70909fa296019e5e07131f71e60a8a523ea9fa4112c5c81316d90b4c5b5aed29

General

Target

70909fa296019e5e07131f71e60a8a523ea9fa4112c5c81316d90b4c5b5aed29
Size

72KB
MD5

7e885aac2eef6b37e81e8a70c1497c5e
SHA1

59bbb5e106d9037de7ba9375d0a41028a7a2df15
SHA256

70909fa296019e5e07131f71e60a8a523ea9fa4112c5c81316d90b4c5b5aed29
SHA512

85a12d7ae39978b8ab6b9f496488105648f0f876ace596249ac7d44cccfd9c21043c0afbbe889b6600ef7ca6668a2d0d8714e01f3c70f2c98a79af91f50e2be4
SSDEEP

1536:k7WWfo/28jbaO7rdz+RUoUftg0rhroEO3Qpfo6Qn9ns:1Ik2uR67eg+pfo6Qn9ns

Score

N/A

Malware Config

Signatures

Files

70909fa296019e5e07131f71e60a8a523ea9fa4112c5c81316d90b4c5b5aed29
.exe windows x86

a05f438d7775c161a16e44c6cc7823de

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wtsapi32

WTSEnumerateSessionsA
WTSVirtualChannelPurgeInput
WTSCloseServer
WTSEnumerateProcessesA
WTSLogoffSession
WTSSendMessageA
WTSSetUserConfigA
WTSOpenServerA
WTSQueryUserToken
WTSUnRegisterSessionNotification
WTSVirtualChannelRead

dhcpsapi

DhcpCreateOption
DhcpCreateClass
DhcpCreateSubnet
DhcpAddServer
DhcpDeleteClass

qutil

FreeSoH
FreeFixupInfo
AllocFixupInfo
AllocConnections
FreeConnections

kernel32

GetLogicalDriveStringsA
LoadLibraryA
FindFirstFileA
WriteConsoleW
SetEnvironmentVariableW
CompareStringA
GetDateFormatA
SetEnvironmentVariableW
FormatMessageA
CreateDirectoryA
GetCurrentDirectoryW
InitializeCriticalSection
FileTimeToSystemTime
GetEnvironmentVariableA
GetStartupInfoA
GetProcAddress
WaitForSingleObjectEx

user32

SetFocus
SetParent
DrawTextW
IsDialogMessageA
MessageBoxW
PeekMessageA
CharToOemA
IsCharUpperA
GetKeyNameTextA
LoadImageA
DefDlgProcA

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a05f438d7775c161a16e44c6cc7823de

Headers

File Characteristics

Imports

wtsapi32

dhcpsapi

qutil

kernel32

user32

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 36KB - Virtual size: 32KB

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 36KB - Virtual size: 32KB