64c74236af7d5521ccbfb04404ccfd47016ac351d9caf9d4dd9d8d5fe746b61b

Sharing

Copy URL Twitter E-mail

General

Target

64c74236af7d5521ccbfb04404ccfd47016ac351d9caf9d4dd9d8d5fe746b61b
Size

229KB
MD5

21a137a5f3bd5e5f3ce2556208bf9c40
SHA1

9a656996f2ec238c378e2b9db8a383f7df0e7acd
SHA256

64c74236af7d5521ccbfb04404ccfd47016ac351d9caf9d4dd9d8d5fe746b61b
SHA512

ec0972c8de5cee6756a1b74f6ec8a95c5a86fd7e8606f6c6690e58d4a34308102d0082a14d6df25b59889cc194a0a749b7b582f54f70fe618661af1852737bcf
SSDEEP

3072:neiVkrnNHFoziMbWFg3q3mYfxAMBV26M7kORUCSMtspNZfSvIP8X8qx2X0BVQiU1:1CnNubWaa3mgxi7Bi4QP8jFQT1e+WyZ

Score

N/A

Malware Config

Signatures

Files

64c74236af7d5521ccbfb04404ccfd47016ac351d9caf9d4dd9d8d5fe746b61b
.exe windows x86

154764497319580ae2727b279901f900

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RaiseException
GetLastError
lstrcmpiW
GetCommandLineW
Sleep
CreateThread
CreateEventW
GetModuleHandleW
GetCurrentThreadId
SetEvent
InterlockedIncrement
InterlockedDecrement
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
CancelWaitableTimer
SetWaitableTimer
GetUserDefaultLCID
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
lstrlenW
WriteFile
WaitForMultipleObjects
CreateWaitableTimerW
SetFileAttributesW
GetFileAttributesW
CreateDirectoryW
RemoveDirectoryW
FindClose
FindNextFileW
FindFirstFileW
LoadLibraryW
GetProcAddress
GetSystemDirectoryW
GetVersionExW
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
WaitForSingleObject
CloseHandle
GetModuleFileNameW
GetShortPathNameW
InitializeCriticalSection
DeleteCriticalSection
DeleteFileW
EnterCriticalSection
CreateFileW
LeaveCriticalSection
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
SetFilePointer
LoadLibraryA
GetStdHandle
ExitProcess
HeapCreate
HeapDestroy
VirtualAlloc
VirtualFree
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
GetStartupInfoW
GetProcessHeap
HeapReAlloc
HeapFree
HeapAlloc
RtlUnwind
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetOEMCP
GetCPInfo
HeapSize
GetVersionExA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleFileNameA

user32

PostThreadMessageW
CharNextW
UnregisterClassA
CharUpperW
GetMessageW
TranslateMessage
DispatchMessageW

advapi32

RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegQueryValueExW

shell32

SHGetFolderPathW
SHFileOperationW

ole32

CoInitializeEx
CoUninitialize
CoSuspendClassObjects
CoTaskMemAlloc
CoTaskMemRealloc
CoRevokeClassObject
CoTaskMemFree
StringFromGUID2
CoCreateInstance
CoResumeClassObjects
CoRegisterClassObject

oleaut32

BSTR_UserSize
BSTR_UserMarshal
BSTR_UserUnmarshal
BSTR_UserFree
VARIANT_UserSize
VARIANT_UserMarshal
VARIANT_UserUnmarshal
VARIANT_UserFree
VariantInit
SafeArrayAccessData
SafeArrayUnaccessData
LoadRegTypeLi
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
SysStringLen

rpcrt4

NdrCStdStubBuffer2_Release
NdrOleAllocate
NdrOleFree
IUnknown_QueryInterface_Proxy
IUnknown_AddRef_Proxy
IUnknown_Release_Proxy
NdrStubForwardingFunction
NdrStubCall2

Sections

.text
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.orpc
Size: 4KB - Virtual size: 576B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.korpc
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

154764497319580ae2727b279901f900

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

rpcrt4

Sections

.text Size: 112KB - Virtual size: 111KB

.orpc Size: 4KB - Virtual size: 576B

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 8KB - Virtual size: 14KB

.rsrc Size: 8KB - Virtual size: 5KB

.korpc Size: 60KB - Virtual size: 60KB

.text
Size: 112KB - Virtual size: 111KB

.orpc
Size: 4KB - Virtual size: 576B

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 8KB - Virtual size: 14KB

.rsrc
Size: 8KB - Virtual size: 5KB

.korpc
Size: 60KB - Virtual size: 60KB