9d20dbf8db16abedf4c5c39c29f01b361a727121fd617c2af35f1c949b0c40cd

Sharing

Copy URL Twitter E-mail

General

Target

9d20dbf8db16abedf4c5c39c29f01b361a727121fd617c2af35f1c949b0c40cd
Size

468KB
MD5

1617ca55aaa18abe6004f2a91fde4a00
SHA1

d9f9c880547aef093aa0207f1699df15b06e25ec
SHA256

9d20dbf8db16abedf4c5c39c29f01b361a727121fd617c2af35f1c949b0c40cd
SHA512

cb2230035ee10059149c6c4174c6c84363539b9ef953beee60cf1d312453f5ebeb062524cdd289d803192aa760c860eda36ab3d721b2ee022d5743dd3a596bdf
SSDEEP

6144:ntnV5Kz69RZT8neGtwDz8mghvvpOPP/q8/M/FHGvWzCYWKOi9Ts:npKz6RZT8e6wEbv43S8/M/FHO8RWbwI

Score

N/A

Malware Config

Signatures

Files

9d20dbf8db16abedf4c5c39c29f01b361a727121fd617c2af35f1c949b0c40cd
.exe windows x86

bf991bd3de2fc9b441110fc1d6af7059

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InitializeCriticalSectionAndSpinCount
GetUserDefaultLangID
GetWindowsDirectoryW
GetModuleFileNameW
LoadLibraryExW
GetLocalTime
CloseHandle
Sleep
GetCurrentThreadId
TerminateProcess
GetCurrentProcessId
GetCurrentProcess
OpenProcess
GetProcessHeap
HeapFree
HeapAlloc
LocalFree
InterlockedDecrement
GetVersionExW
MoveFileExW
CopyFileW
ExpandEnvironmentStringsW
GetTickCount
FindFirstFileW
DeleteFileW
GetCurrentDirectoryW
SetCurrentDirectoryW
OutputDebugStringW
GetCommandLineW
GetModuleHandleExW
LoadLibraryW
FindClose
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetEnvironmentVariableA
ReadConsoleW
InitializeCriticalSection
SetLastError
GetLastError
GetProcAddress
FreeLibrary
InterlockedExchange
FlushFileBuffers
WriteConsoleW
SetStdHandle
SetFilePointerEx
GetModuleHandleW
GetFileAttributesW
FindNextFileW
RemoveDirectoryW
CreateFileW
ReadFile
CreateDirectoryW
WriteFile
GetTempPathW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetErrorMode
CreateProcessW
WaitForSingleObject
WideCharToMultiByte
MultiByteToWideChar
InterlockedIncrement
GetStringTypeW
EncodePointer
DecodePointer
RaiseException
RtlUnwind
GetFileAttributesExW
GetSystemTimeAsFileTime
IsDebuggerPresent
IsProcessorFeaturePresent
FindFirstFileExW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
CompareStringW
LCMapStringW
GetStdHandle
ExitProcess
HeapSize
IsValidCodePage
GetACP
GetOEMCP
GetFileType
QueryPerformanceCounter
HeapReAlloc
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode

user32

CloseDesktop
OpenDesktopW
FindWindowW
GetWindowThreadProcessId
SystemParametersInfoW
UnloadKeyboardLayout
LoadKeyboardLayoutW
LoadStringW
GetKeyboardLayoutList

advapi32

RegCreateKeyExW
OpenProcessToken
RegOpenKeyExW
FreeSid
RegSetValueExW
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegEnumValueW
RegDeleteValueW
AllocateAndInitializeSid
SetEntriesInAclW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
GetNamedSecurityInfoW
SetNamedSecurityInfoW
GetAce
GetFileSecurityW
MapGenericMask
ConvertStringSidToSidW
RegUnLoadKeyW
RegQueryValueExW
RegLoadKeyW
RegEnumKeyW
RegDeleteKeyW
DuplicateTokenEx
CreateProcessAsUserW
GetUserNameW
GetLengthSid
GetSidSubAuthorityCount
GetSidSubAuthority
SetTokenInformation
RegOpenKeyW
LookupAccountSidW
GetAclInformation
GetSecurityDescriptorDacl
AdjustTokenPrivileges
LookupPrivilegeValueW
GetTokenInformation

shell32

SHGetSpecialFolderPathW
SHFileOperationW
ord165
SHGetFolderPathW
ShellExecuteW

ole32

CoInitializeEx
CoInitialize
StringFromIID
IIDFromString
CoUninitialize
CoCreateInstance
CoTaskMemFree

oleaut32

VariantInit
SysAllocString
SysFreeString
VariantClear

shlwapi

PathFindFileNameW
SHDeleteKeyW
PathAppendW
StrStrIW
PathFileExistsW
PathQuoteSpacesW
PathRemoveFileSpecW

imm32

ImmInstallIMEW
ImmGetIMEFileNameW
ImmGetHotKey
ImmSetHotKey
ImmDisableIME

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Sections

.text
Size: 239KB - Virtual size: 239KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 6KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 115KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

bf991bd3de2fc9b441110fc1d6af7059

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

imm32

version

Sections

.text Size: 239KB - Virtual size: 239KB

.rdata Size: 70KB - Virtual size: 69KB

.data Size: 6KB - Virtual size: 16KB

.rsrc Size: 27KB - Virtual size: 27KB

.reloc Size: 115KB - Virtual size: 116KB

.text
Size: 239KB - Virtual size: 239KB

.rdata
Size: 70KB - Virtual size: 69KB

.data
Size: 6KB - Virtual size: 16KB

.rsrc
Size: 27KB - Virtual size: 27KB

.reloc
Size: 115KB - Virtual size: 116KB