ad885a16bdd3e1c23cae866ef45debf43a091a713b885901749365a0302b04e4

Sharing

Copy URL Twitter E-mail

General

Target

ad885a16bdd3e1c23cae866ef45debf43a091a713b885901749365a0302b04e4
Size

159KB
MD5

9769912a83d29f4754e6357c63e81d20
SHA1

0c294faa1a08eb037223b5d5b84cf220cb3ec696
SHA256

ad885a16bdd3e1c23cae866ef45debf43a091a713b885901749365a0302b04e4
SHA512

59e3c6d0cdfba884491e27a9446dea97ecebd4fef2e5fbd57bc47b05980baf1d2270c0f5925516bb5d8327cfeaf5b8e2b19ae1f1fcc9f6a837a9f7a7b015bdc4
SSDEEP

3072:+JjPoAuAchx59NBQ72Ep1X5QdKVTokBX75EACFPX+lbs2h:+BoDrPN4HpQdKVTpBXHM/Er

Score

N/A

Malware Config

Signatures

Files

ad885a16bdd3e1c23cae866ef45debf43a091a713b885901749365a0302b04e4
.exe windows x86

4a69ae57126efdb3c2673664d14331d3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

DefWindowProcW
PostThreadMessageW
GetMessageW
RegisterRawInputDevices
PeekMessageW
CreateWindowExW
RegisterClassW
DestroyWindow
MapVirtualKeyW
GetKeyNameTextW
GetAsyncKeyState
GetWindowThreadProcessId
FindWindowExW
SetWindowLongW
GetWindowLongW

kernel32

GetLastError
GetCurrentProcess
CloseHandle
RaiseException
LocalFree
ResetEvent
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentThreadId
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
GetSystemTimeAsFileTime
Sleep
InitializeSListHead
TrySubmitThreadpoolCallback
InterlockedPushEntrySList
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
OpenProcess
K32GetProcessImageFileNameW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
OutputDebugStringW
EnterCriticalSection
FindFirstFileW
FindNextFileW
DeleteFileW
GetSystemTime
CreateFile2
WriteFile
QueryPerformanceCounter
LeaveCriticalSection
GetModuleFileNameA
CreateSemaphoreExW
HeapFree
SetLastError
ReleaseSemaphore
GetModuleHandleExW
WaitForSingleObject
ReleaseMutex
FormatMessageW
WaitForSingleObjectEx
OpenSemaphoreW
HeapAlloc
GetProcAddress
CreateMutexExW
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
SetEvent
MultiByteToWideChar

api-ms-win-core-winrt-string-l1-1-0

WindowsPromoteStringBuffer
WindowsGetStringRawBuffer
WindowsPreallocateStringBuffer
WindowsCreateString
WindowsDeleteString
WindowsDeleteStringBuffer
WindowsCreateStringReference

advapi32

EventUnregister
EventWriteTransfer
EventRegister
EventSetInformation
ConvertSidToStringSidW
GetTokenInformation
OpenProcessToken

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoInitialize

ole32

CoTaskMemAlloc
CoCreateFreeThreadedMarshaler
CoGetObjectContext
RoGetAgileReference
CoCreateInstance
CoGetApartmentType
CoIncrementMTAUsage

msvcp140

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@G@Z
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
_Mtx_destroy_in_situ
_Mtx_init_in_situ
_Cnd_init_in_situ
_Cnd_destroy_in_situ
_Mtx_lock
?_Throw_C_error@std@@YAXH@Z
_Mtx_unlock
_Cnd_wait
_Cnd_broadcast
?_Xout_of_range@std@@YAXPBD@Z
?_Xinvalid_argument@std@@YAXPBD@Z
?__ExceptionPtrAssign@@YAXPAXPBX@Z
?__ExceptionPtrDestroy@@YAXPAX@Z
?__ExceptionPtrCopy@@YAXPAXPBX@Z
?__ExceptionPtrCurrentException@@YAXPAX@Z
?__ExceptionPtrCreate@@YAXPAX@Z
?__ExceptionPtrRethrow@@YAXPBX@Z
?__ExceptionPtrCopyException@@YAXPAXPBX1@Z
?_Xlength_error@std@@YAXPBD@Z
_Cnd_timedwait
?_Throw_Cpp_error@std@@YAXH@Z
_Mtx_current_owns
_Xtime_get_ticks
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?uncaught_exception@std@@YA_NXZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ

vcruntime140

memmove
memset
__current_exception_context
__CxxFrameHandler3
__std_terminate
__std_exception_copy
__std_exception_destroy
_except_handler4_common
memcpy
_CxxThrowException
_purecall
__current_exception

api-ms-win-crt-string-l1-1-0

_wcsicmp
iswspace

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
terminate
_invalid_parameter_noinfo
_controlfp_s
_register_thread_local_exe_atexit_callback
_c_exit
_exit
exit
_initterm_e
_initterm
_get_wide_winmain_command_line
_initialize_wide_environment
_configure_wide_argv
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_errno

api-ms-win-crt-convert-l1-1-0

wcstol
wcstoul

api-ms-win-crt-stdio-l1-1-0

__p__commode
__stdio_common_vswprintf_s
__stdio_common_vsnprintf_s
_set_fmode
__stdio_common_vswprintf

api-ms-win-crt-time-l1-1-0

_localtime64_s

api-ms-win-crt-heap-l1-1-0

free
_callnewh
_set_new_mode
malloc

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

oleaut32

SysFreeString
SysStringLen
GetErrorInfo

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
RoFailFastWithErrorContext
SetRestrictedErrorInfo
GetRestrictedErrorInfo

api-ms-win-core-winrt-error-l1-1-1

RoOriginateLanguageException

Sections

.text
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4a69ae57126efdb3c2673664d14331d3

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

api-ms-win-core-winrt-string-l1-1-0

advapi32

api-ms-win-core-winrt-l1-1-0

ole32

msvcp140

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

oleaut32

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-winrt-error-l1-1-1

Sections

.text Size: 89KB - Virtual size: 89KB

.rdata Size: 38KB - Virtual size: 37KB

.data Size: 21KB - Virtual size: 22KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 89KB - Virtual size: 89KB

.rdata
Size: 38KB - Virtual size: 37KB

.data
Size: 21KB - Virtual size: 22KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 8KB