be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f

Sharing

Copy URL

Twitter E-mail

General

Target

be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f
Size

368KB
MD5

7c85af1bb045327fec93d1c0e09b3c41
SHA1

ae0b173214b5c9f433882abbde0f18d5d30bd6aa
SHA256

be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f
SHA512

999877c498e22a9052eea55d750529e094ed39406334a9623bedd5bf242a5b23d665a96cc01ddb8e0c3c24c8652d129537f6951e6a518f9ab601d672d145d51c
SSDEEP

6144:R+wP3nzyl/uNRjhR7uRB7WSh5a2sBV34:Wlm/jhduXWSh5hEV4

Score

N/A

Malware Config

Signatures

Files

be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f
.exe windows x86

876462491a90458b4a726d9305aff8b3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

iswalnum
strstr
strchr
memmove
malloc
_itow
_wtol
strncpy
iswalpha
_wtoi
_vsnprintf
_wcsicmp
wcslen
??3@YAXPAX@Z
??2@YAPAXI@Z
wcsstr
wcsrchr
_wcslwr
_wcsupr
strncat
wcsncmp
_wcsnicmp
wcschr
wcscmp
mbstowcs
free
wcsncat
wcsncpy
swscanf
_onexit
__dllonexit
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
_vsnwprintf

advapi32

RegCreateKeyExW
RegEnumKeyExW
RegEnumKeyExA
RegQueryValueExW
RegSetValueExW
RegSetValueExA
RegQueryInfoKeyW
RegQueryInfoKeyA
RegOpenKeyExW
RegDeleteValueW
RegDeleteValueA
RegDeleteKeyW
RegDeleteKeyA
RegEnumValueW
RegEnumValueA
RegEnumKeyW
RegEnumKeyA
RegCreateKeyExA
SetNamedSecurityInfoW
GetSecurityDescriptorControl
GetSecurityDescriptorDacl
RegCloseKey
RegOpenKeyExA
RegQueryValueExA

kernel32

CreateProcessW
CreateProcessA
GetShortPathNameW
GetShortPathNameA
GetWindowsDirectoryW
GetCurrentThreadId
CreateFileMappingW
CreateFileMappingA
GetVersionExW
WritePrivateProfileStringW
WritePrivateProfileStringA
SetFileAttributesW
SetFileAttributesA
IsBadWritePtr
MoveFileW
MoveFileA
MoveFileExW
MoveFileExA
LoadLibraryExW
LoadLibraryExA
LoadLibraryA
GetTempPathW
GetTempPathA
GetPrivateProfileStringW
GetPrivateProfileStringA
lstrcpynW
GetModuleHandleW
GetFileAttributesW
GetCurrentDirectoryW
GetCurrentDirectoryA
FindNextFileW
FindNextFileA
FindFirstFileW
FindFirstFileA
GetProfileStringA
GetProfileStringW
GetSystemDirectoryA
ExpandEnvironmentStringsW
ExpandEnvironmentStringsA
DeleteFileW
DeleteFileA
CreateFileW
CreateDirectoryW
CopyFileW
CopyFileA
lstrlenW
MultiByteToWideChar
WideCharToMultiByte
WriteFile
MapViewOfFile
UnmapViewOfFile
GetTickCount
QueryPerformanceCounter
FreeLibrary
FindClose
GetSystemTimeAsFileTime
FileTimeToSystemTime
GetLastError
GetModuleHandleA
GetProcAddress
SetLastError
LocalFree
GetSystemDirectoryW
RemoveDirectoryA
RemoveDirectoryW
SetCurrentDirectoryA
SetCurrentDirectoryW
WriteProfileStringA
WriteProfileStringW
GetStartupInfoA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
LoadLibraryW
GetCurrentProcessId
CloseHandle
GetFileAttributesA
GetVersionExA
GetTimeZoneInformation
GetFileTime
GetExitCodeProcess
WaitForMultipleObjects
GetCommandLineW
GetFileSize
CreateFileA
GetWindowsDirectoryA
CreateDirectoryA
SetEndOfFile
SetFilePointer

ole32

CoCreateGuid
CoUninitialize
CoInitialize
OleUninitialize
OleInitialize
CoCreateInstance
StringFromGUID2

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime

shell32

SHGetSpecialFolderLocation
SHChangeNotify
SHGetPathFromIDListA
ShellExecuteA
ShellExecuteW
SHGetSpecialFolderPathA
SHGetMalloc

shlwapi

PathRemoveBlanksW
PathAppendW
PathRemoveFileSpecW
PathIsDirectoryW

user32

LoadStringA
LoadStringW
PostMessageA
PostMessageW
RegisterWindowMessageA
SendMessageA
IsWindow
CharNextA

version

VerQueryValueW
GetFileVersionInfoSizeA
GetFileVersionInfoW
GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeW

Sections

.text
Size: 180KB - Virtual size: 178KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PACK
Size: 164KB - Virtual size: 420KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

876462491a90458b4a726d9305aff8b3

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

advapi32

kernel32

ole32

oleaut32

shell32

shlwapi

user32

version

Sections

.text Size: 180KB - Virtual size: 178KB

.data Size: 4KB - Virtual size: 13KB

.rsrc Size: 16KB - Virtual size: 12KB

PACK Size: 164KB - Virtual size: 420KB

.text
Size: 180KB - Virtual size: 178KB

.data
Size: 4KB - Virtual size: 13KB

.rsrc
Size: 16KB - Virtual size: 12KB

PACK
Size: 164KB - Virtual size: 420KB