11ede0c73e1da9878a804aa8e287c8d7ee8177b7eb1cb9b731605c397647cbe0

Sharing

Copy URL Twitter E-mail

General

Target

11ede0c73e1da9878a804aa8e287c8d7ee8177b7eb1cb9b731605c397647cbe0
Size

151KB
MD5

0d5af483de5c06856aac8e56b5a49717
SHA1

2126b943d2aa45ff199b6f51e28f528fad125b6e
SHA256

11ede0c73e1da9878a804aa8e287c8d7ee8177b7eb1cb9b731605c397647cbe0
SHA512

6abf9477991d36a017e85df9fa897280fefefb02c6a67de4bde73ece22d69418f3d56c388b6d19c111b175536c31bc75b3f7446b0529c219ff8b2f2f545e050f
SSDEEP

3072:OYPlglII7QfdVNXiA8WE/B26yMgdfpMGGE8idffWqUQjxO+ML9n72Ub6ikAV:OQgl2KGgUfVxOplehAV

Score

N/A

Malware Config

Signatures

Files

11ede0c73e1da9878a804aa8e287c8d7ee8177b7eb1cb9b731605c397647cbe0
.exe windows x86

d68a42057c7efe262e45937d0220c328

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnterCriticalSection
LeaveCriticalSection
ReleaseSemaphore
CreateThread
SetThreadAffinityMask
WaitForMultipleObjects
GetLogicalDriveStringsW
GetDriveTypeW
SetEvent
FindFirstFileW
FindNextFileW
FindClose
SetFileAttributesW
MoveFileWithProgressW
GetCurrentProcessId
OpenProcess
TerminateProcess
GetLastError
CreateFileW
GetFileSizeEx
ReadFile
SetFilePointerEx
WriteFile
SetFilePointer
WaitForSingleObject
lstrcpyA
CreateFileA
FlushFileBuffers
GetCurrentThreadId
lstrlenA
CreateToolhelp32Snapshot
Process32FirstW
lstrcpyW
lstrlenW
lstrcmpiW
Process32NextW
Sleep
GetNativeSystemInfo
DecodePointer
HeapReAlloc
HeapSize
GetProcessHeap
HeapAlloc
HeapFree
GetTickCount
GetSystemInfo
CreateEventA
DeleteCriticalSection
CloseHandle
CreateSemaphoreA
WideCharToMultiByte
InitializeCriticalSection
WriteConsoleW
GetConsoleMode
GetConsoleOutputCP
GetStringTypeW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
MultiByteToWideChar
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwind
RaiseException
SetLastError
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
QueryPerformanceFrequency
GetStdHandle
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
GetFileType
CompareStringW
LCMapStringW

user32

wsprintfW
wsprintfA

advapi32

OpenServiceW
OpenSCManagerA
CloseServiceHandle
QueryServiceStatusEx
ControlService
OpenServiceA
EnumDependentServicesA
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW

shell32

SHGetSpecialFolderPathA

ole32

CoCreateInstance
CoInitializeEx
CoInitializeSecurity
CoUninitialize
CoSetProxyBlanket

oleaut32

VariantInit
VariantClear
SysAllocString

rstrtmgr

RmRegisterResources
RmGetList
RmEndSession
RmStartSession

Sections

.text
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 38KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d68a42057c7efe262e45937d0220c328

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

rstrtmgr

Sections

.text Size: 81KB - Virtual size: 80KB

.rdata Size: 26KB - Virtual size: 26KB

.data Size: 38KB - Virtual size: 66KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 81KB - Virtual size: 80KB

.rdata
Size: 26KB - Virtual size: 26KB

.data
Size: 38KB - Virtual size: 66KB

.reloc
Size: 4KB - Virtual size: 4KB