2b7b283a870e0cd0bbaa84329a1097cc10be847a6cc20ae7910fdb7dbc76b18c

General

Target

2b7b283a870e0cd0bbaa84329a1097cc10be847a6cc20ae7910fdb7dbc76b18c
Size

68KB
MD5

43f5335b63897223ffa261b16b7a06a5
SHA1

43fad1963f65590a0c767ee2f6238971573c1cb5
SHA256

2b7b283a870e0cd0bbaa84329a1097cc10be847a6cc20ae7910fdb7dbc76b18c
SHA512

02fff5b69af05375d4d7b820e64712bc967fb219b2b963ca3cb0a85a942cc705f95b50775f57eb2ee97d68bb7445829dce3aaaa60204cd1947424cf9a4494196
SSDEEP

1536:rt2n9Tc8TGd34MTLPaiTpC6VOoGJ+P6mAt8JKAiygo:rUn9I8Cd34MTLiilw2722

Score

N/A

Malware Config

Signatures

Files

2b7b283a870e0cd0bbaa84329a1097cc10be847a6cc20ae7910fdb7dbc76b18c
.exe windows x86

d4b05b7db023cc8aaef063f25dd617c9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

_strcmpi
_chkstk
sprintf
memcpy
strrchr
_stricmp
_snprintf
memset

shlwapi

PathCombineA

wtsapi32

WTSQuerySessionInformationA

kernel32

GetModuleHandleA
GetTickCount
GlobalMemoryStatusEx
GetVolumeInformationA
GetWindowsDirectoryA
WriteProcessMemory
VirtualAllocEx
GetProcAddress
CreateRemoteThread
VirtualFreeEx
OpenProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
HeapAlloc
GetProcessHeap
LoadLibraryA
HeapReAlloc
GetCurrentProcess
lstrcatA
lstrcpyA
GetSystemTime
GetComputerNameA
SetFileAttributesA
GetSystemDirectoryA
SystemTimeToFileTime
GetLocalTime
WriteFile
lstrlenA
MoveFileExA
GetTempPathA
GetShortPathNameA
GetModuleFileNameA
GetLastError
OpenMutexA
SetLastError
Sleep
LocalFree
WideCharToMultiByte
lstrlenW
WaitForSingleObject
CreateMutexA
GetCurrentProcessId
GetCommandLineW
GetVersionExA
ExitProcess
GetNativeSystemInfo
GetFullPathNameA
SetFileTime
FlushFileBuffers
CreateFileA
GetFileSize
ReadFile
CloseHandle
HeapFree
CreateProcessA

user32

wsprintfA

advapi32

GetTokenInformation
LookupAccountSidA
RegCreateKeyExA
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
RegQueryValueExA
AllocateAndInitializeSid
CheckTokenMembership
RegFlushKey
RegCloseKey
OpenProcessToken
FreeSid
RegSetValueExA
RegOpenKeyExA

shell32

CommandLineToArgvW
SHGetSpecialFolderPathA

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.dyndata
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d4b05b7db023cc8aaef063f25dd617c9

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

shlwapi

wtsapi32

kernel32

user32

advapi32

shell32

Sections

.text Size: 14KB - Virtual size: 14KB

.dyndata Size: 53KB - Virtual size: 53KB

.text
Size: 14KB - Virtual size: 14KB

.dyndata
Size: 53KB - Virtual size: 53KB