e4133986284c2640065ed2cc5798ee1751479732c169a8728f41536306a42ba2

Sharing

Copy URL

Twitter E-mail

General

Target

e4133986284c2640065ed2cc5798ee1751479732c169a8728f41536306a42ba2
Size

41KB
MD5

ad29f77ee86ed9827158347befa8998d
SHA1

b3b380be84a7042884f1c9c9f14331faa65c51f2
SHA256

e4133986284c2640065ed2cc5798ee1751479732c169a8728f41536306a42ba2
SHA512

57d1e4cbfab347a35ea5ed2fa1fc5bfb61c48fd8e2f0b0ee32fbc1bb8693715e15f075e203fb462e70cf2d73e30631f9f605dbf3fd46875d14f72912710065cc
SSDEEP

768:NSfdupUQ61pjmEcE1BezWNEEFCRhDAMtCLB+GEI:Odud61lmRBzl5A8CLv

Score

N/A

Malware Config

Signatures

Files

e4133986284c2640065ed2cc5798ee1751479732c169a8728f41536306a42ba2
.exe windows x86

f4ad67d5aa731622814904169d1da18c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindNextFileW
GetVolumeInformationW
CreateThread
ExitProcess
GetProcAddress
GetModuleHandleA
Sleep
WriteFile
SetEndOfFile
SetFilePointerEx
ReadFile
GetFileSizeEx
MoveFileW
SetFileAttributesW
HeapAlloc
GetCurrentProcess
HeapFree
GetProcessHeap
WaitForMultipleObjects
GetVersion
LoadLibraryA
OpenProcess
GetFileType
DuplicateHandle
GetCurrentProcessId
GetCommandLineW
CreatePipe
GetEnvironmentVariableW
PeekNamedPipe
CreateProcessW
GetSystemWindowsDirectoryW
SetHandleInformation
GetLocaleInfoW
GetModuleFileNameW
Process32FirstW
Process32NextW
CreateMutexA
CreateToolhelp32Snapshot
CreateDirectoryW
DeviceIoControl
FindClose
GetLastError
CreateFileW
GetFileAttributesW
GetLogicalDrives
WaitForSingleObject
SetErrorMode
GetDriveTypeW
FindFirstFileW
CloseHandle
DeleteCriticalSection
EnterCriticalSection
TerminateProcess
GetExitCodeProcess
LeaveCriticalSection
InitializeCriticalSection

advapi32

GetTokenInformation
CryptDecrypt
CryptDestroyKey
CryptEncrypt
CryptImportKey
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
SetTokenInformation
RegCreateKeyExW
RegOpenKeyExW
RegCloseKey
RegSetValueExW
DuplicateTokenEx
RegQueryValueExA
RegOpenKeyExA
OpenProcessToken

shell32

ord680
CommandLineToArgvW
SHGetSpecialFolderPathW

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f4ad67d5aa731622814904169d1da18c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

Sections

.text Size: 26KB - Virtual size: 25KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: - Virtual size: 70KB

.ndata Size: 7KB - Virtual size: 6KB

.rsrc Size: 4KB - Virtual size: 4KB

.text
Size: 26KB - Virtual size: 25KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: - Virtual size: 70KB

.ndata
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 4KB