131f9be426ff08dd8cde6ec721b6517a2722f9110b88c4cce9f3c20b265843f9

Sharing

Copy URL Twitter E-mail

General

Target

131f9be426ff08dd8cde6ec721b6517a2722f9110b88c4cce9f3c20b265843f9
Size

117KB
MD5

376d3719f5b654ed2f16d000127771c0
SHA1

18fe9329b7d9123601f26b5303d425ee3dd923cb
SHA256

131f9be426ff08dd8cde6ec721b6517a2722f9110b88c4cce9f3c20b265843f9
SHA512

72dd8fd563cba5b623a96060330fb3bfe0e456c7826bb3e28f919d9a8eb37aca3277ea2aa3a9763c6f869d475c51e9d3d5bc702e97122bb6ea0f2ea532090881
SSDEEP

1536:ewdhcuOLjYUXI0WmYPJzzge7+95p/gJnIGIfZ/P2s/rQESqct73AZ1O+DBd:9YXIZDZUeQ5p4hQhus/rt923Cg0d

Score

N/A

Malware Config

Signatures

Files

131f9be426ff08dd8cde6ec721b6517a2722f9110b88c4cce9f3c20b265843f9
.exe windows x86

1aeaa3b755b9854587edcea2ac296fb5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_lock
?terminate@@YAXXZ
_initterm
__setusermatherr
__p__fmode
_cexit
_exit
exit
__set_app_type
__wgetmainargs
towupper
__p__commode
_XcptFilter
_wtoi
memset
_vsnwprintf_s
??1type_info@@UAE@XZ
_ui64tow_s
wcstol
__CxxFrameHandler3
memmove_s
_CxxThrowException
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
malloc
free
_callnewh
??0exception@@QAE@ABQBD@Z
memcpy_s
_amsg_exit
_unlock
__dllonexit
_onexit
_controlfp
_except_handler4_common
memcpy
__RTDynamicCast
_purecall
_wcsnicmp
qsort
wcsstr
_wcsicmp
_wsetlocale

ntdll

RtlFreeHeap
RtlAllocateHeap
EtwTraceMessage
EtwGetTraceLoggerHandle
EtwEventUnregister
EtwEventWrite
RtlNtStatusToDosErrorNoTeb
EtwEventRegister
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel

api-ms-win-core-registry-l1-1-0

RegDeleteTreeW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
RegQueryInfoKeyW

userenv

LeaveCriticalPolicySection
EnterCriticalPolicySection

slc

SLGetWindowsInformationDWORD

kernel32

CreateBoundaryDescriptorW
AddSIDToBoundaryDescriptor
CreatePrivateNamespaceW
OpenPrivateNamespaceW
DeleteBoundaryDescriptor
InterlockedDecrement
DelayLoadFailureHook
ResolveDelayLoadedAPI
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
GetModuleHandleA
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InterlockedCompareExchange
InterlockedExchange
FindClose
FindNextFileW
FindFirstFileW
MoveFileExW
InterlockedIncrement
FlushFileBuffers
WriteFile
Sleep
DeleteFileW
GetWindowsDirectoryW
DeviceIoControl
CreateFileW
LocalFree
ClosePrivateNamespace
CloseHandle
GetCurrentProcessId
ReleaseMutex
SleepEx
WaitForSingleObject
CreateMutexExW
GetLastError
HeapSetInformation

appidapi

AppIDEncodeAttributeString
AppIDFreeAttributeString

rpcrt4

UuidFromStringW
UuidToStringW
RpcStringFreeW

Sections

.text
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1aeaa3b755b9854587edcea2ac296fb5

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ntdll

api-ms-win-core-registry-l1-1-0

userenv

slc

kernel32

appidapi

rpcrt4

Sections

.text Size: 83KB - Virtual size: 82KB

.data Size: 2KB - Virtual size: 3KB

.idata Size: 3KB - Virtual size: 3KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 25KB - Virtual size: 28KB

.text
Size: 83KB - Virtual size: 82KB

.data
Size: 2KB - Virtual size: 3KB

.idata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 25KB - Virtual size: 28KB