00e5bee07dfc0fe93d1de0c76ea37c9f9eb4bd8a3da42fc3c1abf23ef5c1747a

Sharing

Copy URL

Twitter E-mail

General

Target

00e5bee07dfc0fe93d1de0c76ea37c9f9eb4bd8a3da42fc3c1abf23ef5c1747a
Size

122KB
MD5

3084dc5ac2f97b3ba0cd908eeccb2a40
SHA1

c9a9237f7c2421abb873a989446c6f8cb3237643
SHA256

00e5bee07dfc0fe93d1de0c76ea37c9f9eb4bd8a3da42fc3c1abf23ef5c1747a
SHA512

71bed31b76c30528525f34ef14eaa09c1032b87481f8829487902668f717095cae427d394f0b34ad7754e1c6b8216400dc3f62f1d358e0dd5c426dd4adbf4f53
SSDEEP

3072:NN+5JIvv9fCgDv2ZBdyKQ5nM8hEo6qiwp:bi01fCY27FQ5nMq6qiw

Score

N/A

Malware Config

Signatures

Files

00e5bee07dfc0fe93d1de0c76ea37c9f9eb4bd8a3da42fc3c1abf23ef5c1747a
.exe windows x86

9a2aa4da02d15b65cfcd37a92cb5135d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsWow64Process
GetCurrentProcess
GetCommandLineW
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetVersionExA
ExitProcess
GetModuleHandleA
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsA
MultiByteToWideChar
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetSystemDirectoryW
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapFree
LCMapStringA
WideCharToMultiByte
LCMapStringW
LoadLibraryA
RtlUnwind
InterlockedExchange
VirtualQuery
SetFilePointer
VirtualProtect
GetSystemInfo
GetLocaleInfoA
GetCPInfo
GetStringTypeA
GetStringTypeW
SetStdHandle
FlushFileBuffers
CloseHandle
LoadLibraryW
GetProcAddress
FreeLibrary
GetProcessHeap
HeapAlloc
GetSystemWindowsDirectoryW
SetHandleCount
SetCurrentDirectoryW
GetUserDefaultUILanguage
HeapReAlloc
GetLastError

gdi32

CreateFontIndirectW
DeleteObject
CreateCompatibleDC
SelectObject
GetTextMetricsW
DeleteDC
GetObjectW

user32

SetWindowTextW
SetDlgItemTextW
SetForegroundWindow
mouse_event
EnableWindow
AllowForegroundActivation
LoadStringW
PostQuitMessage
DialogBoxParamW
LoadIconW
IsDlgButtonChecked
SetWindowPos
SetWindowLongW
GetWindowLongW
GetDlgItem
SendDlgItemMessageW
CloseWindowStation
GetUserObjectInformationW
GetProcessWindowStation
EndDialog
SendDlgItemMessageA
SetClassLongA
LoadIconA
SendMessageW

comctl32

ord17

shell32

ShellExecuteW
CommandLineToArgvW

ntdll

NtWriteFile
NtQueryValueKey
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
RtlFormatCurrentUserKeyPath
RtlFreeHeap
RtlQueryEnvironmentVariable_U
NtMapViewOfSection
NtCreateSection
NtQueryInformationFile
NtUnmapViewOfSection
NtProtectVirtualMemory
NtAllocateVirtualMemory
NtFreeVirtualMemory
NtQuerySystemInformation
NtQueryVirtualMemory
RtlAnsiStringToUnicodeString
NtCreateFile
RtlUnicodeStringToInteger
RtlAllocateHeap
DbgPrint
RtlExpandEnvironmentStrings_U
NtQueryInformationProcess
RtlGetVersion
NtSetInformationFile
RtlInitAnsiString
strpbrk
strspn
NtOpenKey
NtCreateKey
NtSetValueKey
_vsnprintf
sprintf
strchr
isdigit
RtlUpcaseUnicodeString
RtlCopyUnicodeString
qsort
NtDeleteFile
NtQueryAttributesFile
RtlDosPathNameToNtPathName_U
_snwprintf
RtlDoesFileExists_U
wcsncpy
RtlFreeUnicodeString
wcsstr
swprintf
RtlInitUnicodeString
RtlGUIDFromString
NtOpenProcessToken
NtClose
NtOpenThreadToken

Sections

.text
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 54KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

gxfawgr
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9a2aa4da02d15b65cfcd37a92cb5135d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

gdi32

user32

comctl32

shell32

ntdll

Sections

.text Size: 63KB - Virtual size: 63KB

.data Size: 4KB - Virtual size: 10KB

.rsrc Size: 54KB - Virtual size: 55KB

gxfawgr Size: - Virtual size: 4KB

.text
Size: 63KB - Virtual size: 63KB

.data
Size: 4KB - Virtual size: 10KB

.rsrc
Size: 54KB - Virtual size: 55KB

gxfawgr
Size: - Virtual size: 4KB