83b68308585455a2422ad4e6f97140590422b3074c122adb560c85cb687e415b

Sharing

Copy URL Twitter E-mail

General

Target

83b68308585455a2422ad4e6f97140590422b3074c122adb560c85cb687e415b
Size

2.0MB
MD5

02edf0fcdfcf15aae136b7c51f064ca0
SHA1

a08aab8b303ef8770a7f2db8ce8524a831f7401d
SHA256

83b68308585455a2422ad4e6f97140590422b3074c122adb560c85cb687e415b
SHA512

a382d932764538e473e42aec89c3f358fa7799758acda134cb2b7b79217052ef8b7d8be4d6f6a914037c453ff82ed73b100d5bd55549c2645bc74c66352ba4a4
SSDEEP

12288:SQzec332EXJFKddhy6hYRoue15Mrrw8NGo8ic8AThOmAuBC4TkKK3FY4OfR+EoVJ:SQzecAGrks8icDDBQDFvOfR+32U

Score

N/A

Malware Config

Signatures

Files

83b68308585455a2422ad4e6f97140590422b3074c122adb560c85cb687e415b
.exe windows x86

bc8924a4ec7996c55371cfb471903ff2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

secur32

GetUserNameExW

winmm

timeGetTime

shlwapi

SHDeleteKeyW

advapi32

RegGetKeySecurity
BuildTrusteeWithSidW
AdjustTokenPrivileges
CheckTokenMembership
BuildExplicitAccessWithNameW
FreeSid
SetEntriesInAclW
AllocateAndInitializeSid
GetNamedSecurityInfoW
CreateProcessAsUserW
OpenProcessToken
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegSetValueExW
GetUserNameW
GetExplicitEntriesFromAclW
AccessCheck
DuplicateToken
SetNamedSecurityInfoW
LookupPrivilegeValueW

kernel32

OutputDebugStringW
GetDriveTypeW
SetEnvironmentVariableA
GetUserDefaultUILanguage
LoadLibraryExA
FreeLibrary
ReadConsoleW
CreateFileW
ReadFile
CloseHandle
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
CreateFileA
WriteFile
QueryPerformanceCounter
QueryPerformanceFrequency
GetCommandLineW
LocalFree
IsDebuggerPresent
DeleteFileW
SetFilePointer
OutputDebugStringA
GetLastError
SetLastError
ReleaseMutex
WaitForSingleObject
CreateMutexW
GetCurrentProcessId
GetTickCount
FormatMessageA
GetCurrentThreadId
GetCurrentDirectoryW
CreateDirectoryW
GetFileAttributesW
GetFileAttributesExW
GetLongPathNameW
GetTempFileNameW
RemoveDirectoryW
SetFileAttributesW
GetTempPathW
GetCurrentProcess
CopyFileW
MoveFileW
MoveFileExW
ReplaceFileW
DuplicateHandle
GetModuleHandleW
GetProcAddress
GetStdHandle
SetHandleInformation
CreatePipe
ResumeThread
CreateProcessW
AssignProcessToJobObject
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
RaiseException
Sleep
CreateThread
GetCurrentThread
GetSystemTimeAsFileTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime
SystemTimeToFileTime
FlushFileBuffers
SetEndOfFile
SetFilePointerEx
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
EncodePointer
GetWindowsDirectoryW
TerminateProcess
GetVersionExW
GetNativeSystemInfo
GetModuleHandleExW
ExpandEnvironmentStringsW
CreateEventW
GetModuleHandleA
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
HeapSetInformation
SetEvent
HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
HeapSize
DecodePointer
FindResourceExW
LoadResource
LockResource
lstrlenA
WriteConsoleW
GetTimeZoneInformation
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
LoadLibraryExW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
RtlUnwind
GetFileType
SetStdHandle
GetFullPathNameW
GetConsoleMode
GetConsoleCP
ExitProcess
IsProcessorFeaturePresent
GetStringTypeW
GetSystemDirectoryW

ole32

CoCreateInstance
CoUninitialize
CoInitializeEx
CoTaskMemFree

oleaut32

VariantChangeType
SysFreeString
SysStringByteLen
VariantInit
SysAllocString
VariantClear
VariantTimeToSystemTime
SysAllocStringByteLen

user32

MessageBoxW
WaitForInputIdle

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

Exports

Exports

Launch

Sections

.text
Size: 399KB - Virtual size: 398KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 7KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 383KB - Virtual size: 382KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 86KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

bc8924a4ec7996c55371cfb471903ff2

Headers

DLL Characteristics

File Characteristics

Imports

secur32

winmm

shlwapi

advapi32

kernel32

ole32

oleaut32

user32

userenv

Exports

Exports

Sections

.text Size: 399KB - Virtual size: 398KB

.rdata Size: 58KB - Virtual size: 58KB

.data Size: 7KB - Virtual size: 19KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 383KB - Virtual size: 382KB

.reloc Size: 86KB - Virtual size: 88KB

.text
Size: 399KB - Virtual size: 398KB

.rdata
Size: 58KB - Virtual size: 58KB

.data
Size: 7KB - Virtual size: 19KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 383KB - Virtual size: 382KB

.reloc
Size: 86KB - Virtual size: 88KB