40b44352ad4295d1e4823914ee15776d7017780c2ee2c831d2f497570e92453a

Sharing

Copy URL Twitter E-mail

General

Target

40b44352ad4295d1e4823914ee15776d7017780c2ee2c831d2f497570e92453a
Size

212KB
MD5

9c525b0a8f293ebb1edaf7be6962c98a
SHA1

62a9577774bb6738a23caed188669d96a0e9c6c7
SHA256

40b44352ad4295d1e4823914ee15776d7017780c2ee2c831d2f497570e92453a
SHA512

71f9f5f81048b5b188d93eb356b4721d30acaf21bf8951d7ff31df864cea853fc333fff911714a65f712b8c7ea63a9a8b5ae697318e7b7b29eee96c8bf771ed8
SSDEEP

3072:T8ELV6BlI3iTLNLi7I+rL+DA+mLolrZD+3Y6CtHRERPEzO:ZLV6BlpLC/CA/iZ/6QGRPT

Score

N/A

Malware Config

Signatures

Files

40b44352ad4295d1e4823914ee15776d7017780c2ee2c831d2f497570e92453a
.exe windows x86

f62c6c09dcb9b461435f82fbc84e4e70

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLocaleInfoW
GetTimeZoneInformation
WriteConsoleW
CreateFileA
WriteConsoleA
SetStdHandle
LoadLibraryA
CompareStringA
CompareStringW
SetEnvironmentVariableA
CreateNamedPipeW
ConnectNamedPipe
ReadFile
WriteFile
FlushFileBuffers
DisconnectNamedPipe
CreateFileW
GetCommandLineW
LocalFree
SetLastError
GetLastError
Sleep
GetSystemDirectoryW
CreateThread
GetCurrentProcess
GetConsoleOutputCP
CloseHandle
InterlockedExchange
FreeLibrary
SetConsoleCtrlHandler
RaiseException
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
HeapFree
GetCommandLineA
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
GetProcAddress
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
GetCurrentThread
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
VirtualAlloc
HeapReAlloc
ExitProcess
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
HeapSize
InitializeCriticalSection
InterlockedCompareExchange

shlwapi

PathFileExistsW
PathAppendW
PathAddBackslashW

shell32

CommandLineToArgvW
SHCreateDirectoryExW
SHGetFolderPathW

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsW

advapi32

RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
StartServiceCtrlDispatcherW
OpenServiceW
ControlService
QueryServiceStatus
DeleteService
OpenSCManagerW
CreateServiceW
CloseServiceHandle
RegisterServiceCtrlHandlerExW
SetServiceStatus
OpenProcessToken
DuplicateTokenEx
SetTokenInformation
CreateProcessAsUserW
RegDeleteValueW

rpcrt4

UuidToStringW
RpcStringFreeW

Sections

.text
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f62c6c09dcb9b461435f82fbc84e4e70

Headers

File Characteristics

Imports

kernel32

shlwapi

shell32

wtsapi32

advapi32

rpcrt4

Sections

.text Size: 148KB - Virtual size: 147KB

.rdata Size: 28KB - Virtual size: 24KB

.data Size: 8KB - Virtual size: 12KB

.rsrc Size: 24KB - Virtual size: 24KB

.text
Size: 148KB - Virtual size: 147KB

.rdata
Size: 28KB - Virtual size: 24KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 24KB - Virtual size: 24KB