708bbf1a3f97e66fca99bb5385eb6392828c3cfd0f12d8dfc948a842f3bb806c

Sharing

Copy URL

Twitter E-mail

General

Target

708bbf1a3f97e66fca99bb5385eb6392828c3cfd0f12d8dfc948a842f3bb806c
Size

33KB
MD5

0f0600d041727b032a425ca43c75a4a0
SHA1

956e33a7e6d00f1535e0d41bc9ab27b8cfe42d91
SHA256

708bbf1a3f97e66fca99bb5385eb6392828c3cfd0f12d8dfc948a842f3bb806c
SHA512

d561363f5be24e37e7719dbc7979d6f8e6c21d760674282cdb9981b67d22e5545b576414dc832dabc13e3bf5cad5d271c0965df90d3a84c615186a2d837662aa
SSDEEP

768:1OtAiY9ZNyUCnMtBl0LQZSnSMHuPuwoiW:1OA9ZFRlynFuCiW

Score

N/A

Malware Config

Signatures

Files

708bbf1a3f97e66fca99bb5385eb6392828c3cfd0f12d8dfc948a842f3bb806c
.dll windows x86

f9a5f65df40f207485c1d017028d257a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__dllonexit
_unlock
??1type_info@@UAE@XZ
_amsg_exit
_onexit
_lock
?terminate@@YAXXZ
_initterm
free
malloc
_XcptFilter
_except_handler4_common
_CxxThrowException
memset
memcpy
rand
_wcsicmp
__CxxFrameHandler3

ntdll

RtlAcquireSRWLockExclusive
EtwEventUnregister
EtwEventRegister
TpWaitForWait
TpSetWait
TpReleaseWait
TpWaitForTimer
NtSetEvent
TpReleaseTimer
NtOpenEvent
RtlReleaseSRWLockExclusive
EtwEventWrite
RtlReleaseSRWLockShared
RtlAcquireSRWLockShared
RtlInitializeSRWLock
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
NtMapViewOfSection
NtOpenSection

api-ms-win-core-localregistry-l1-1-0

RegDeleteKeyExW
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
RegQueryValueExW

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId
TerminateProcess

oleaut32

SysAllocString
SysStringLen
SysFreeString

ole32

CoCreateInstance
CoInitializeEx
CoUninitialize

shlwapi

PathAppendW

kernel32

FindCloseChangeNotification
CloseHandle
GetTickCount
DisableThreadLibraryCalls
InterlockedDecrement
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
QueryPerformanceCounter
LoadLibraryExA
InterlockedCompareExchange
DelayLoadFailureHook
LocalAlloc
Sleep
GetSystemDirectoryW
LoadLibraryW
GetProcAddress
FreeLibrary
InterlockedExchange
InterlockedIncrement
InterlockedExchangeAdd
GetLastError
GetModuleFileNameW
LocalFree
MulDiv

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f9a5f65df40f207485c1d017028d257a

Headers

File Characteristics

Imports

msvcrt

ntdll

api-ms-win-core-localregistry-l1-1-0

api-ms-win-core-processthreads-l1-1-0

oleaut32

ole32

shlwapi

kernel32

Sections

.text Size: 24KB - Virtual size: 23KB

.data Size: 512B - Virtual size: 1024B

.rsrc Size: 5KB - Virtual size: 4KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 24KB - Virtual size: 23KB

.data
Size: 512B - Virtual size: 1024B

.rsrc
Size: 5KB - Virtual size: 4KB

.reloc
Size: 2KB - Virtual size: 2KB