetConsoleOutputCP
WriteConsoleW
GetFileType
GetStdHandle
CreateEventW
InterlockedDecrement
LeaveCriticalSection
EnterCriticalSection
GetModuleHandleW
SetLastError
FormatMessageW
WaitForMultipleObjects
ReadFile
GetConsoleCP
ReadConsoleW
CreateThread
ExitProcess
LoadLibraryExW
CancelIoEx
SetStdHandle
WriteConsoleInputA
SetConsoleMode
GetConsoleMode
InterlockedExchange
InterlockedCompareExchange
DeleteCriticalSection
SetConsoleCtrlHandler
InitializeCriticalSection
HeapSetInformation
SetThreadPreferredUILanguages
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
UnhandledExceptionFilter
GetModuleHandleA
SetUnhandledExceptionFilter
Sleep

msvcrt

_vsnwprintf
memcpy
malloc
_except_handler4_common
_purecall
memset
?terminate@@YAXXZ
_wcsnicmp
_onexit
__CxxFrameHandler3
_controlfp
_lock
__dllonexit
_unlock
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
free
_strnicmp
isdigit
_snwscanf_s
_wcsicmp

ntdll

EtwRegisterTraceGuidsW
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwGetTraceEnableFlags
EtwLogTraceEvent
EtwUnregisterTraceGuids

user32

LoadStringW
LoadStringA

credui

CredUICmdLinePromptForCredentialsW

wsmsvc

WSManSetSessionOption
WSManCreateShell
WSManRunShellCommand
WSManReceiveShellOutput
WSManSignalShell
WSManSendShellInput
WSManCreateSession
WSManCloseCommand
WSManCloseShell
WSManCloseSession
WSManDeinitialize
?Free@WSManMemory@@SGXPAXABVCallSite@TestSystem@@@Z
?Alloc@WSManMemory@@SGPAXIABVCallSite@TestSystem@@W4Mode@3@@Z
WSManInitialize
WSManCloseOperation

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a55c1f3c672d15089b5c25657ffeb5b3

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

ntdll

user32

credui

wsmsvc

Sections

.text Size: 31KB - Virtual size: 31KB

.data Size: 1KB - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 20KB - Virtual size: 23KB

.text
Size: 31KB - Virtual size: 31KB

.data
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 20KB - Virtual size: 23KB