0511d587de9b6fb038cee66ae88e06527c58c772f99310ce0411e8b63f2ee9e8

Sharing

Copy URL Twitter E-mail

General

Target

0511d587de9b6fb038cee66ae88e06527c58c772f99310ce0411e8b63f2ee9e8
Size

330KB
MD5

253920c305e719dd0d6aff23e7014690
SHA1

b8e3486c44f9d9748f6b99e21ce39fd0915021fc
SHA256

0511d587de9b6fb038cee66ae88e06527c58c772f99310ce0411e8b63f2ee9e8
SHA512

59a653b5a9bbf2dd8d13c6d34067fa99748645c742d407434f74da94dcc0085cf03d746f756e2d1e0d2a5652b9d75bcebb9dbeea986b2b56ab4b3c5c64d25ae8
SSDEEP

6144:/1zwWn+MyE3hXeqtJ9NCY4Rogjqc+Bk4YICNc4ZZPi9E:Nzw5MhxXeqt8Y4Rp2M4TCNle9E

Score

N/A

Malware Config

Signatures

Files

0511d587de9b6fb038cee66ae88e06527c58c772f99310ce0411e8b63f2ee9e8
.exe windows x86

d4deadcd34a16283a96d2c667521d6bb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetPrivateProfileStringA
FindResourceA
SizeofResource
LockResource
LoadResource
WideCharToMultiByte
FindResourceExA
GetFileAttributesA
WaitForSingleObjectEx
GetModuleHandleA
CreateEventA
GetVersionExA
Sleep
MultiByteToWideChar
GetLocalTime
SuspendThread
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
LoadLibraryA
GetProcAddress
FreeLibrary
CreateFileA
CloseHandle
SetUnhandledExceptionFilter
SetEvent
ReadFile
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
RaiseException
OpenEventA
OutputDebugStringA
OutputDebugStringW
GetLastError
lstrlenA
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
VirtualAlloc
UnmapViewOfFile
GetSystemInfo
MapViewOfFile
CreateFileMappingA
GetCurrentThread
GetModuleFileNameW
RtlUnwind
GetCommandLineA
GetStartupInfoA
HeapValidate
IsBadReadPtr
UnhandledExceptionFilter
TlsGetValue
GetModuleHandleW
TlsAlloc
TlsSetValue
TlsFree
SetLastError
TerminateProcess
IsDebuggerPresent
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
DebugBreak
GetStdHandle
WriteFile
WriteConsoleW
GetFileType
ExitProcess
LoadLibraryW
LCMapStringA
LCMapStringW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
HeapCreate
VirtualFree
FlushFileBuffers
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetFilePointer
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetModuleFileNameA

advapi32

OpenThreadToken
RevertToSelf
RegDeleteKeyW
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
OpenSCManagerA
OpenServiceA
QueryServiceStatus
CloseServiceHandle
SetThreadToken

ole32

StringFromGUID2
CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

SysFreeString
SysAllocStringLen
SysAllocString
VariantClear

shlwapi

PathRemoveExtensionA

Sections

.text
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 105KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d4deadcd34a16283a96d2c667521d6bb

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

ole32

oleaut32

shlwapi

Sections

.text Size: 164KB - Virtual size: 164KB

.rdata Size: 47KB - Virtual size: 46KB

.data Size: 4KB - Virtual size: 12KB

.rsrc Size: 105KB - Virtual size: 108KB

.text
Size: 164KB - Virtual size: 164KB

.rdata
Size: 47KB - Virtual size: 46KB

.data
Size: 4KB - Virtual size: 12KB

.rsrc
Size: 105KB - Virtual size: 108KB