2ac64b3778ace2f0fc43a59152d29bfb5f9c32692f3ab21bab8a44214d8eba28

Sharing

Copy URL

Twitter E-mail

General

Target

2ac64b3778ace2f0fc43a59152d29bfb5f9c32692f3ab21bab8a44214d8eba28
Size

477KB
MD5

43cf0139c044da09f7e3d0028e5a8040
SHA1

b3b9fa1474fbca2bc3e105c2dda4d2e5d3daa099
SHA256

2ac64b3778ace2f0fc43a59152d29bfb5f9c32692f3ab21bab8a44214d8eba28
SHA512

66363288d7c663e8c5a6f0a8f16401ce847f8834db7f06764f7e8c517c2d01725dafe51d224bbf2e6b1967b1d12c1d81a8cdd4f9160c850aef424430d4b8b7a3
SSDEEP

6144:KcXH5OIeQrVpJzvkwprLE7dGKVBAbOKGIy/5h8xOBT63WB99+4:KcJOkrV3XnZKVBA6KGISDic99

Score

N/A

Malware Config

Signatures

Files

2ac64b3778ace2f0fc43a59152d29bfb5f9c32692f3ab21bab8a44214d8eba28
.exe windows x86

c2dfc999bf94a58d5e9718cfc85741dc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

setupapi

SetupDiGetDeviceRegistryPropertyW
SetupDiSetDeviceRegistryPropertyW
SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList

wtsapi32

WTSEnumerateSessionsW
WTSEnumerateProcessesW
WTSFreeMemory

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

ReleaseMutex
OpenProcess
CreateToolhelp32Snapshot
Process32FirstW
GetProcAddress
Process32NextW
GetModuleHandleA
GetCurrentProcess
GetVersionExW
GetSystemDirectoryW
CreateDirectoryW
GetModuleFileNameW
GetCurrentThreadId
Sleep
LoadLibraryW
FindResourceW
LoadResource
LockResource
CreateProcessW
SizeofResource
lstrlenW
WaitForMultipleObjects
FreeLibrary
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleW
SetThreadPriority
TerminateThread
TerminateProcess
LoadLibraryExW
RaiseException
ResetEvent
lstrcmpiW
InterlockedIncrement
GetTickCount
DisconnectNamedPipe
InterlockedDecrement
CancelIo
PeekNamedPipe
ExitThread
CreateEventW
GetOverlappedResult
CreateThread
CreateNamedPipeW
ConnectNamedPipe
SetEvent
GetCurrentThread
LocalFree
SetUnhandledExceptionFilter
lstrcpyW
SetErrorMode
GetCommandLineW
WideCharToMultiByte
OpenEventW
GetCommState
SetCommState
SetCommMask
PurgeComm
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
IsValidCodePage
GetOEMCP
GetCPInfo
GetModuleFileNameA
GetStdHandle
GetCurrentDirectoryA
GetFullPathNameW
ExitProcess
CreateMutexW
CloseHandle
GetLastError
MultiByteToWideChar
DeleteFileW
GetFileSize
SetEndOfFile
SetFilePointer
HeapValidate
WriteFile
HeapSize
HeapFree
ReadFile
HeapAlloc
CreateFileW
GetProcessHeap
EnterCriticalSection
DeleteCriticalSection
IsBadCodePtr
InitializeCriticalSection
LeaveCriticalSection
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetDriveTypeA
FlushFileBuffers
CreateFileA
CompareStringA
VirtualFree
HeapCreate
HeapDestroy
SetLastError
TlsFree
TlsSetValue
CompareStringW
SetEnvironmentVariableA
TlsAlloc
TlsGetValue
RtlUnwind
SetStdHandle
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
LoadLibraryA
GetStartupInfoW
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
HeapReAlloc
FindFirstFileW
GetDriveTypeW
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
GetFileAttributesW
MoveFileW
IsDebuggerPresent
UnhandledExceptionFilter
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange

user32

MessageBoxExW
UnregisterClassW
DestroyWindow
PostMessageW
UnregisterClassA
RegisterClassW
DefWindowProcW
LoadStringW
PostThreadMessageW
CharUpperW
TranslateMessage
GetMessageW
DispatchMessageW
PeekMessageW
MessageBoxW
MsgWaitForMultipleObjects
CharNextW
CharUpperBuffW
wsprintfW
CreateWindowExW

advapi32

ControlService
CopySid
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
StartServiceCtrlDispatcherW
CloseServiceHandle
SetServiceStatus
CreateServiceW
DeregisterEventSource
ReportEventW
RegisterEventSourceW
OpenSCManagerW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegisterServiceCtrlHandlerW
OpenThreadToken
DeleteService
GetTokenInformation
IsValidSid
OpenServiceW
GetLengthSid
InitializeSecurityDescriptor
RegEnumKeyExW
SetSecurityDescriptorDacl
RegDeleteKeyW
RegSetValueExW
RegDeleteValueW
CreateProcessAsUserW
RegQueryValueExW
RegQueryInfoKeyW
GetUserNameW
RegEnumKeyW
RevertToSelf
ImpersonateLoggedOnUser
RegCloseKey
OpenProcessToken
RegCreateKeyExW
RegOpenKeyExW

shell32

SHGetSpecialFolderPathW
SHGetFolderPathW

ole32

CoTaskMemRealloc
CoCreateGuid
CoTaskMemFree
StringFromCLSID
CoTaskMemAlloc
CoResumeClassObjects
CoRevokeClassObject
CoInitializeSecurity
CoInitializeEx
CoRegisterClassObject
CoUninitialize
StringFromGUID2
CoSuspendClassObjects
CoCreateInstance

oleaut32

SafeArrayUnaccessData
SafeArrayAccessData
VarBstrCmp
VariantClear
VariantInit
SafeArrayPutElement
SafeArrayCreate
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayDestroy
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
VarBstrCat
SysAllocStringLen
SysFreeString
SysStringLen
SysAllocStringByteLen
SysStringByteLen
SysAllocString

shlwapi

PathAppendW

Sections

.text
Size: 275KB - Virtual size: 275KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rmnet
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c2dfc999bf94a58d5e9718cfc85741dc

Headers

File Characteristics

Imports

userenv

setupapi

wtsapi32

version

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

Sections

.text Size: 275KB - Virtual size: 275KB

.rdata Size: 102KB - Virtual size: 101KB

.data Size: 15KB - Virtual size: 23KB

.rsrc Size: 27KB - Virtual size: 26KB

.rmnet Size: 56KB - Virtual size: 60KB

.text
Size: 275KB - Virtual size: 275KB

.rdata
Size: 102KB - Virtual size: 101KB

.data
Size: 15KB - Virtual size: 23KB

.rsrc
Size: 27KB - Virtual size: 26KB

.rmnet
Size: 56KB - Virtual size: 60KB