01082561b65295b675029279c0a98a73c574e2f32ca402286c56cf072e2a6b61

Sharing

Copy URL Twitter E-mail

General

Target

01082561b65295b675029279c0a98a73c574e2f32ca402286c56cf072e2a6b61
Size

263KB
MD5

1143f07d705badbf6e704ab87a2b0cf0
SHA1

10bcd8caf3b6fef91d2a652c55f2e3dcb0a63a31
SHA256

01082561b65295b675029279c0a98a73c574e2f32ca402286c56cf072e2a6b61
SHA512

972d93092b1c57cba58fc32b9ce8204d3d8af4816b927a7a6a576c5d2c0dd5b3c600be829479879138faeb47738435fc3a5f95ed4dd798c925aa2a70ac542cfe
SSDEEP

3072:kOdgwkE9KN1Fb/Stoq6cFlfqUTrQIsbXqhps3nBDCmXzYqahQloLTKVbmRqftRN+:kHt7SgcnfqzbYpA/Y0oQmCtlr3

Score

N/A

Malware Config

Signatures

Files

01082561b65295b675029279c0a98a73c574e2f32ca402286c56cf072e2a6b61
.exe windows x86

122a94f1720e4065eb413c04ef962ae2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
WriteFile
OpenProcess
ReadFile
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
lstrlenA
GetCurrentProcess
GetLogicalDriveStringsW
QueryDosDeviceW
LocalAlloc
LocalFree
FlushFileBuffers
GetProcessHeap
HeapFree
GlobalAlloc
FileTimeToSystemTime
HeapAlloc
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetFileAttributesW
GetFileSizeEx
SetFilePointer
CreateFileW
SetLastError
GetModuleHandleW
InitializeCriticalSection
GetCurrentThreadId
DeleteCriticalSection
RaiseException
Sleep
EnterCriticalSection
lstrcmpiW
GetTickCount
LeaveCriticalSection
WideCharToMultiByte
LoadLibraryExW
GetModuleFileNameW
InterlockedIncrement
GetCommandLineW
SetEvent
InterlockedDecrement
GetSystemDirectoryW
GetLocalTime
WaitForMultipleObjects
CreateProcessW
CopyFileW
GetVersionExW
ReleaseMutex
GetLastError
FindResourceExW
CreateMutexW
LoadResource
LockResource
SizeofResource
CloseHandle
CreateDirectoryW
FreeLibrary
GetProcAddress
FindResourceW
LoadLibraryW
MultiByteToWideChar
GetPrivateProfileIntW
lstrlenW
TerminateProcess
SetStdHandle
GetConsoleMode
GetConsoleCP
LoadLibraryA
GetStringTypeW
GetStringTypeA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetModuleFileNameA
GetStdHandle
HeapCreate
VirtualAlloc
VirtualFree
IsValidCodePage
GetOEMCP
ExitProcess
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
GetStartupInfoW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapSize
HeapReAlloc
HeapDestroy
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA

user32

MessageBoxW
LoadStringW
CharNextW
PostThreadMessageW
GetSystemMetrics
UnregisterClassA

advapi32

SetEntriesInAclW
BuildExplicitAccessWithNameW
GetNamedSecurityInfoW
SetNamedSecurityInfoW
SetTokenInformation
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
LookupPrivilegeValueW
OpenProcessToken
DuplicateTokenEx
AdjustTokenPrivileges
RegCreateKeyW
RegEnumKeyW
RegQueryInfoKeyW
RegDeleteValueW
DeleteService
ChangeServiceConfig2W
CreateServiceW
ChangeServiceConfigW
ControlService
StartServiceW
QueryServiceStatus
OpenServiceW
StartServiceCtrlDispatcherW
SetServiceStatus
DeregisterEventSource
ReportEventW
RegisterEventSourceW
RegisterServiceCtrlHandlerW
CloseServiceHandle
CreateProcessAsUserW
OpenSCManagerW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegOpenKeyExW
RegEnumKeyExW
RegSetValueExW
RegQueryValueExW
RegCloseKey
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyW

shell32

ShellExecuteW
SHGetFolderPathW
SHGetSpecialFolderPathW
SHGetPathFromIDListW

ole32

CoUninitialize
CoInitialize
CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
CoCreateInstance
CreateStreamOnHGlobal
CoTaskMemAlloc
CoInitializeEx

oleaut32

LoadTypeLi
SysAllocString
SysFreeString
RegisterTypeLi
SysStringLen
VarUI4FromStr
UnRegisterTypeLi

shlwapi

PathFindExtensionW
PathRemoveFileSpecW
PathAddBackslashW
PathAppendW
PathFileExistsW
PathMatchSpecW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

userenv

ExpandEnvironmentStringsForUserW

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory

Sections

.text
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

122a94f1720e4065eb413c04ef962ae2

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

version

userenv

wtsapi32

Sections

.text Size: 136KB - Virtual size: 135KB

.rdata Size: 40KB - Virtual size: 37KB

.data Size: 8KB - Virtual size: 14KB

.rsrc Size: 68KB - Virtual size: 68KB

.text
Size: 136KB - Virtual size: 135KB

.rdata
Size: 40KB - Virtual size: 37KB

.data
Size: 8KB - Virtual size: 14KB

.rsrc
Size: 68KB - Virtual size: 68KB