763e9dee27aa5fd809d366dd20a475a4ccd55e78ae2b64b9698258d0a92bd43c

Sharing

Copy URL Twitter E-mail

General

Target

763e9dee27aa5fd809d366dd20a475a4ccd55e78ae2b64b9698258d0a92bd43c
Size

999KB
MD5

0dad731838cd606e2be3953d75cf30e0
SHA1

fb54d41e2e67678ec0e0f731d76d1c582278c0dd
SHA256

763e9dee27aa5fd809d366dd20a475a4ccd55e78ae2b64b9698258d0a92bd43c
SHA512

7b0019e160352b803e4b76341d2dbad4215c5f9b568c33eca0558b38f70ccb88b32dd273b9e30dfe9b90278f203735244f39afd99dcb76eace14e4f183263ead
SSDEEP

1536:5vRuECbt3zJnw4WwmXp+AHpb/k5mNDGanxa0bLB:RRFCbNzVwH+AJA5mhGKxa03B

Score

N/A

Malware Config

Signatures

Files

763e9dee27aa5fd809d366dd20a475a4ccd55e78ae2b64b9698258d0a92bd43c
.exe windows x86

3ba1120b07cb6424539e2d243ca78436

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

AllocateAndInitializeSid
ChangeServiceConfigA
CloseServiceHandle
ControlService
EqualSid
FreeSid
GetTokenInformation
LockServiceDatabase
LsaLookupNames
OpenProcessToken
OpenSCManagerW
OpenServiceW
QueryServiceConfigA
QueryServiceStatus
RegCloseKey
RegCreateKeyExA
RegCreateKeyExW
RegDeleteKeyA
RegEnumKeyExA
RegEnumValueA
RegEnumValueW
RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
StartServiceA
StartServiceW
UnlockServiceDatabase
RegDeleteKeyW

gdi32

FONTOBJ_cGetAllGlyphHandles
GdiEntry14
SetRelAbs
CreateBitmap

kernel32

CloseHandle
CreateEventA
CreateFileA
CreateFileW
CreateProcessA
DeleteFiber
DisableThreadLibraryCalls
DuplicateHandle
ExpandEnvironmentStringsW
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetDateFormatA
GetFileSize
GetLocalTime
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetTimeFormatA
GetVersionExA
InterlockedDecrement
InterlockedIncrement
LoadLibraryA
LocalAlloc
LocalFree
MultiByteToWideChar
OpenEventA
OutputDebugStringA
SetEndOfFile
SetFilePointer
SetFileTime
SetUnhandledExceptionFilter
Sleep
TerminateProcess
UnhandledExceptionFilter
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcmpiA
lstrcmpiW
lstrlenA
lstrlenW
VirtualAlloc
FindResourceW
GetEnvironmentVariableA
GetProcessHeap
IsBadReadPtr
LoadResource
LockResource
lstrcpyW
GetProcAddress
GetModuleHandleW
ExitProcess
DecodePointer
GetCommandLineA
HeapSetInformation
GetStartupInfoW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
EncodePointer
GetLastError
SetConsoleCtrlHandler
InterlockedExchange
LoadLibraryW
GetLocaleInfoW
IsDebuggerPresent
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetStdHandle
IsProcessorFeaturePresent
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
HeapFree
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
RtlUnwind
HeapAlloc
HeapReAlloc
LCMapStringW
GetStringTypeW

ole32

CoQueryClientBlanket
StringFromCLSID
CoTaskMemFree

rpcrt4

RpcSsGetThreadHandle
RpcSmFree
MesIncrementalHandleReset
NdrClientCall2
RpcAsyncAbortCall
RpcBindingFromStringBindingW
RpcStringBindingComposeW

shell32

ShellExecuteA

user32

MessageBoxIndirectW
wsprintfA
PaintDesktop
CharNextA
InSendMessageEx
LoadStringA

Sections

.text
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 434KB - Virtual size: 434KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512KB - Virtual size: 520KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3ba1120b07cb6424539e2d243ca78436

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

gdi32

kernel32

ole32

rpcrt4

shell32

user32

Sections

.text Size: 49KB - Virtual size: 49KB

.rdata Size: 434KB - Virtual size: 434KB

.data Size: 512KB - Virtual size: 520KB

.text
Size: 49KB - Virtual size: 49KB

.rdata
Size: 434KB - Virtual size: 434KB

.data
Size: 512KB - Virtual size: 520KB