008b0dfb4c87789ad4c496efadc27229468583378e8842c11f85173accb4b4fc

Sharing

Copy URL Twitter E-mail

General

Target

008b0dfb4c87789ad4c496efadc27229468583378e8842c11f85173accb4b4fc
Size

71KB
MD5

3913582c22bcf10764ca7e17e301f7f0
SHA1

e46df27cacac4b93ce9c45e1761865759ad668c9
SHA256

008b0dfb4c87789ad4c496efadc27229468583378e8842c11f85173accb4b4fc
SHA512

f14748be07a1068bcbedc2794ace0611d76859f5d79d4199c08448f308d9b6a936513a6402f894140f745f76064c3eeab2a62126295b4e4a18efe86ca4854283
SSDEEP

768:lrCiKqRGEXgy5TdeomgtbpAXkgPyjJPksufaoi0/NviVUmA0PqKDNzo8UcobMfPH:lrg+b5ZeoHgPMksufOUjAz6Rq1j

Score

N/A

Malware Config

Signatures

Files

008b0dfb4c87789ad4c496efadc27229468583378e8842c11f85173accb4b4fc
.exe windows x86

fc23a1633250ed12106ce8b0157ab2bc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
TraceEvent
RegQueryInfoKeyW
RegEnumKeyW
RegFlushKey
RegEnumValueW
RegDeleteValueW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegCloseKey

kernel32

GetFileAttributesW
SetFileAttributesW
GetModuleFileNameW
LeaveCriticalSection
EnterCriticalSection
CopyFileW
DeleteCriticalSection
InitializeCriticalSection
FlushFileBuffers
GetExitCodeProcess
CreateProcessW
GetFullPathNameW
CreateDirectoryW
CompareStringW
LoadLibraryExW
WritePrivateProfileStringW
GlobalFree
GetLastError
GetProcessHeap
HeapFree
GetVersionExW
GetModuleHandleW
GetProcAddress
CreateFileW
InterlockedExchange
Sleep
InterlockedCompareExchange
GetStartupInfoW
SetUnhandledExceptionFilter
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
HeapAlloc
ExpandEnvironmentStringsW
SetLastError
lstrlenW
CloseHandle
WaitForSingleObject
FreeLibrary
LoadLibraryW

msvcrt

_wcsnicmp
_exit
_XcptFilter
exit
__wgetmainargs
_cexit
_wcmdln
_vsnwprintf
memset
_initterm
wcsrchr
wcschr
_vscwprintf
swprintf_s
_vsnprintf
_controlfp
_except_handler4_common
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
__set_app_type
__p__fmode
_amsg_exit
__setusermatherr
__p__commode

ole32

CoInitializeEx
CoTaskMemFree
CoUninitialize

shell32

CommandLineToArgvW

unattend

UnattendFindAnswerFileWithResults
UnattendFindFileFromCmdLine
UnattendMarkPassUsedInCtx
UnattendCtxBeginModify
UnattendCtxReplaceMatchedNodesWithText
UnattendCtxCommitModify
UnattendFreeResults
UnattendCtxOpenNode
UnattendFreeNode
UnattendCtxSerialize
UnattendCtxDeserializeWithResults
UnattendCtxCleanup
UnattendCtxSerializeSettingsStream
UnattendAddResults
UnattendCtxCancelModify

actionqueue

GenerateActionQueue
ProcessActionQueue

user32

LoadStringW
MessageBoxW

ntdll

RtlAllocateHeap
RtlInitUnicodeString
NtCreateKey
NtSetValueKey
NtClose
RtlFreeHeap
NtSetInformationFile
RtlNtStatusToDosError

oleaut32

SysFreeString

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fc23a1633250ed12106ce8b0157ab2bc

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

ole32

shell32

unattend

actionqueue

user32

ntdll

oleaut32

Sections

.text Size: 44KB - Virtual size: 44KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 21KB - Virtual size: 24KB

.text
Size: 44KB - Virtual size: 44KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 21KB - Virtual size: 24KB