35f832e409b2043f4674b37ae1b26a76a38c9c92b6b08c5d128209336fa8ed89

Sharing

Copy URL

Twitter E-mail

General

Target

35f832e409b2043f4674b37ae1b26a76a38c9c92b6b08c5d128209336fa8ed89
Size

589KB
MD5

07229a61c2e7869533a3853c32f7dae0
SHA1

9b680ebe1919f775b0322367b601d11cb7ea078a
SHA256

35f832e409b2043f4674b37ae1b26a76a38c9c92b6b08c5d128209336fa8ed89
SHA512

741702c06121c5cc1375723aaa1e36e958ff2c58b5d3212acda9427a23aa2b2f16f840a7413f7b3790ca525bd67932333af0247645464e15b135f718f6a9936d
SSDEEP

12288:nJUh2HE91S6/9g/vCZo2oH0F+GkoLnt1P181OtP1CmB5p:3k9zWZ0Z1P181OtPnp

Score

N/A

Malware Config

Signatures

Files

35f832e409b2043f4674b37ae1b26a76a38c9c92b6b08c5d128209336fa8ed89
.exe windows x86

f8c098cb27a8d71addad5109583d1440

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryExW
InterlockedIncrement
InterlockedDecrement
DeleteFileW
CloseHandle
WaitForSingleObject
CopyFileW
CreateThread
CreateEventW
GetCurrentThreadId
SetEvent
GetCommandLineW
LocalFree
ExpandEnvironmentStringsW
WideCharToMultiByte
GetVersionExW
GetCurrentProcess
LoadLibraryW
FindFirstFileW
FindClose
CreateFileW
GetFileSizeEx
FindNextFileW
FindResourceW
CreateMutexW
ReleaseMutex
SetLastError
TerminateProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
CompareStringW
CreateProcessW
GetExitCodeProcess
MoveFileW
FlushFileBuffers
GetConsoleMode
GetConsoleCP
HeapSize
GetModuleFileNameA
lstrlenA
CompareStringA
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
Sleep
GetModuleFileNameW
lstrcmpiW
GetModuleHandleW
GetProcAddress
GetLastError
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenW
GetTempPathW
RemoveDirectoryW
GetProcessHeap
SetEndOfFile
SetEnvironmentVariableW
SetEnvironmentVariableA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
LoadLibraryA
InitializeCriticalSectionAndSpinCount
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeA
GetLocaleInfoA
WriteFile
CreateFileA
SetStdHandle
GetTimeZoneInformation
ExitProcess
GetStartupInfoA
GetStdHandle
SetHandleCount
GetModuleHandleA
IsValidCodePage
GetOEMCP
GetACP
HeapReAlloc
VirtualAlloc
VirtualFree
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetFilePointer
InterlockedCompareExchange
InterlockedExchange
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
RtlUnwind
HeapAlloc
GetStartupInfoW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileInformationByHandle
PeekNamedPipe
GetFileType
CreateDirectoryW
LCMapStringA
LCMapStringW
GetCPInfo
GetStringTypeW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapCreate
ReadFile

user32

PostThreadMessageW
GetMessageW
TranslateMessage
DispatchMessageW
CharUpperW
CharNextW

advapi32

GetUserNameW
GetTokenInformation
OpenProcessToken
RegEnumValueW
RegQueryValueExW
RegQueryInfoKeyW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegOverridePredefKey

shell32

ord680
SHFileOperationW
SHGetSpecialFolderPathW
SHCreateDirectoryExW

ole32

StringFromGUID2
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoRegisterClassObject
CoRevokeClassObject
StringFromCLSID
CLSIDFromString
OleRun
CoCreateGuid
CoInitializeEx
CoUninitialize
CoResumeClassObjects
CoSuspendClassObjects
CoCreateInstance

oleaut32

RegisterTypeLi
LoadRegTypeLi
SysStringLen
SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
VarUI4FromStr
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
VariantClear

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Sections

.text
Size: 352KB - Virtual size: 351KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 107KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f8c098cb27a8d71addad5109583d1440

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

version

Sections

.text Size: 352KB - Virtual size: 351KB

.rdata Size: 80KB - Virtual size: 80KB

.data Size: 9KB - Virtual size: 17KB

.rsrc Size: 11KB - Virtual size: 10KB

.reloc Size: 28KB - Virtual size: 28KB

.text Size: 107KB - Virtual size: 108KB

.text
Size: 352KB - Virtual size: 351KB

.rdata
Size: 80KB - Virtual size: 80KB

.data
Size: 9KB - Virtual size: 17KB

.rsrc
Size: 11KB - Virtual size: 10KB

.reloc
Size: 28KB - Virtual size: 28KB

.text
Size: 107KB - Virtual size: 108KB