30aba3d1e1f0d2c486e71051209aaf36582a8e266fc733822dc274be3a4eb93f

Sharing

Copy URL Twitter E-mail

General

Target

30aba3d1e1f0d2c486e71051209aaf36582a8e266fc733822dc274be3a4eb93f
Size

366KB
MD5

089ba78b6085bc98ca4912e622de315c
SHA1

962a2f40d9b4e282778a14af22b0c0f2893ff04a
SHA256

30aba3d1e1f0d2c486e71051209aaf36582a8e266fc733822dc274be3a4eb93f
SHA512

fda1d19de51711c72738e6b84426b355da39903595ee15dfdeb82ed99d3d1e50a66d08f7d3b0a34b5f6f17f64397dc36f0d38b598b6054c5376882a640d92c10
SSDEEP

6144:ey3jjcQffboVHlxeF5UQ/UPxy97IWKreWIY4Af8zgT0T5LDBk5gw:ey3jjcQffAHlw5Uu0xGsZyWIYz860pB+

Score

N/A

Malware Config

Signatures

Files

30aba3d1e1f0d2c486e71051209aaf36582a8e266fc733822dc274be3a4eb93f
.exe windows x86

fc55268903612fd04aeb437c59165b92

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempPathW
CompareFileTime
GetTickCount
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetVersionExA
GetACP
GetLocaleInfoA
GetThreadLocale
MapViewOfFileEx
DuplicateHandle
LoadLibraryExW
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
SetFilePointer
GetStringTypeW
TerminateProcess
LCMapStringW
FindFirstFileW
FindNextFileW
FindClose
OpenFileMappingW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
GetCurrentProcessId
lstrlenW
FormatMessageW
LocalFree
Sleep
MultiByteToWideChar
GetProcessId
GetExitCodeProcess
InterlockedExchange
CreateMutexW
CreateEventW
WaitForSingleObject
OpenEventW
ReleaseMutex
WriteFile
DeleteFileW
MoveFileExW
CloseHandle
GetTempFileNameW
GetFileAttributesExW
FindResourceExW
FindResourceW
GetModuleHandleA
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
FreeLibrary
OutputDebugStringA
GetModuleFileNameW
SetLastError
GetLastError
LoadLibraryW
RaiseException
GetVersion
GetFileAttributesW
GetProcAddress
GetModuleHandleW
GetStringTypeA
LoadLibraryA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
LCMapStringA
IsValidCodePage
GetOEMCP
GetCPInfo
QueryPerformanceCounter
VirtualFree
HeapCreate
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStdHandle
ExitProcess
GetCurrentThreadId
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
RtlUnwind
VirtualQuery
VirtualAlloc
VirtualProtect
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
GetSystemInfo
VerSetConditionMask
VerifyVersionInfoW
GetFileSizeEx
ReadFile
GetSystemTime
SystemTimeToFileTime
LocalAlloc
CreateProcessW
OpenProcess
GetSystemTimeAsFileTime
CreateFileW
GetCurrentProcess

user32

UnregisterClassA

advapi32

RegDeleteKeyW
CryptVerifySignatureW
CryptCreateHash
CryptHashData
CryptAcquireContextW
RegNotifyChangeKeyValue
RegQueryInfoKeyW
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSidIdentifierAuthority
GetSidSubAuthorityCount
RegEnumKeyExW
RegCloseKey
OpenProcessToken
GetTokenInformation
ConvertSidToStringSidW
GetAce
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
SetSecurityDescriptorDacl
CopySid
IsValidSid
GetLengthSid
InitializeSecurityDescriptor
MakeAbsoluteSD
GetAclInformation
InitializeAcl
AddAce
RegFlushKey
RegOpenKeyExW
RegCreateKeyExW
RegDeleteValueW
RegSetValueExW
RegQueryValueExW
GetSecurityDescriptorLength
MakeSelfRelativeSD
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
GetSecurityDescriptorControl
RegEnumValueW
CryptDestroyKey
CryptDestroyHash

ole32

CoInitialize
CoUninitialize
OleRun
CoCreateGuid
StringFromGUID2
CoCreateInstance

shell32

SHGetFolderPathW
ord165

shlwapi

PathFileExistsW
PathCanonicalizeW
PathIsDirectoryW
PathCombineW
PathAppendW

userenv

UnloadUserProfile

crypt32

CertGetCertificateChain
CertVerifyCertificateChainPolicy
CertGetNameStringW
CertFreeCertificateChain
CertCreateContext
CryptQueryObject
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertNameToStrW
CertFreeCertificateContext
CryptImportPublicKeyInfo

version

GetFileVersionInfoSizeW
GetFileVersionInfoW

wintrust

WinVerifyTrust

msi

ord175
ord238
ord141

Sections

.text
Size: 181KB - Virtual size: 181KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 6KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.2rdata
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fc55268903612fd04aeb437c59165b92

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

shell32

shlwapi

userenv

crypt32

version

wintrust

msi

Sections

.text Size: 181KB - Virtual size: 181KB

.rdata Size: 40KB - Virtual size: 40KB

.data Size: 6KB - Virtual size: 45KB

.rsrc Size: 40KB - Virtual size: 40KB

.reloc Size: 16KB - Virtual size: 15KB

.2rdata Size: 80KB - Virtual size: 80KB

.text
Size: 181KB - Virtual size: 181KB

.rdata
Size: 40KB - Virtual size: 40KB

.data
Size: 6KB - Virtual size: 45KB

.rsrc
Size: 40KB - Virtual size: 40KB

.reloc
Size: 16KB - Virtual size: 15KB

.2rdata
Size: 80KB - Virtual size: 80KB