84f54a07db0d170e5cb19f36e5303167686bd98f39182da2ba6818f460b2c67b

Sharing

Copy URL Twitter E-mail

General

Target

84f54a07db0d170e5cb19f36e5303167686bd98f39182da2ba6818f460b2c67b
Size

268KB
MD5

05ffa9ba141534e4d9fb0db027d583e0
SHA1

857bec29dc699e8a19323df8353dd5625544a064
SHA256

84f54a07db0d170e5cb19f36e5303167686bd98f39182da2ba6818f460b2c67b
SHA512

3e787046db7a74a79c8f116bf9d5c4697bf526d2356b9889f177fed7aef98a1f8f8c91992f8977f454ba8134d3a497901313e33fe27ae3ae78994674934628cc
SSDEEP

3072:QAzMadZeUg7ZT8tkVT/MgdQLastD3QP6gYhcD4yrVNaD7L2oPF9ZNhHM01blb+:QKMoeUax8tIBAamg6Ob+KoPvZNRHV+

Score

N/A

Malware Config

Signatures

Files

84f54a07db0d170e5cb19f36e5303167686bd98f39182da2ba6818f460b2c67b
.dll windows x86

cf79d4e2ae97994a88dabacbb8ee3cb2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msi

ord74
ord34
ord80
ord17
ord125
ord103
ord8

shlwapi

SHDeleteKeyW

kernel32

lstrcatW
lstrcpyW
lstrlenW
WriteConsoleA
TerminateProcess
OpenProcess
GetPrivateProfileStringW
GetLocaleInfoW
CreateFileW
FlushFileBuffers
GetConsoleOutputCP
WriteConsoleW
ReadFile
SetEndOfFile
CreateFileA
CloseHandle
GetCPInfo
SetStdHandle
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
MultiByteToWideChar
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
HeapFree
HeapAlloc
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RtlUnwind
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetProcessHeap
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
GetProcAddress
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetACP
GetOEMCP
SetFilePointer
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetLocaleInfoA
HeapSize
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
LoadLibraryA

advapi32

RegEnumKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegQueryInfoKeyW

shell32

SHFileOperationW
ShellExecuteW

Exports

Exports

CreateLanguageRegistry
DeleteINSTALLDIRFolder
DeleteRegistryLocalInfo
IsDOTNETInstalled
KillCCCProcesses
RegisterCOM
RegisterCOM64
SetRegistryLocalInfo
UnRegisterCOM
UnRegisterCOM64
UpdateRegInfo

Sections

.text
Size: 104KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

cf79d4e2ae97994a88dabacbb8ee3cb2

Headers

File Characteristics

Imports

msi

shlwapi

kernel32

advapi32

shell32

Exports

Exports

Sections

.text Size: 104KB - Virtual size: 100KB

.rdata Size: 28KB - Virtual size: 25KB

.data Size: 8KB - Virtual size: 12KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 12KB - Virtual size: 8KB

.text Size: 108KB - Virtual size: 108KB

.text
Size: 104KB - Virtual size: 100KB

.rdata
Size: 28KB - Virtual size: 25KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 12KB - Virtual size: 8KB

.text
Size: 108KB - Virtual size: 108KB