2a1cb490fd4fe7a428bad056f698210e02dd42146ce8220856f205847025ecbc

Sharing

Copy URL

Twitter E-mail

General

Target

2a1cb490fd4fe7a428bad056f698210e02dd42146ce8220856f205847025ecbc
Size

186KB
MD5

05ef4506c08edc2018cb98c8d3add850
SHA1

ffae6589b87dde697ea93504ada474ea99f7879c
SHA256

2a1cb490fd4fe7a428bad056f698210e02dd42146ce8220856f205847025ecbc
SHA512

a3c3780bb20445b6373e39676c902900f74bd2bdcefdfd19af272420fca039b49578f3328b047a92b278c08f625d02630cb099fe90710e08c820b8a2153cf53a
SSDEEP

3072:nqldsiZEQbZHh5r222yvquURQdWGsCp6gULDyPuljzSd8di/EJ:Esi+QB92FzawG6g0QMjzA8dg

Score

N/A

Malware Config

Signatures

Files

2a1cb490fd4fe7a428bad056f698210e02dd42146ce8220856f205847025ecbc
.exe windows x86

7a0e53303c6e211e4d722cd98256598b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CheckTokenMembership
OpenThreadToken
FreeSid
RegSetValueExW
RegCloseKey
RegCreateKeyExW
AllocateAndInitializeSid
RegDeleteValueW
RegGetValueW
RegOpenKeyExW
TraceMessage

kernel32

GetProcAddress
LoadLibraryW
FreeLibrary
WaitForSingleObject
GetCurrentProcessId
ProcessIdToSessionId
CreateEventW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetCurrentThread
HeapSetInformation
CreateMutexW
SetFilePointer
ReadFile
GetLastError
GlobalSize
GlobalLock
GlobalAlloc
GlobalUnlock
GlobalFree
FindNextFileW
FindFirstFileW
GetFileAttributesW
GetFileInformationByHandle
CloseHandle
GetTempFileNameW
DeleteFileW
CreateDirectoryW
ReadFileEx
QueueUserAPC
WaitForSingleObjectEx
WriteFile
GetOverlappedResult
CancelIo
GetModuleHandleW
FreeLibraryAndExitThread
TlsAlloc
TlsFree
CreateFileW
WideCharToMultiByte
MultiByteToWideChar
GetSystemInfo
OpenThread
SwitchToThread
TlsGetValue
TlsSetValue
GetModuleHandleExW
CreateThread
ReleaseSemaphore
CreateSemaphoreW
WaitForMultipleObjects
ResetEvent
SetEvent
InterlockedDecrement
InterlockedIncrement
InitializeCriticalSection
FindClose
InterlockedExchange
Sleep
InterlockedCompareExchange
GetStartupInfoA
SetUnhandledExceptionFilter
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
LocalAlloc
LocalFree

user32

CloseClipboard
IsWindow
EnumClipboardFormats
CountClipboardFormats
OpenClipboard
RegisterClipboardFormatW
SetClipboardData
EmptyClipboard
ChangeClipboardChain
GetClipboardViewer
GetClipboardData
IsClipboardFormatAvailable
SetClipboardViewer
LoadCursorW
LoadStringW
SendMessageW
UnregisterClassW
GetClipboardFormatNameW
SetWindowLongW
DefWindowProcW
GetWindowLongW
RegisterClassExW
RegisterClassW
GetClassInfoExW
PostQuitMessage
PostMessageW
SystemParametersInfoW
CreateWindowExW
DispatchMessageW
PeekMessageW
MsgWaitForMultipleObjectsEx
PostThreadMessageW
DestroyWindow

msvcrt

_exit
_cexit
__getmainargs
memset
_wcsicmp
_vsnwprintf
??3@YAXPAX@Z
??2@YAPAXI@Z
_XcptFilter
_ismbblead
exit
_acmdln
_initterm
_amsg_exit
__setusermatherr
_wcsnicmp
_onexit
_lock
__dllonexit
_purecall
memcpy
_ftol2_sse
wcsrchr
wcschr
vswprintf_s
_unlock
_controlfp
__p__commode
__p__fmode
__set_app_type
_except_handler4_common
?terminate@@YAXXZ

shell32

SHFileOperationW
SHChangeNotify
DragQueryFileW

winsta

WinStationIsSessionRemoteable
WinStationQueryInformationW
WinStationVirtualOpenEx

wtsapi32

WTSRegisterSessionNotification
WTSUnRegisterSessionNotification
WTSVirtualChannelOpen
WTSVirtualChannelQuery
WTSFreeMemory
WTSVirtualChannelClose

mpr

WNetAddConnection2W
WNetCancelConnection2W

rpcrt4

RpcImpersonateClient
RpcRevertToSelf
RpcServerUnregisterIfEx
RpcServerUseProtseqEpW
RpcServerRegisterIfEx
RpcServerListen
RpcBindingInqAuthClientW
NdrServerCall2

winspool.drv

GetPrinterDataW
OpenPrinterW
ord203
ord204
ClosePrinter

ole32

OleInitialize
OleSetClipboard
OleUninitialize
OleIsCurrentClipboard
ReleaseStgMedium
CoGetMalloc
OleGetClipboard

ntdll

RtlMultiByteToUnicodeN

gdi32

GetStockObject
DeleteMetaFile
GetMetaFileBitsEx
CloseMetaFile
PlayMetaFile
CreateMetaFileW
SetMetaFileBitsEx
GetPaletteEntries
GetObjectW
DeleteObject
CreatePalette

Sections

.text
Size: 153KB - Virtual size: 153KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7a0e53303c6e211e4d722cd98256598b

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

msvcrt

shell32

winsta

wtsapi32

mpr

rpcrt4

winspool.drv

ole32

ntdll

gdi32

Sections

.text Size: 153KB - Virtual size: 153KB

.data Size: 512B - Virtual size: 10KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 29KB - Virtual size: 32KB

.text
Size: 153KB - Virtual size: 153KB

.data
Size: 512B - Virtual size: 10KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 29KB - Virtual size: 32KB