45d6fdc04182f4a4a6b15c42485196c0b71fca28038fa6b53db1de5af481e929

Sharing

Copy URL Twitter E-mail

General

Target

45d6fdc04182f4a4a6b15c42485196c0b71fca28038fa6b53db1de5af481e929
Size

150KB
MD5

d757ca3ab719de995243022405abd23c
SHA1

9defa009e21663b9ce6b8ff1135a909c5c0c4548
SHA256

45d6fdc04182f4a4a6b15c42485196c0b71fca28038fa6b53db1de5af481e929
SHA512

30920ff96b43f6829df95615b4aca4c95fce1c490019129351596e019071b32f1c6b16375332d064b6bb1c8dfb696c4f1ab1f56f70e6cc763ad0866bf586355d
SSDEEP

3072:KwswRv2+H2Y/J5G3OJpuNcFsM+caPJBVe9hM5a1x121GxWdTrasFQ3a:KwXv2G/boOLycODciP09hMW21DZas+K

Score

N/A

Malware Config

Signatures

Files

45d6fdc04182f4a4a6b15c42485196c0b71fca28038fa6b53db1de5af481e929
.exe windows x86

d93b92b700368826ecf4a1dfc046b2b0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFindExtensionA

ole32

CoTaskMemFree
CoGetCallContext
CoImpersonateClient
StringFromGUID2
CoInitializeSecurity
CoTaskMemRealloc
CoDisconnectObject
StringFromIID
CoInitializeEx
CoGetClassObject
StringFromCLSID
CoUninitialize
CoCreateGuid
CoCreateInstance
CoRegisterClassObject
CoRevertToSelf
CoQueryProxyBlanket
CLSIDFromString
CoSetProxyBlanket
CoTaskMemAlloc
CoRevokeClassObject

kernel32

GetOEMCP
WriteProfileStringA
GetSystemTimeAsFileTime
RaiseException
LocalAlloc
GetCPInfo
FindResourceA
lstrcmpiA
SetLastError
TlsSetValue
TlsAlloc
HeapCreate
SetLastError
UnmapViewOfFile
LockResource
CreateFileA
SetErrorMode
RtlUnwind
FormatMessageA
VirtualQuery
Sleep
LocalSize
VirtualProtect
WideCharToMultiByte
LCMapStringW
FreeEnvironmentStringsA
GetFileAttributesA
GetPrivateProfileIntA
InterlockedCompareExchange
GetPrivateProfileSectionNamesA
SetHandleCount
GetACP
GetProcessTimes
FindClose
InitializeCriticalSection
lstrcpyA
InterlockedExchange
lstrlenW
HeapDestroy
GetStringTypeW
CreateDirectoryA
ReleaseMutex
GetTickCount
CompareStringA
TlsFree
CreateEventA
SetFilePointer
FlushFileBuffers
IsBadReadPtr
GetCurrentProcess
ClearCommError
TerminateThread
LeaveCriticalSection
lstrcpynA
GetFileType
CompareStringW
GetPrivateProfileSectionA
FindResourceExA
TerminateProcess
HeapAlloc
ExitProcess
InterlockedDecrement
GetStdHandle
EnterCriticalSection
ReadFile
CreateProcessA
DeleteCriticalSection
GetVersionExA
GetSystemDirectoryA
SetUnhandledExceptionFilter
EnumResourceNamesW
FindFirstFileA
GetCommandLineA
HeapReAlloc
GetSystemInfo
GetProfileStringA
IsDBCSLeadByte
QueryPerformanceCounter
ReadProcessMemory
GetPrivateProfileStringA
GetVersion
TlsGetValue
LoadLibraryExA
SetStdHandle
LoadLibraryA
CloseHandle
lstrcatA
VirtualAlloc
LoadLibraryW
WaitForSingleObject
OpenProcess
GetThreadLocale
CreateMutexA
WriteFile
DuplicateHandle
WritePrivateProfileStringA
GetExitCodeProcess
FreeEnvironmentStringsW
IsBadWritePtr
GetModuleHandleW
GetEnvironmentStringsW
HeapSize
ExitProcess
VirtualFree
MultiByteToWideChar
GetComputerNameA
CreateProcessW
FreeLibrary
GetModuleHandleA
CreateFileMappingA
GetStringTypeA
GetCurrentProcessId
GetProcAddress
CreateThread
GetModuleFileNameA
GetCurrentThread
LoadResource
LCMapStringA
MapViewOfFile
InterlockedIncrement
GetLocaleInfoA
lstrlenA
LocalFree
SetEvent
GetCurrentThreadId
SetEndOfFile
GetEnvironmentStrings
IsBadCodePtr
UnhandledExceptionFilter
GetLastError
SetEnvironmentVariableA
SizeofResource
GetModuleFileNameW
GetProcessHeap
GetStartupInfoA
HeapFree

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

advapi32

InitializeSid
SetSecurityDescriptorDacl
GetAce
GetSecurityDescriptorLength
OpenProcessToken
AddAce
AllocateAndInitializeSid
GetSecurityDescriptorControl
RegSetKeySecurity
AddAccessDeniedAce
RegConnectRegistryA
LookupAccountNameA
IsValidSid
DuplicateToken
OpenServiceA
RegOpenKeyExA
RegCreateKeyExA
GetTokenInformation
MakeSelfRelativeSD
SetThreadToken
QueryServiceStatus
LookupPrivilegeValueA
SetSecurityDescriptorSacl
RegEnumKeyExA
RegQueryValueExA
LookupAccountSidA
DeregisterEventSource
RegisterServiceCtrlHandlerA
GetSecurityDescriptorDacl
SetSecurityDescriptorOwner
GetSidLengthRequired
GetSecurityDescriptorGroup
OpenThreadToken
SetSecurityDescriptorGroup
SetServiceStatus
GetSecurityDescriptorOwner
RegEnumKeyA
RegSetValueExA
StartServiceCtrlDispatcherA
DeleteService
RegCloseKey
RegisterEventSourceA
CopySid
PrivilegeCheck
DuplicateTokenEx
AddAccessAllowedAce
LookupAccountSidW
EqualSid
OpenSCManagerA
RegDeleteValueA
RegDeleteKeyA
ReportEventA
GetLengthSid
GetSecurityDescriptorSacl
AccessCheck
GetAclInformation
AdjustTokenPrivileges
ControlService
FreeSid
RegQueryInfoKeyA
ChangeServiceConfigA
GetUserNameA
InitializeSecurityDescriptor
MakeAbsoluteSD
CloseServiceHandle
IsValidSecurityDescriptor
RegCreateKeyA
RegQueryValueExW
GetSidSubAuthority
RegEnumValueA
CreateServiceA
InitializeAcl
RegOpenKeyExW

rpcrt4

RpcStringBindingComposeA
NdrClientCall
RpcBindingSetAuthInfoA
RpcBindingFromStringBindingA
RpcStringFreeA

user32

GetWindowTextA
GetMessageA
wsprintfW
PeekMessageA
EnumWindows
DispatchMessageA
LoadStringA
PostThreadMessageA
IsWindowVisible
GetWindowThreadProcessId
SetTimer
MessageBoxA
CharUpperA
CharNextA
KillTimer
wsprintfA

Sections

.text
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rscr
Size: 512B - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d93b92b700368826ecf4a1dfc046b2b0

Headers

File Characteristics

Imports

shlwapi

ole32

kernel32

version

advapi32

rpcrt4

user32

Sections

.text Size: 97KB - Virtual size: 96KB

.rdata Size: 7KB - Virtual size: 6KB

.data Size: 44KB - Virtual size: 44KB

.rscr Size: 512B - Virtual size: 92KB

.text
Size: 97KB - Virtual size: 96KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 44KB - Virtual size: 44KB

.rscr
Size: 512B - Virtual size: 92KB