5b4bdf1e35ac2f25c7110e2b4bc81854cbc6f02765791bc0799d965bd9585ce3

Sharing

Copy URL

Twitter E-mail

General

Target

5b4bdf1e35ac2f25c7110e2b4bc81854cbc6f02765791bc0799d965bd9585ce3
Size

439KB
MD5

023d2e52a8866d50c8a08ea96b89fee3
SHA1

c0c793f83f766db7152a863a9d84617ded049789
SHA256

5b4bdf1e35ac2f25c7110e2b4bc81854cbc6f02765791bc0799d965bd9585ce3
SHA512

e637a80b9b9bcd6c0ae7fb2553c7b5d10a811030414a738c9be74cf89b87fe41f4ef1df565300f7802d79a0dbca9887331fd71911ffdeae71674c991acd77be1
SSDEEP

12288:bH0Do6JPz9HTIQpPI2wyGJOsHduiLfST/:b6Bz9Hxm2GdHdDTST

Score

N/A

Malware Config

Signatures

Files

5b4bdf1e35ac2f25c7110e2b4bc81854cbc6f02765791bc0799d965bd9585ce3
.exe windows x86

2f52ede15291b4e919d442e92b6cf57c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
InterlockedExchange
VirtualProtect
VirtualQuery
LoadLibraryA
VirtualAlloc
GetProcAddress
LockResource
LoadResource
GetModuleHandleA
FindResourceExW
CreateThread
GetCommandLineW
GetModuleHandleW
GetModuleFileNameW
lstrlenW
FreeLibrary
MultiByteToWideChar
FindResourceW
LoadLibraryExW
lstrcmpiW
RaiseException
GetCurrentThreadId
SetEvent
InterlockedDecrement
DeleteCriticalSection
InitializeCriticalSection
InterlockedIncrement
GetStartupInfoW
RtlUnwind
HeapFree
HeapAlloc
SetUnhandledExceptionFilter
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
FreeResource
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
LeaveCriticalSection
EnterCriticalSection
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
WideCharToMultiByte
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
VirtualFree
GetLastError
SizeofResource
ResumeThread
SuspendThread
CreateEventW
WaitForSingleObject
TlsGetValue
CloseHandle

user32

GetMessageW
PostThreadMessageW
CharNextW
CharUpperW
TranslateMessage
DispatchMessageW

advapi32

RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegEnumKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegDeleteKeyW

ole32

CoUninitialize
CoInitialize
CoRevokeClassObject
CoCreateInstance
StringFromGUID2
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoRegisterClassObject

oleaut32

VarUI4FromStr
RegisterTypeLi
SysStringLen
SysAllocString
LoadTypeLi
UnRegisterTypeLi
SysFreeString

pdh

PdhCalculateCounterFromRawValue

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 355KB - Virtual size: 355KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 472KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2f52ede15291b4e919d442e92b6cf57c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

pdh

Sections

.text Size: 64KB - Virtual size: 63KB

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 355KB - Virtual size: 355KB

.tls Size: 512B - Virtual size: 472KB

.text
Size: 64KB - Virtual size: 63KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 355KB - Virtual size: 355KB

.tls
Size: 512B - Virtual size: 472KB