0593bf1d6f5733aaf12c27040fada452ba34805325b2d972bc2fafb494a9804b

Sharing

Copy URL Twitter E-mail

General

Target

0593bf1d6f5733aaf12c27040fada452ba34805325b2d972bc2fafb494a9804b
Size

392KB
MD5

04214ed4e9aa3b3c89d3eeb9c51aeee0
SHA1

1faae20fc1339b2b6412037292da54bfb41aa3e8
SHA256

0593bf1d6f5733aaf12c27040fada452ba34805325b2d972bc2fafb494a9804b
SHA512

dc5594c5f0d72974016a77510c96d6942655255c4a992f5dc3e5486561f371d99ed9e51053b3d818ac207c0f7309b34377b457facc16dc4ff61737da9e5a6a33
SSDEEP

6144:JTyF03h1O7C6aDLugbz0oB2nLAYI+8IID/7bCrzZ4zytbLT:JTyshg7CnD6g30oB2n3I+8IO/gF4zkv

Score

N/A

Malware Config

Signatures

Files

0593bf1d6f5733aaf12c27040fada452ba34805325b2d972bc2fafb494a9804b
.exe windows x86

39868728c854ede5471a129e4824ccb8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

GetSidSubAuthority
GetTokenInformation
OpenProcessToken
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
MakeSelfRelativeSD
GetSecurityDescriptorControl
EqualSid
GetSecurityDescriptorLength
AddAce
InitializeAcl
SetNamedSecurityInfoW
GetLengthSid
SetSecurityDescriptorOwner
InitializeSid
GetSecurityDescriptorOwner
CopySid
GetSidLengthRequired
IsValidSid
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
InitializeSecurityDescriptor
GetAce
GetSecurityDescriptorGroup
GetAclInformation
MakeAbsoluteSD
ConvertStringSecurityDescriptorToSecurityDescriptorW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
ConvertSidToStringSidW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegDeleteValueW
OpenThreadToken
GetTraceLoggerHandle
GetTraceEnableFlags
GetTraceEnableLevel
RegisterTraceGuidsW
UnregisterTraceGuids
TraceEvent

kernel32

TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetCurrentThread
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
FreeLibrary
InterlockedExchange
LoadLibraryA
InitializeCriticalSection
Sleep
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
HeapSize
GetLocaleInfoA
WideCharToMultiByte
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
lstrlenW
LockResource
GetModuleHandleW
LoadResource
FindResourceExW
WaitForMultipleObjects
lstrcmpiW
CloseHandle
LocalFree
LoadLibraryW
ReleaseMutex
GetEnvironmentVariableW
WaitForSingleObject
DeleteCriticalSection
CreateDirectoryW
RaiseException
DeleteFileW
FindResourceW
RemoveDirectoryW
SizeofResource
GetFileAttributesExW
lstrcmpW
OpenProcess
VerSetConditionMask
VerifyVersionInfoW
ReadProcessMemory
OutputDebugStringA
GetPrivateProfileIntW
GetPrivateProfileStringW
OutputDebugStringW
CreateFileW
TlsAlloc
SetFilePointer
CreateEventW
ResetEvent
DeviceIoControl
SetProcessWorkingSetSize
CreateProcessW
InterlockedCompareExchange
CreateMutexW
TryEnterCriticalSection
SetEvent
MoveFileExW
GetFileTime
FlushFileBuffers
ReadFile
GetVersionExW
VirtualQuery
GetTempPathW
GetThreadLocale
lstrcpynW
GlobalUnlock
GlobalFree
GlobalAlloc
GlobalLock
CreateThread
DebugActiveProcessStop
WaitForDebugEvent
ContinueDebugEvent
VirtualQueryEx
GetThreadContext
GetSystemInfo
GetProcessId
DebugActiveProcess
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
MultiByteToWideChar
FreeEnvironmentStringsA
GetModuleFileNameW
SetNamedPipeHandleState
WaitNamedPipeW
TransactNamedPipe
RtlCaptureContext
ReleaseSemaphore
CreateSemaphoreW
GetModuleFileNameA
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleA
GetProcAddress
SetUnhandledExceptionFilter
GetLastError
GetStartupInfoW
GetProcessHeap
HeapAlloc
GetVersionExA
GetLocalTime
TlsGetValue
GetUserDefaultLangID
GetSystemDefaultLangID
WritePrivateProfileStringW
GetComputerNameExW
GetOverlappedResult
ConnectNamedPipe
CreateNamedPipeW
DisconnectNamedPipe
UnregisterWait
GetProcessTimes
UnregisterWaitEx
RegisterWaitForSingleObject
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
VirtualProtect
HeapFree
DuplicateHandle

ole32

CoCreateGuid
StringFromGUID2

shell32

SHGetFolderPathW

user32

PeekMessageW
MessageBoxW
EnumWindows
IsWindowVisible
GetWindowThreadProcessId
wsprintfW
CharUpperW
CharLowerW
EmptyClipboard
OpenClipboard
CloseClipboard
UnregisterClassA
SetClipboardData
PostThreadMessageW
GetMessageW
DispatchMessageW
wvsprintfW

netapi32

NetWkstaGetInfo
NetApiBufferFree

shlwapi

PathRemoveExtensionW
PathRemoveFileSpecW
PathStripPathW
SHQueryValueExW
PathIsRelativeW
PathAppendW
PathCanonicalizeW

userenv

UnloadUserProfile

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 6KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rrdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

39868728c854ede5471a129e4824ccb8

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

ole32

shell32

user32

netapi32

shlwapi

userenv

version

Sections

.text Size: 160KB - Virtual size: 159KB

.rdata Size: 31KB - Virtual size: 31KB

.data Size: 6KB - Virtual size: 17KB

.rsrc Size: 12KB - Virtual size: 12KB

.reloc Size: 15KB - Virtual size: 15KB

.rrdata Size: 68KB - Virtual size: 68KB

.text
Size: 160KB - Virtual size: 159KB

.rdata
Size: 31KB - Virtual size: 31KB

.data
Size: 6KB - Virtual size: 17KB

.rsrc
Size: 12KB - Virtual size: 12KB

.reloc
Size: 15KB - Virtual size: 15KB

.rrdata
Size: 68KB - Virtual size: 68KB