c61a217df9f2138575ed4cf22e755b576c48029453d9687f69aa81998f448650

Sharing

Copy URL Twitter E-mail

General

Target

c61a217df9f2138575ed4cf22e755b576c48029453d9687f69aa81998f448650
Size

178KB
MD5

7b18d3f798f244ebabea52a50a0c7daa
SHA1

3a5e9eca25876baa54686ccc522346b8c579f3f3
SHA256

c61a217df9f2138575ed4cf22e755b576c48029453d9687f69aa81998f448650
SHA512

b016e1b066404354c5f7057f7e2fcaa8380319075849641152151fae7bff6a23ba2b686628d118c3a642a0f194bd70e3c7822f70df2941cb7d35f10032d30070
SSDEEP

3072:whB9hlJX4ufpZw0RgtEMNBoy4BMBT21dtSpXhAj/WfUJnuPlmiGL+GuI5IfQ97:wh/99ZrRgt3yyYMBaHcXgufUJuUcPo97

Score

N/A

Malware Config

Signatures

Files

c61a217df9f2138575ed4cf22e755b576c48029453d9687f69aa81998f448650
.exe windows x86

ff891c25f3a088977755c00426a7cdfd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

shell32

ShellAboutA
SHGetDesktopFolder
ShellExecuteExA
FindExecutableW
SHAppBarMessage
SHInvokePrinterCommandW
ShellExecuteW
SHBrowseForFolder
DragAcceptFiles
ExtractIconW
SHGetPathFromIDListW
SHGetFolderPathA
DoEnvironmentSubstW
DuplicateIcon
SHBindToParent
RealShellExecuteW
ExtractAssociatedIconW
SHChangeNotify
SHGetFolderPathW
SHFileOperationW
ExtractAssociatedIconExW
SHGetFileInfoA

gdi32

GdiEntry2
SetStretchBltMode
FONTOBJ_cGetGlyphs
SelectFontLocal
MoveToEx
EngBitBlt
GetGraphicsMode
GdiEntry11
EngLoadModule
EngStretchBlt
CreateDIBPatternBrushPt
GetStringBitmapW
GdiQueryFonts
DeleteObject
GetEnhMetaFileHeader
CopyMetaFileW
GdiPlayJournal
SetRelAbs
GetPolyFillMode
GetBkMode
EngLineTo
EnumMetaFile
EngMarkBandingSurface
GetTextCharacterExtra
DPtoLP

kernel32

SetThreadAffinityMask
SetTapePosition
CreateMutexA
GetStringTypeExA
LCMapStringA
SetEndOfFile
SwitchToFiber
DeleteTimerQueueTimer
lstrlenA
EnumCalendarInfoExA
QueryInformationJobObject
VirtualAlloc
GetProcessHeap
Module32NextW
GetConsoleAliasExesLengthW
GlobalFindAtomA
GetCommModemStatus

advapi32

CryptDestroyKey
ObjectCloseAuditAlarmW
RevertToSelf
QueryServiceLockStatusA
RegLoadKeyA
ElfDeregisterEventSource
EnumServicesStatusA
RegQueryInfoKeyA
StartServiceCtrlDispatcherW
SetNamedSecurityInfoW
RegEnumValueW
RegQueryValueExW
I_ScSetServiceBitsW
OpenBackupEventLogW
SetSecurityDescriptorGroup
EnumDependentServicesW
DeregisterEventSource
RegQueryValueExA

Sections

.bss
Size: 69KB - Virtual size: 215KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ff891c25f3a088977755c00426a7cdfd

Headers

DLL Characteristics

File Characteristics

Imports

shell32

gdi32

kernel32

advapi32

Sections

.bss Size: 69KB - Virtual size: 215KB

.rdata Size: 47KB - Virtual size: 47KB

.text Size: 28KB - Virtual size: 27KB

.rsrc Size: 32KB - Virtual size: 31KB

.bss
Size: 69KB - Virtual size: 215KB

.rdata
Size: 47KB - Virtual size: 47KB

.text
Size: 28KB - Virtual size: 27KB

.rsrc
Size: 32KB - Virtual size: 31KB