6d905532ada4dde9d5f43abdd8a1092449bb74cd737a513e46dea41b5b159ae1

Sharing

Copy URL Twitter E-mail

General

Target

6d905532ada4dde9d5f43abdd8a1092449bb74cd737a513e46dea41b5b159ae1
Size

568KB
MD5

2c399493dd410731b60cc0a06fbd22a0
SHA1

5ee11bdc6a46efad0b3b131c16572b86c4bd4311
SHA256

6d905532ada4dde9d5f43abdd8a1092449bb74cd737a513e46dea41b5b159ae1
SHA512

f6b6539de747620b3f4cde1541c6b8024f63decec486b99cd2a3eb542e9d04789073aaed6e52eef758254cf31eb4fd41b21e885b9028cb09f8f9b2bbb9bea71f
SSDEEP

12288:Bec5RedbioXjj3/vw97RJxLY8pYybQrHwUhF1tmnywKzvP7cRA:BeMe9ioXjj3/vw95k2YyWhftmngvP9

Score

N/A

Malware Config

Signatures

Files

6d905532ada4dde9d5f43abdd8a1092449bb74cd737a513e46dea41b5b159ae1
.exe windows x86

639c23925b2cb89a203931ce8f743630

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

imm32

ImmDisableIME

kernel32

CreateFileMappingW
OpenFileMappingW
CreateMutexW
OpenMutexW
ReleaseMutex
GetCommandLineW
GetCurrentProcess
GetModuleHandleW
LoadLibraryW
GetModuleFileNameW
GetTempPathW
GetProcAddress
GetCurrentProcessId
InterlockedIncrement
CreateProcessW
MoveFileExW
Sleep
CopyFileW
FileTimeToSystemTime
GetCurrentThreadId
SetFileAttributesW
SetFilePointer
WriteFile
FormatMessageW
SetLastError
LocalFree
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
WideCharToMultiByte
MultiByteToWideChar
FindFirstFileW
GetSystemDirectoryW
FindClose
RemoveDirectoryW
FindNextFileW
InterlockedDecrement
LocalAlloc
GetFileSize
ReadFile
FlushFileBuffers
GetTickCount
VirtualQuery
SetUnhandledExceptionFilter
OutputDebugStringW
UnmapViewOfFile
lstrlenW
GetLocalTime
lstrcatW
IsDebuggerPresent
lstrcpyW
InitializeCriticalSection
HeapFree
HeapAlloc
TerminateProcess
UnhandledExceptionFilter
HeapReAlloc
GetStartupInfoW
GetSystemTimeAsFileTime
FileTimeToLocalFileTime
GetDriveTypeW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
RtlUnwind
GetTimeZoneInformation
GetCPInfo
RaiseException
LCMapStringA
GetStringTypeW
HeapCreate
VirtualFree
VirtualAlloc
ExitProcess
GetStdHandle
GetModuleFileNameA
HeapSize
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
GetACP
GetOEMCP
IsValidCodePage
GetFullPathNameW
GetCurrentDirectoryA
GetConsoleCP
GetConsoleMode
GetModuleHandleA
GetStringTypeA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
LoadLibraryA
GetLocaleInfoW
CreateFileA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetDriveTypeA
SetEndOfFile
GetProcessHeap
CompareStringA
CompareStringW
SetEnvironmentVariableA
MapViewOfFile
CreateDirectoryW
CreateFileW
CloseHandle
InterlockedExchange
InterlockedCompareExchange
WaitForSingleObject
QueryPerformanceFrequency
LCMapStringW
QueryPerformanceCounter
DeleteFileW
GetLastError

user32

GetSystemMetrics
SetRectEmpty
MessageBoxW
wvsprintfW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

advapi32

GetNamedSecurityInfoW
SetNamedSecurityInfoW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAceEx
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
LookupAccountSidW
GetTokenInformation
OpenProcessToken
InitializeAcl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
SetEntriesInAclW
GetSecurityDescriptorSacl
BuildExplicitAccessWithNameW
GetLengthSid
SetSecurityDescriptorSacl
RegCreateKeyExW

shell32

SHGetFolderPathW

Sections

.text
Size: 334KB - Virtual size: 333KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 126KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 17KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 81KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

639c23925b2cb89a203931ce8f743630

Headers

DLL Characteristics

File Characteristics

Imports

imm32

kernel32

user32

version

advapi32

shell32

Sections

.text Size: 334KB - Virtual size: 333KB

.rdata Size: 126KB - Virtual size: 126KB

.data Size: 17KB - Virtual size: 51KB

.rsrc Size: 81KB - Virtual size: 84KB

.text
Size: 334KB - Virtual size: 333KB

.rdata
Size: 126KB - Virtual size: 126KB

.data
Size: 17KB - Virtual size: 51KB

.rsrc
Size: 81KB - Virtual size: 84KB