64158ef5a79e9da2914415bdbf795ae523af9185e6f17a958f29343eaae184ca

Sharing

Copy URL Twitter E-mail

General

Target

64158ef5a79e9da2914415bdbf795ae523af9185e6f17a958f29343eaae184ca
Size

1.6MB
MD5

86cb000a688892c1ba208b6c2a885364
SHA1

af8b68f629a89724c5aa43d2ce6d90f77372dea5
SHA256

64158ef5a79e9da2914415bdbf795ae523af9185e6f17a958f29343eaae184ca
SHA512

5463eba1c879af360951745ed8505e9bfa9d9b1b3fb4e4cfc42cca9c1054c31686e83103f6fe8f1eb5b8a26e7638181d954747babad4c18f818e0ef4b05e8e68
SSDEEP

24576:GN+59JkgDF2VHlXHFFol0vANrsT+GujRAkZBSAdHw2DkH2WWJ9iXAT:r9Sgp2PKG0VoAdQ2DkWNJ9iw

Score

N/A

Malware Config

Signatures

Files

64158ef5a79e9da2914415bdbf795ae523af9185e6f17a958f29343eaae184ca
.exe windows x86

82163db11ab9f31f9eba99746a0cebe6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadConsoleA
GetLongPathNameA
GetAtomNameA
QueryDosDeviceW
GetProcessId
lstrcmpA
GetVersionExA
WriteConsoleA
GetProcAddress
SetCurrentDirectoryA
lstrcpynA
lstrcmpA
GetCurrentProcess
GetCurrentDirectoryA
GetPrivateProfileIntA
SetFilePointer
GetProcessHeap
GetStringTypeA
GetNumberFormatW
GetFullPathNameW
GetFullPathNameA
GetDateFormatA
TlsGetValue
GetSystemTimeAsFileTime
DeviceIoControl
GetConsoleTitleA
WaitForSingleObject
HeapValidate
CloseHandle
SetEnvironmentVariableW
GetGeoInfoA
UpdateResourceA
FindResourceA
GetModuleHandleA
CompareStringA
GetEnvironmentVariableW
GetComputerNameA
ReadFile
GetTickCount
GetTimeFormatA

rsaenh

CPDecrypt
CPDeriveKey
CPEncrypt
CPCreateHash
CPGenKey

shlwapi

PathCommonPrefixA
PathCompactPathA
UrlCanonicalizeA
UrlIsOpaqueA
UrlCompareA
UrlEscapeA
UrlHashA
UrlGetLocationA
UrlIsNoHistoryW
UrlCreateFromPathA
UrlGetPartA

ctl3d32

Ctl3dGetVer
Ctl3dCtlColor

user32

GetWindow
FindWindowExA
MessageBoxA
IsZoomed
IsDialogMessageA
wsprintfA
LoadCursorA
GetCaretPos
GetMessageA
LoadImageA
FindWindowExA
DispatchMessageA
CreateWindowExA
GetWindowLongA
PeekMessageA
CharToOemA
FindWindowExA
DrawIcon
IsWindow
SetCursorPos

wtsapi32

WTSLogoffSession
WTSSendMessageA
WTSQuerySessionInformationA
WTSRegisterSessionNotification
WTSVirtualChannelPurgeInput
WTSUnRegisterSessionNotification
WTSSetSessionInformationW
WTSQueryUserToken
WTSVirtualChannelQuery
WTSVirtualChannelRead
WTSVirtualChannelWrite
WTSVirtualChannelOpen
WTSWaitSystemEvent
WTSFreeMemory
WTSEnumerateSessionsW
WTSVirtualChannelClose

advapi32

OpenServiceA
RegEnumKeyA
IsValidSecurityDescriptor
ClearEventLogA
ControlService
RegSaveKeyA
CreateServiceA
RegOpenKeyExA
RegFlushKey
RegCloseKey
IsValidSid
IsValidAcl
RegDeleteKeyA
RegDeleteValueA
RegCreateKeyA

Sections

.text
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

82163db11ab9f31f9eba99746a0cebe6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

rsaenh

shlwapi

ctl3d32

user32

wtsapi32

advapi32

Sections

.text Size: 82KB - Virtual size: 81KB

.data Size: 1.5MB - Virtual size: 1.5MB

.rsrc Size: 25KB - Virtual size: 24KB

.text
Size: 82KB - Virtual size: 81KB

.data
Size: 1.5MB - Virtual size: 1.5MB

.rsrc
Size: 25KB - Virtual size: 24KB