cf95178164257fb43b4c3dd62a06b81ffe01866a44ee812ee2be2d4fa45e653f

Sharing

Copy URL

Twitter E-mail

General

Target

cf95178164257fb43b4c3dd62a06b81ffe01866a44ee812ee2be2d4fa45e653f
Size

638KB
MD5

5f7e77c8bb1dc52968ebc0017a4def40
SHA1

b4e7ca5283fc2007ed7cf3c22d113ec124c850d2
SHA256

cf95178164257fb43b4c3dd62a06b81ffe01866a44ee812ee2be2d4fa45e653f
SHA512

9e17b482184325318a0a2128e75d6c7096c95be3db4a58fae836f250f8f8c8bf0d5ff8f9595035579be613ab222107648befbfbf899206355fe131333fe6fd9d
SSDEEP

12288:3vbAFUegnLnOrSMFyHrOud2Im/7YPnA0Hvc47MAgwaElnH5hX:3vbBnnOtYOIm/0AyHMAVX

Score

N/A

Malware Config

Signatures

Files

cf95178164257fb43b4c3dd62a06b81ffe01866a44ee812ee2be2d4fa45e653f
.exe windows x86

29c62348034d79c9b244252c6f2cfdb5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegEnumValueW
RegQueryInfoKeyW
RegCloseKey
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegCreateKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegSaveKeyW
GetTokenInformation
I_QueryTagInformation

kernel32

LocalAlloc
GetTimeFormatW
GetDateFormatW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetSystemTimeAsFileTime
GetLastError
CompareStringOrdinal
GetModuleHandleW
FormatMessageW
lstrcmpiW
CloseHandle
GetCurrentProcess
DeleteFileW
FreeLibrary
LoadLibraryExW
lstrlenW
HeapSetInformation
GetFullPathNameW
GetTempPathW
SetConsoleCtrlHandler
GetProcAddress
LoadLibraryW
FindClose
FindNextFileW
FindFirstFileW
CopyFileW
LocalFree
RaiseException
LoadLibraryA
WriteConsoleW
ExitProcess
GetConsoleOutputCP
HeapReAlloc
HeapFree
HeapSize
HeapAlloc
GetProcessHeap
HeapValidate
WideCharToMultiByte
GetFileType
GetStdHandle
GetConsoleMode
SetThreadUILanguage
SetLastError
UnhandledExceptionFilter
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
InterlockedCompareExchange
Sleep
InterlockedExchange
GetLocalTime

msvcrt

fprintf
fflush
_controlfp
_except_handler4_common
?terminate@@YAXXZ
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_wcstoui64
_itow_s
_ui64tow_s
_wcsnicmp
_purecall
_CxxThrowException
_wtoi
memcpy
wcstoul
swprintf_s
wcscpy_s
wcscat_s
__CxxFrameHandler3
??2@YAPAXI@Z
??3@YAXPAX@Z
_wcsicmp
printf
memset
_vsnwprintf
__iob_func
wprintf
_memicmp
_get_osfhandle
_errno
_fileno

ntdll

RtlLoadString
RtlNtStatusToDosError
NtPowerInformation

user32

GetSystemMetrics
LoadStringW
SystemParametersInfoW

ws2_32

WSACleanup

shlwapi

PathIsDirectoryW
PathAppendW
SHDeleteKeyW
SHCopyKeyW

shell32

SHGetFolderPathAndSubDirW

rpcrt4

UuidFromStringW
UuidToStringW
RpcStringFreeW
UuidEqual

powrprof

PowerWriteSettingAttributes
PowerWritePossibleValue
PowerReadSecurityDescriptor
PowerWriteDescription
PowerRemovePowerSetting
PowerWriteSecurityDescriptor
PowerReadPossibleValue
PowerRestoreIndividualDefaultPowerScheme
PowerRestoreDefaultPowerSchemes
GetActivePwrScheme
ReadPwrScheme
PowerPolicyToGUIDFormat
PowerWriteFriendlyName
PowerWriteACDefaultIndex
PowerWriteDCDefaultIndex
PowerWriteValueIncrement
PowerWriteValueMax
PowerWriteValueMin
PowerDuplicateScheme
PowerReadSettingAttributes
PowerEnumerate
PowerReadValueMin
PowerReadValueMax
PowerReadValueIncrement
PowerReadValueUnitsSpecifier
PowerApplyPowerRequestOverride
GetPwrCapabilities
WriteGlobalPwrPolicy
WritePwrScheme
CallNtPowerInformation
EnumPwrSchemes
PowerGetActiveScheme
ReadGlobalPwrPolicy
DevicePowerEnumDevices
DevicePowerClose
DevicePowerOpen
DevicePowerSetDeviceState
PowerImportPowerScheme
PowerOpenUserPowerKey
PowerReadDCValueIndex
PowerReadACValueIndex
PowerSetActiveScheme
PowerWriteDCValueIndex
PowerWriteACValueIndex
PowerReplaceDefaultPowerSchemes
PowerReadFriendlyName
PowerReadPossibleFriendlyName
PowerDeleteScheme

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 584KB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

29c62348034d79c9b244252c6f2cfdb5

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

ntdll

user32

ws2_32

shlwapi

shell32

rpcrt4

powrprof

Sections

.text Size: 50KB - Virtual size: 50KB

.data Size: 512B - Virtual size: 3KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 584KB - Virtual size: 2.3MB

.text
Size: 50KB - Virtual size: 50KB

.data
Size: 512B - Virtual size: 3KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 584KB - Virtual size: 2.3MB