e171d5a2af143426420eb7917d676fb6fe3ffec0ad1d330b2b187fdfbad13542

General

Target

e171d5a2af143426420eb7917d676fb6fe3ffec0ad1d330b2b187fdfbad13542
Size

258KB
MD5

0e5c69e1c303cc2bdc68b68f63a1c771
SHA1

efb5174e3cc136235aa982449f5abdc65d6eabd4
SHA256

e171d5a2af143426420eb7917d676fb6fe3ffec0ad1d330b2b187fdfbad13542
SHA512

9a5fb619dee8c9fb270eda41b1b9d410cb572a4b79415b0ea497360404aa5ef3250c0d7ea7fe5086261267d8e1d41472fa5acf8c70b66fc1d11dcff36729c81c
SSDEEP

6144:8wotRC0xCRyRmxKXNqErVOCW0DsPE//aPht4T7b:8TaaS7Yo0R/ST4Tn

Score

N/A

Malware Config

Signatures

Files

e171d5a2af143426420eb7917d676fb6fe3ffec0ad1d330b2b187fdfbad13542
.exe windows x86

2cbf2c038011ee393b53097b27a4470a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ResetEvent
WriteFile
TlsFree
LoadLibraryA
WriteFileEx
SetEndOfFile
FreeEnvironmentStringsW
FindClose
SetFilePointer
GlobalFree
ResumeThread
GetCurrentThreadId
SleepEx
GetVersion
SetEvent
GetCurrentProcessId
GetModuleFileNameA
GetProcAddress
GetFileType
ReadFile
InitializeCriticalSection
DeleteCriticalSection
OpenMutexA
LeaveCriticalSection
HeapDestroy
FindNextFileA
DeleteFileA
GlobalAlloc
TlsAlloc
EnterCriticalSection
FileTimeToLocalFileTime
GlobalUnlock
CreateThread
HeapSize
GlobalLock
ExitThread
HeapReAlloc
CreateEventA
VirtualFree
GetSystemDirectoryA
SuspendThread
DeviceIoControl
GetEnvironmentStringsW
lstrcpyA
TlsGetValue
SetProcessAffinityMask
lstrlenA
CreateMutexA
GetModuleHandleA
HeapAlloc
GetSystemTimeAsFileTime
GlobalReAlloc
lstrcatA
WaitForSingleObject
GetCommandLineW
HeapFree
GetFullPathNameA
FindFirstFileA
TlsSetValue
GetFileSize
VirtualAlloc
CreateFileA
FreeLibrary
HeapCreate
GetCurrentDirectoryA
WaitForMultipleObjects

ntdll

ZwOpenFile
ZwQueryKey
ZwEnumerateValueKey
ZwOpenEvent
RtlGetLastWin32Error
ZwReadFile
ZwClose
ZwQueryValueKey
ZwCreateProcess
ZwCreateSection
ZwMapViewOfSection
ZwOpenKey
ZwCreateKey
ZwSetInformationProcess
ZwWriteFile

Sections

.text
Size: 220KB - Virtual size: 220KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2cbf2c038011ee393b53097b27a4470a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ntdll

Sections

.text Size: 220KB - Virtual size: 220KB

.data Size: 18KB - Virtual size: 17KB

.rsrc Size: 18KB - Virtual size: 20KB

.text
Size: 220KB - Virtual size: 220KB

.data
Size: 18KB - Virtual size: 17KB

.rsrc
Size: 18KB - Virtual size: 20KB