f14ff8fddd920633e8768f62caa796442cef243da8725ca783c23c362d47451c

Sharing

Copy URL Twitter E-mail

General

Target

f14ff8fddd920633e8768f62caa796442cef243da8725ca783c23c362d47451c
Size

21.4MB
MD5

3160dad71bf35b1fdf5dae4581146318
SHA1

195287ad606a1dca17017ac50287bf060c7b83a3
SHA256

f14ff8fddd920633e8768f62caa796442cef243da8725ca783c23c362d47451c
SHA512

d0c145cbb30b8f532522347e4572b88ddfc81005c510d9e21116ab035c870de3788d79fe47d0159eefc02ca9edd5e7fa1d6789fc2cab404d5bae85587b3a3d75
SSDEEP

393216:oprHiWH5q6UDdJw5UbtdPV7fG2/jQmTl2bPc4HwFwrriKIy4UPVZBT2UOoZoPzdC:KD46szrbj97fGWjeE4HwFwXBcYVZBDPt

Score

N/A

Malware Config

Signatures

Files

f14ff8fddd920633e8768f62caa796442cef243da8725ca783c23c362d47451c
.exe windows x86

5810a363bd51458549e428ca3faf4947

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

OpenProcessToken
CryptAcquireContextW
GetTokenInformation
RegQueryValueExA
CryptReleaseContext
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegOpenKeyExA
CryptGenRandom
InitializeAcl
AllocateAndInitializeSid
AddAccessAllowedAce
GetLengthSid
RegCloseKey
RegQueryValueExW
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW

kernel32

GetFileAttributesW
MultiByteToWideChar
GetLastError
GetCurrentDirectoryW
GetProcAddress
RemoveDirectoryW
DeleteFileW
LocalFree
CreateFileA
MoveFileExA
SetErrorMode
SystemTimeToFileTime
GetCurrentProcess
GetTickCount
ExpandEnvironmentStringsA
GetDriveTypeA
GetVersionExW
GetFileAttributesA
GetSystemDirectoryA
CreateDirectoryA
RemoveDirectoryA
LoadLibraryA
QueryDosDeviceW
GetDiskFreeSpaceA
DeviceIoControl
CloseHandle
GetTempPathA
GetSystemTime
QueryPerformanceCounter
GetCurrentProcessId
Sleep
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
ExitProcess
GetCommandLineW
HeapAlloc
LocalFileTimeToFileTime
ReadFile
GetCurrentThreadId
WideCharToMultiByte
SetFileTime
SetEndOfFile
SetFilePointer
DosDateTimeToFileTime
GetModuleHandleW
SetFileAttributesW
SetCurrentDirectoryW
LoadLibraryW
GetProcessHeap
CreateDirectoryW
HeapFree
MoveFileExW
FindResourceW
FreeLibrary
LoadResource
CreateProcessW
GetSystemWindowsDirectoryW
WaitForSingleObject
WriteFile
GetSystemDirectoryW
SizeofResource
GetExitCodeProcess
CreateFileW
LockResource

ntdll

wcsstr
tolower
_wcslwr
strlen
towlower
_wcsicmp
towupper
memset
DbgPrint
wcslen
_wcsnicmp
memcpy
sprintf

shell32

CommandLineToArgvW

cabinet

ord20
ord22
ord21

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 20.9MB - Virtual size: 20.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vmp0
Size: 500KB - Virtual size: 1.6MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5810a363bd51458549e428ca3faf4947

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

ntdll

shell32

cabinet

Sections

.text Size: 16KB - Virtual size: 15KB

.data Size: 512B - Virtual size: 64KB

.idata Size: 3KB - Virtual size: 2KB

.rsrc Size: 20.9MB - Virtual size: 20.9MB

.reloc Size: 2KB - Virtual size: 1KB

.vmp0 Size: 500KB - Virtual size: 1.6MB

.text
Size: 16KB - Virtual size: 15KB

.data
Size: 512B - Virtual size: 64KB

.idata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 20.9MB - Virtual size: 20.9MB

.reloc
Size: 2KB - Virtual size: 1KB

.vmp0
Size: 500KB - Virtual size: 1.6MB