afb6b29967d12e2c42db43f878ac08c11f7cab3a44983f57c7c98135ffc6e75c

Sharing

Copy URL Twitter E-mail

General

Target

afb6b29967d12e2c42db43f878ac08c11f7cab3a44983f57c7c98135ffc6e75c
Size

60KB
MD5

490f9d910e907b62bbad97d5948ff930
SHA1

a0cb0b2de5aaaaf227ad1c5da8d9cc7a99b6ff5f
SHA256

afb6b29967d12e2c42db43f878ac08c11f7cab3a44983f57c7c98135ffc6e75c
SHA512

ec7585fd530dc3e9f30941c9359659cc5e0f4bc73eb4590c29db53fb402ce72581a9f9636129509c92c2c6a866275d43dfcb1b9d6446545381762f1d3faa8539
SSDEEP

1536:hNrEeUIUONzShS+OduftiwVIlxeYOzJy/ds:hpEeUILNGEddukPT3OzJCe

Score

N/A

Malware Config

Signatures

Files

afb6b29967d12e2c42db43f878ac08c11f7cab3a44983f57c7c98135ffc6e75c
.exe windows x86

4ca62241e8bf6c63434d71087c1b9334

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyW
RegCreateKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegDeleteKeyW
RegDeleteValueW
IsTextUnicode
RegGetKeySecurity
RegConnectRegistryW
RegEnumKeyExW
RegSetKeySecurity

kernel32

GetConsoleScreenBufferInfo
SetConsoleCtrlHandler
GetFileSize
ReadFile
GetFileTime
VirtualFree
CreateFileW
CopyFileW
CloseHandle
MultiByteToWideChar
SetLastError
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
OutputDebugStringA
InterlockedCompareExchange
Sleep
InterlockedExchange
VirtualAlloc
GetProcessHeap
HeapFree
HeapAlloc
GetLastError
GetStdHandle

msvcrt

iswctype
?terminate@@YAXXZ
_controlfp
_fileno
_isatty
wcstoul
atoi
_stricmp
memmove
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
_XcptFilter
_exit
_cexit
__getmainargs
wcschr
_vsnwprintf
_errno
exit
tolower
memset
_iob
_wcsnicmp
_wcsicmp
vfprintf

ntdll

RtlUnwind
RtlCompareMemory
RtlAdjustPrivilege
NtLoadKey
NtUnloadKey
NtOpenKey
RtlInitUnicodeString
RtlDosPathNameToNtPathName_U
RtlSetDaclSecurityDescriptor
RtlNtStatusToDosError
RtlCreateSecurityDescriptor
NtClose
NtFlushKey
RtlFreeUnicodeString
RtlFormatCurrentUserKeyPath
RtlCopySid
RtlAllocateHeap
RtlLengthSid
RtlAddAce
RtlFreeHeap
RtlCreateAcl
RtlGetDaclSecurityDescriptor
RtlSubAuthoritySid
RtlInitializeSid
RtlLengthRequiredSid
RtlEqualSid
RtlGetAce

Sections

.text
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4ca62241e8bf6c63434d71087c1b9334

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

ntdll

Sections

.text Size: 35KB - Virtual size: 35KB

.data Size: 2KB - Virtual size: 4KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 20KB - Virtual size: 23KB

.text
Size: 35KB - Virtual size: 35KB

.data
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 20KB - Virtual size: 23KB