06829866bd9e0e0a4a1b38b8576f27433d7493c7211e21251940b36e814f3a13

Sharing

Copy URL Twitter E-mail

General

Target

06829866bd9e0e0a4a1b38b8576f27433d7493c7211e21251940b36e814f3a13
Size

301KB
MD5

36a2a1591a62c91b56b18db5d1b61e85
SHA1

52900a08068d9a34f7cd7d7d17c975fb12ac971b
SHA256

06829866bd9e0e0a4a1b38b8576f27433d7493c7211e21251940b36e814f3a13
SHA512

8a090cac5869ab70b997eb0e6eaa0ee6bcfcdc3d5aa3cb57400c164c71aaf14775a26306f840db1fd6d3117b46c22c1bfd3175fb37cfdca8ddb00778c6bdf20b
SSDEEP

6144:JkUiQdfTAnNX8+O4qPcrV2oX7IaAIwjatN:RfTAnlOKRhMgw+

Score

N/A

Malware Config

Signatures

Files

06829866bd9e0e0a4a1b38b8576f27433d7493c7211e21251940b36e814f3a13
.exe windows x86

fd7510d52f66b05a6b96334e67ea8cd7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
CryptGenRandom
CryptAcquireContextW
CryptReleaseContext
RegQueryValueExW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
GetTokenInformation
RegEnumKeyExW
EventUnregister
EventWrite

kernel32

LocalFree
FormatMessageW
Sleep
HeapFree
HeapReAlloc
HeapAlloc
GetProcessHeap
GetCurrentProcess
lstrlenW
WideCharToMultiByte
GlobalFree
ReadFile
CreateFileW
GetWindowsDirectoryW
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
FreeLibrary
GetProcAddress
LoadLibraryW
InterlockedIncrement
GetFullPathNameW
CreateMutexW
ReleaseMutex
SetEvent
InterlockedDecrement
OutputDebugStringA
SetLastError
FindClose
FindNextFileW
FindFirstFileW
WriteFile
SetEndOfFile
SetFilePointer
GetTempPathW
GetCommandLineW
InterlockedExchange
HeapSize
HeapDestroy
GetVersionExA
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetSystemWindowsDirectoryW
GetModuleFileNameW
GetFileAttributesW
CreateDirectoryW
CreateEventW
CreateThread
CloseHandle
GetLastError
FindResourceExW
InterlockedCompareExchange
SetUnhandledExceptionFilter
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetEnvironmentVariableW
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
DeleteFileW
CompareFileTime
SetFileTime
MoveFileExW
GetSystemTime
GetFileAttributesExW
FindResourceW
LoadResource
LockResource
SizeofResource
MultiByteToWideChar

user32

UnregisterClassA

msvcrt

_cexit
_exit
??1type_info@@UAE@XZ
_vsnprintf
wcsspn
wcsstr
_XcptFilter
wcscspn
__wgetmainargs
_vscprintf
wcsrchr
??2@YAPAXI@Z
_wtoi
memcpy
_resetstkoflw
_ftol2
calloc
vswprintf_s
_vscwprintf
exit
vsprintf_s
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_initterm
_amsg_exit
free
malloc
_wcsicmp
wcstoul
_wcsnicmp
wcschr
memset
memmove_s
_CxxThrowException
memcpy_s
_vsnwprintf
??_V@YAXPAX@Z
__CxxFrameHandler3
??_U@YAPAXI@Z
??3@YAXPAX@Z
_controlfp
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
_except_handler4_common
iswdigit

shell32

SHFileOperationW

ole32

CoInitializeSecurity
CoUninitialize
CoGetMalloc
CoCreateInstance
CoInitializeEx

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

userenv

UnloadUserProfile

spwizui

SPInstallFailed
SPInstallSucceeded

sperror

GetErrorDescription

sqmapi

SqmStartUpload
SqmEndSession
SqmIsWindowsOptedIn
SqmSet
SqmSetMachineId
SqmWriteSharedMachineId
SqmCreateNewId
SqmReadSharedMachineId
SqmSetString
SqmSetAppId
SqmSetEnabled
SqmGetSession
SqmAddToStreamV
SqmWaitForUploadComplete

winbrand

BrandingFormatString

Sections

.text
Size: 244KB - Virtual size: 244KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 52KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fd7510d52f66b05a6b96334e67ea8cd7

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

msvcrt

shell32

ole32

version

userenv

spwizui

sperror

sqmapi

winbrand

Sections

.text Size: 244KB - Virtual size: 244KB

.data Size: 1KB - Virtual size: 3KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 52KB - Virtual size: 53KB

.text
Size: 244KB - Virtual size: 244KB

.data
Size: 1KB - Virtual size: 3KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 52KB - Virtual size: 53KB