9aee5db89293ca8297ae68f88bd9f445623b8dabbb9ac7f2c41c39eb57f01c94

Sharing

Copy URL Twitter E-mail

General

Target

9aee5db89293ca8297ae68f88bd9f445623b8dabbb9ac7f2c41c39eb57f01c94
Size

99KB
MD5

0e3f269165e60ca93f56bf61cfc8e360
SHA1

97338b4d1e4838f35fe6e793be23ba00a9d2ac98
SHA256

9aee5db89293ca8297ae68f88bd9f445623b8dabbb9ac7f2c41c39eb57f01c94
SHA512

e6a5ddc51f11a57630adb2edf21815550dd82e1ab84cc74bd773c267eef5d1342203062061965d78d089adff5886673a63e33c1425f3cb1b82ca5388f4aff16c
SSDEEP

3072:eu+qhGhTUWOK/sK0HQCCKlhtfxaQp4aubZu7aD:b+qhO/sNHQCCyhtDeaSky

Score

N/A

Malware Config

Signatures

Files

9aee5db89293ca8297ae68f88bd9f445623b8dabbb9ac7f2c41c39eb57f01c94
.exe windows x86

39ffd653303861b3373fdacc91301f95

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegSetValueExW
RegQueryValueExW
RegCreateKeyExW
RegOpenKeyExW
RegEnumValueW
RegSetValueW
RegDeleteKeyW
GetLengthSid
GetNamedSecurityInfoW
SetNamedSecurityInfoW
OpenProcessToken
AddAccessAllowedAceEx
ConvertStringSidToSidW

kernel32

LoadLibraryW
SetErrorMode
GetSystemDirectoryW
GetVersionExW
CloseHandle
WriteFile
SizeofResource
CreateFileW
LockResource
LoadResource
FindResourceW
SetFileAttributesW
GetFileAttributesW
Sleep
GetTickCount
CreateProcessW
DeleteFileW
lstrcmpW
FindFirstFileExW
FindClose
FindNextFileW
FindFirstFileW
SetCurrentDirectoryW
FreeLibrary
GetShortPathNameW
GetSystemDefaultUILanguage
CreateDirectoryW
WaitForSingleObject
ExpandEnvironmentStringsW
CompareStringOrdinal
InterlockedDecrement
GetTempFileNameW
GetTempPathW
SetLastError
FindResourceExW
IsWow64Process
GetNativeSystemInfo
GetPrivateProfileStringW
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
GetStartupInfoW
InterlockedCompareExchange
InterlockedExchange
GetModuleFileNameW
LocalFree
LocalAlloc
GetModuleHandleW
GetProcAddress
GetVersion
GetEnvironmentVariableW
GetLastError
lstrlenW
GetCurrentDirectoryW
MapViewOfFile
CreateFileMappingW
GetLocaleInfoW
UnmapViewOfFile
GetUserDefaultUILanguage
SearchPathW
LoadLibraryExW

user32

BlockInput
UnhookWinEvent
SetTimer
GetShellWindow
LoadStringW
PostMessageW
GetMenuItemInfoW
GetMenuItemCount
DestroyMenu
CreatePopupMenu
SendInput
GetCursorPos
SystemParametersInfoW
PostQuitMessage
SetWinEventHook
KillTimer
DispatchMessageW
GetMessageW

msvcrt

??1type_info@@UAE@XZ
iswalpha
wcschr
??3@YAXPAX@Z
??2@YAPAXI@Z
_time64
_vsnwprintf
iswctype
memcpy
wcsncmp
_wcsnicmp
_wcsicmp
bsearch
memcpy_s
wcsrchr
fclose
swscanf_s
fgetws
_controlfp
_except_handler4_common
?terminate@@YAXXZ
memset
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_CxxThrowException
_wfopen_s

shell32

SHGetSpecialFolderPathW
SHSetLocalizedName
SHParseDisplayName
SHGetFolderPathW
SHBindToParent
ord190
ord526
ord165
SHChangeNotify
SHGetSpecialFolderLocation
ord155
SHGetDesktopFolder

ole32

OleUninitialize
CoTaskMemFree
PropVariantClear
CoCreateInstance
CoUninitialize
CoInitializeEx
OleInitialize

ieadvpack

RegRestoreAllW
ExecuteCabW
RunSetupCommandW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

shlwapi

SHRegGetUSValueW
PathIsNetworkPathW
PathCombineW
SHRegGetValueW
SHRegDeleteUSValueW
ord388
StrStrW
ord225
PathRemoveExtensionW
PathFindFileNameW
PathRemoveBlanksW
SHDeleteValueW
SHSetValueW
StrCmpIW
SHGetValueW
SHStrDupW
SHRegSetUSValueW
PathFileExistsW
StrStrIW
ord158
ord437
StrCmpNIW
SHDeleteKeyW
SHCopyKeyW

iertutil

ord650
ord39
ord33
ord57
ord654

oleacc

AccessibleObjectFromEvent

oleaut32

VariantInit
SysAllocString
VariantClear
SysFreeString

Sections

.text
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

39ffd653303861b3373fdacc91301f95

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

msvcrt

shell32

ole32

ieadvpack

version

shlwapi

iertutil

oleacc

oleaut32

Sections

.text Size: 63KB - Virtual size: 63KB

.data Size: 1KB - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 30KB - Virtual size: 32KB

.text
Size: 63KB - Virtual size: 63KB

.data
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 30KB - Virtual size: 32KB