b878058400111ad01eb49ef0d08404c23f42bf2f6a81bdc2f152bef1fd16462e

Sharing

Copy URL

Twitter E-mail

General

Target

b878058400111ad01eb49ef0d08404c23f42bf2f6a81bdc2f152bef1fd16462e
Size

1.2MB
MD5

58aa1601977688bea87b137d8fff8757
SHA1

ae3604560eed2eea86eaaa34233ee4cc79068e8c
SHA256

b878058400111ad01eb49ef0d08404c23f42bf2f6a81bdc2f152bef1fd16462e
SHA512

678d22ee2ccc993ec434074c6b03da7a9111fbd7d8a0365182e8e30fd4facbac9bba6e7772897c08ba9d429d2b0d3985767153f73356ba3d8e90a5605c70942c
SSDEEP

12288:+w6Nq9hrMqxN/xii2uuIp/2+nLuVW/b0D92G+MWudwJcNycN0F:hrMCN1IW/b0DQGRa3

Score

N/A

Malware Config

Signatures

Files

b878058400111ad01eb49ef0d08404c23f42bf2f6a81bdc2f152bef1fd16462e
.exe windows x86

a0deb9cc9f6fb3b118961ddb05cfe3c6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeConsole
AcquireSRWLockExclusive
AssignProcessToJobObject
CompareStringW
ConnectNamedPipe
CreateDirectoryW
CreateEventW
CreateFileMappingW
CreateFileW
CreateIoCompletionPort
CreateJobObjectW
CreateMutexW
CreateNamedPipeW
CreateProcessW
CreateRemoteThread
CreateSemaphoreW
DebugBreak
DeleteFileW
DisconnectNamedPipe
DuplicateHandle
EncodePointer
EnterCriticalSection
EnumSystemLocalesEx
EnumSystemLocalesW
ExitProcess
ExpandEnvironmentStringsW
FileTimeToSystemTime
FindClose
FindFirstFileExW
FindNextFileW
FlushFileBuffers
FlushViewOfFile
FormatMessageA
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetComputerNameExW
GetConsoleCP
GetConsoleMode
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetDateFormatW
GetDriveTypeW
GetEnvironmentStringsW
GetExitCodeProcess
GetFileAttributesW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFileSizeEx
GetFileType
GetFullPathNameW
GetLocalTime
GetLocaleInfoW
GetLongPathNameW
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
WideCharToMultiByte
GetNativeSystemInfo
GetOEMCP
GetProcAddress
GetProcessHandleCount
GetProcessHeaps
GetProcessId
GetProcessTimes
ResumeThread
RtlCaptureContext
RtlCaptureStackBackTrace
RtlUnwind
SearchPathW
SetConsoleCtrlHandler
SetCurrentDirectoryW
SetEndOfFile
LeaveCriticalSection
SetEvent
WaitForSingleObject
CreateEventA
GetModuleFileNameA
ReadFile
SetFilePointerEx
GetConsoleOutputCP
GetStringTypeW
SetStdHandle
HeapQueryInformation
SetEnvironmentVariableW
IsValidCodePage
GetUserDefaultLCID
IsValidLocale
LCMapStringW
GetTimeFormatW
WriteConsoleW
WriteFile
GetStdHandle
HeapValidate
VirtualQuery
GetSystemInfo
ReadConsoleW
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedFlushSList
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
ResetEvent
InitializeCriticalSectionAndSpinCount
OutputDebugStringW
IsDebuggerPresent
LoadLibraryExA
VirtualFree
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
GetSystemDefaultLCID
MultiByteToWideChar
VirtualProtect
VirtualAlloc
GetTickCount
GetExitCodeThread
GetCurrentThreadId
CreateThread
WaitForMultipleObjects
Sleep
DeleteCriticalSection
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
SetLastError
GetLastError
RaiseException
CloseHandle
GetModuleHandleW
DecodePointer

user32

GetParent
GetWindowLongA
MapWindowPoints
MessageBoxA
GetWindowRect
GetClientRect
EndDialog
SetWindowPos
IsWindow
UnregisterClassA
CharNextW
GetActiveWindow
SetWindowLongA
DispatchMessageA
GetWindow
MonitorFromWindow
GetMonitorInfoA
AllowSetForegroundWindow
CloseDesktop
CloseWindowStation
CharNextA
CharUpperA
DialogBoxParamA
PostThreadMessageA
CreateDesktopW
GetMessageA
UnregisterClassW
TranslateMessage
SetProcessWindowStation
SetProcessDPIAware
SendMessageTimeoutW
RegisterClassW
PostMessageW
GetWindowThreadProcessId
GetUserObjectInformationW
GetThreadDesktop
GetProcessWindowStation
GetMessageW
FindWindowExW
DispatchMessageW
DestroyWindow
DefWindowProcW
CreateWindowStationW
CreateWindowExW

advapi32

RegDeleteKeyA
SystemFunction036
SetTokenInformation
SetThreadToken
SetSecurityInfo
SetKernelObjectSecurity
SetEntriesInAclW
RevertToSelf
RegSetValueExW
RegQueryValueExW
MapGenericMask
LookupPrivilegeValueW
IsValidSid
InitializeSid
ImpersonateNamedPipeClient
ImpersonateLoggedOnUser
GetTokenInformation
GetSidSubAuthority
GetSecurityInfo
GetSecurityDescriptorSacl
RegOpenKeyExA
RegQueryInfoKeyA
RegCloseKey

ole32

CoReleaseServerProcess
CoAddRefServerProcess
CoCreateInstance
CoRevokeClassObject
CoRegisterClassObject
CoInitializeEx
CoUninitialize
CoTaskMemFree
CoTaskMemRealloc
StringFromGUID2
CoResumeClassObjects

oleaut32

UnRegisterTypeLi
SafeArrayDestroy
SysStringLen
RegisterTypeLi
LoadTypeLi
SysFreeString
SysAllocString
GetErrorInfo
VariantClear
VariantInit

shlwapi

PathMatchSpecW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

winmm

timeGetTime

Sections

.text
Size: 728KB - Virtual size: 728KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 178KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 357KB - Virtual size: 373KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 270B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a0deb9cc9f6fb3b118961ddb05cfe3c6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

version

winmm

Sections

.text Size: 728KB - Virtual size: 728KB

.rdata Size: 178KB - Virtual size: 177KB

.data Size: 357KB - Virtual size: 373KB

.idata Size: 8KB - Virtual size: 8KB

.tls Size: 1024B - Virtual size: 777B

.00cfg Size: 512B - Virtual size: 270B

.rsrc Size: 3KB - Virtual size: 2KB

.text
Size: 728KB - Virtual size: 728KB

.rdata
Size: 178KB - Virtual size: 177KB

.data
Size: 357KB - Virtual size: 373KB

.idata
Size: 8KB - Virtual size: 8KB

.tls
Size: 1024B - Virtual size: 777B

.00cfg
Size: 512B - Virtual size: 270B

.rsrc
Size: 3KB - Virtual size: 2KB