baf748592b7cfeece47842977ee17445ec439f269c28cf4e143dc34527a1a2fc

Sharing

Copy URL Twitter E-mail

General

Target

baf748592b7cfeece47842977ee17445ec439f269c28cf4e143dc34527a1a2fc
Size

677KB
MD5

1f3a6cbd92a6313d7d9f35a6733b3480
SHA1

7dc225f3db0ce4a2e470d14378da0c95f19be32c
SHA256

baf748592b7cfeece47842977ee17445ec439f269c28cf4e143dc34527a1a2fc
SHA512

8d294ceb6712ba1ba3d262f462da1b3eb00850a62e826450fb1cecc51dc0225638c7cc734746162e3f8605e5d9a0d23e4f935384a419c95e48f818e4de9412d2
SSDEEP

12288:Z6CFefl47tG/qKsUwvLElh5eB9XYJZp5tz41TiDAoyw/A0d:Z62Ol45G/1wTElmzYJZPtETqNtA0

Score

N/A

Malware Config

Signatures

Files

baf748592b7cfeece47842977ee17445ec439f269c28cf4e143dc34527a1a2fc
.exe windows x64

6c49acb7eeae719985abb338cdec213a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegCreateKeyExW
RegQueryInfoKeyW
RegDeleteValueW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegSetValueExW
RegQueryValueExW
IsValidRelativeSecurityDescriptor
MakeAbsoluteSD
InitializeSecurityDescriptor
InitializeAcl
MakeSelfRelativeSD
IsValidSecurityDescriptor
AllocateAndInitializeSid
GetLengthSid
AddAccessAllowedAce
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
FreeSid
GetSecurityDescriptorDacl
IsValidAcl
GetAclInformation
GetAce
AddAccessDeniedAce
EqualSid
DeleteAce
RegEnumValueW
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
CryptGetUserKey
CryptGenKey
CryptExportKey
CryptImportKey
CryptDecrypt
CryptEncrypt
EventWrite
EventRegister
EventUnregister

kernel32

LeaveCriticalSection
GetModuleFileNameW
MultiByteToWideChar
lstrlenW
RaiseException
GetLastError
GetProcAddress
EnterCriticalSection
GetModuleHandleW
lstrcmpiW
DeleteCriticalSection
CloseHandle
HeapAlloc
GetProcessHeap
HeapFree
WideCharToMultiByte
CreateThread
WaitForSingleObject
GetACP
HeapSetInformation
CompareStringW
GetCurrentThreadId
SetEvent
GetCommandLineW
Sleep
ResetEvent
SizeofResource
GetSystemDirectoryW
LoadLibraryExA
DelayLoadFailureHook
OutputDebugStringA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetStartupInfoW
GetVersionExA
LoadLibraryW
SetLastError
InitializeCriticalSection
LoadLibraryExW
LoadResource
FreeLibrary
FindResourceW
CreateEventW

user32

UnregisterClassA
LoadStringW
DispatchMessageW
TranslateMessage
GetMessageW
CharUpperW
PostThreadMessageW
CharNextW

msvcrt

__wgetmainargs
memcmp
_CxxThrowException
??0exception@@QEAA@AEBV0@@Z
wcsncmp
iswdigit
_callnewh
_exit
__CxxFrameHandler3
_onexit
_lock
__dllonexit
_unlock
??1type_info@@UEAA@XZ
_errno
realloc
?terminate@@YAXXZ
__set_app_type
_fmode
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBDH@Z
__C_specific_handler
memset
_wtoi
_vsnwprintf
wcscat_s
wcscpy_s
memcpy_s
_purecall
malloc
free
wcsncpy_s
_commode
__setusermatherr
_amsg_exit
_initterm
_wcmdln
exit
_wtol
_cexit
_XcptFilter
memcpy

shlwapi

StrCmpIW

oleaut32

UnRegisterTypeLi
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
RegisterTypeLi
SysAllocString
SysAllocStringByteLen
SysStringByteLen
LoadRegTypeLi
SysFreeString
VarUI4FromStr
LoadTypeLi
VarBstrCmp
SysStringLen
SysAllocStringLen
VarBstrCat

ole32

CoWaitForMultipleHandles
CoSuspendClassObjects
CoRevokeClassObject
CoRegisterClassObject
CoCreateInstance
StringFromGUID2
CoResumeClassObjects
CoUninitialize
CoInitializeEx
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsW
WTSQuerySessionInformationW

shell32

SHGetSpecialFolderPathW
ShellExecuteW

netapi32

NetApiBufferFree
NetLocalGroupAdd
NetLocalGroupDel
NetLocalGroupGetMembers
NetLocalGroupDelMembers
NetLocalGroupAddMembers
NetLocalGroupGetInfo

crypt32

CryptBinaryToStringW
CryptStringToBinaryW

Sections

.text
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 556KB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6c49acb7eeae719985abb338cdec213a

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

msvcrt

shlwapi

oleaut32

ole32

wtsapi32

shell32

netapi32

crypt32

Sections

.text Size: 100KB - Virtual size: 100KB

.data Size: 1KB - Virtual size: 3KB

.pdata Size: 4KB - Virtual size: 3KB

.rsrc Size: 14KB - Virtual size: 13KB

.reloc Size: 556KB - Virtual size: 2.4MB

.text
Size: 100KB - Virtual size: 100KB

.data
Size: 1KB - Virtual size: 3KB

.pdata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 14KB - Virtual size: 13KB

.reloc
Size: 556KB - Virtual size: 2.4MB