f5340789594f017a7d8250db0dbe53519bae7f4a39e67c396be8c5ac4c5c4cf9

Sharing

Copy URL Twitter E-mail

General

Target

f5340789594f017a7d8250db0dbe53519bae7f4a39e67c396be8c5ac4c5c4cf9
Size

55KB
MD5

0db7240b7549519a83a98f9e92c53920
SHA1

3b00556d3fd83180cf0a43f337eda88f7d9e5017
SHA256

f5340789594f017a7d8250db0dbe53519bae7f4a39e67c396be8c5ac4c5c4cf9
SHA512

d86f1b7bc6ee1b31c15251a58ee40347ceee4311b64a8fb6b78d897c206b71a432a248105d7a4430abe7e704f900dc0602752971142b5096721cbb28e6aefcc5
SSDEEP

768:dcCE3vQ5d6g/5SPVVUFkULdcKbYektH7mLlRjSVyiC0u2nlOgCXDXbkSdpppDH5Z:Avg5n6gbjaTqDrkwIlR39vwXl

Score

N/A

Malware Config

Signatures

Files

f5340789594f017a7d8250db0dbe53519bae7f4a39e67c396be8c5ac4c5c4cf9
.exe windows x64

e0153515ffd538be6eddab3eaa8d1f55

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

shlwapi

PathCombineW
PathMatchSpecW
StrCmpNIA
StrCmpNIW
StrCmpIW
PathSkipRootW
StrCpyNW

psapi

GetProcessMemoryInfo

wtsapi32

WTSQueryUserToken

kernel32

GetFileAttributesW
SetFileAttributesW
GetCurrentProcessId
GetFileSize
lstrcpynW
IsBadStringPtrA
lstrlenW
GetFileTime
lstrcpynA
Sleep
GetLastError
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetEvent
GetSystemDirectoryW
DeleteCriticalSection
WaitForSingleObject
VirtualAlloc
FindFirstFileW
FindClose
FlushFileBuffers
ExitProcess
CreateThread
GetModuleFileNameW
CreateFileMappingW
GetCurrentThreadId
GetHandleInformation
MapViewOfFile
UnmapViewOfFile
GetCommandLineW
HeapValidate
lstrcmpiW
GetFullPathNameW
CreateFileW
GetCurrentProcess
SetLastError
SetEndOfFile
MultiByteToWideChar
GetComputerNameA
GetProcessHeaps
HeapSetInformation
WriteFile
CloseHandle
LocalFree
WideCharToMultiByte
SetErrorMode
HeapCreate
GetVolumeInformationW
GetVersionExW
HeapAlloc
HeapReAlloc
HeapFree
FindNextFileW
IsBadCodePtr
IsBadReadPtr
WTSGetActiveConsoleSessionId
CreateDirectoryW
IsBadWritePtr
SearchPathW
SetFilePointer
lstrlenA
IsBadStringPtrW

user32

OpenInputDesktop
GetUserObjectInformationW
OpenWindowStationW
EnumWindowStationsW
MessageBoxW
wsprintfW
CharLowerBuffW
CharUpperBuffW
GetProcessWindowStation
SetProcessWindowStation
CloseWindowStation

shell32

CommandLineToArgvW

ntdll

__C_specific_handler
memcpy
memmove
memcmp
memset
RtlFreeUnicodeString
NtDeleteFile
RtlDosPathNameToNtPathName_U

advapi32

OpenProcessToken
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
SetServiceStatus
GetLengthSid
GetTokenInformation
CreateProcessAsUserW
RegEnumValueW
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW
RegCreateKeyExW
RegCreateKeyW
SetFileSecurityW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCloseKey
ConvertSidToStringSidW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

Sections

Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e0153515ffd538be6eddab3eaa8d1f55

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

psapi

wtsapi32

kernel32

user32

shell32

ntdll

advapi32

userenv

Sections

Size: 38KB - Virtual size: 38KB

Size: 10KB - Virtual size: 9KB

Size: 3KB - Virtual size: 3KB

Size: 2KB - Virtual size: 1KB