f860bb42c1aaf8f4fbe4566a993a8b3db1d85a825f0b66bb93fbfb0f13ec2af6

Sharing

Copy URL Twitter E-mail

General

Target

f860bb42c1aaf8f4fbe4566a993a8b3db1d85a825f0b66bb93fbfb0f13ec2af6
Size

1.1MB
MD5

54bdaacb398db9795fb88a9f296821bc
SHA1

7f3feaa845e2b9a1c5fa1a6f5342a4795e0c23a4
SHA256

f860bb42c1aaf8f4fbe4566a993a8b3db1d85a825f0b66bb93fbfb0f13ec2af6
SHA512

9676ed456e523606370ccb5001fc3c4024bba2ca69c399b176207e7943a2421253ff8854203e5f5a04dfeecad85f6fbe3f9eec7d1597a20bd2685515b07080af
SSDEEP

12288:niRQebZspIhFC/IBbT1IK0OmVB93BLkprMFySPeBbGzQIk1:n2jZswFCEZJoBlJkprMFrPedGzo1

Score

N/A

Malware Config

Signatures

Files

f860bb42c1aaf8f4fbe4566a993a8b3db1d85a825f0b66bb93fbfb0f13ec2af6
.exe windows x86

dc70c897df6aef54c2681d49186a5968

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetDateFormatW
GetConsoleOutputCP
ContinueDebugEvent
GetFileAttributesExW
GetExitCodeThread
FindVolumeClose
SetThreadIdealProcessor
CompareStringW
ReleaseMutex
ReadProcessMemory
CreateHardLinkA
GetVersion
GlobalSize
GetFileTime
GetDateFormatA
GetConsoleScreenBufferInfo
FreeEnvironmentStringsW
GetFullPathNameA
IsBadReadPtr
GetConsoleAliasExesA
DefineDosDeviceW
Toolhelp32ReadProcessMemory
OpenWaitableTimerW
DeleteTimerQueueTimer
SetThreadExecutionState
GetShortPathNameA
GetNumberFormatW
GlobalLock
DuplicateHandle
OpenFileMappingW
GetPriorityClass
CompareFileTime
GetDriveTypeW
GetCompressedFileSizeA
OpenMutexA
GetDiskFreeSpaceExW
MapViewOfFile
GetMailslotInfo
GetPrivateProfileStructA
ConvertDefaultLocale
GetProfileSectionA
GetStartupInfoA
CreateEventA
SetWaitableTimer
lstrcmpiA
HeapSetInformation
GetDiskFreeSpaceExA
SetTapeParameters
TlsAlloc
GetUserDefaultLangID
GetCommandLineW
SetProcessAffinityMask
DeleteTimerQueue
TlsSetValue
IsProcessorFeaturePresent
FindFirstFileW
GetNumberOfConsoleInputEvents
GetDriveTypeA
QueryPerformanceFrequency
SetThreadContext
CopyFileExA
OpenEventW
VerifyVersionInfoW
GetConsoleCursorInfo
DeleteTimerQueueEx
ReplaceFileA
SetConsoleTextAttribute
GetSystemDirectoryW
QueryDosDeviceW
DeviceIoControl
LoadLibraryExA
GetPrivateProfileIntW
SetSystemTimeAdjustment
SetLocaleInfoW
GetEnvironmentStringsW
GetConsoleAliasA
GetEnvironmentStrings
GetConsoleMode
GetConsoleAliasExesLengthA
CreateTapePartition
FlushViewOfFile
GetLocaleInfoA
GetLogicalDriveStringsA
EnumCalendarInfoW
GetBinaryTypeW
GetTapeStatus
GetAtomNameW
MultiByteToWideChar
HeapReAlloc
HeapAlloc
HeapSize
RtlUnwind
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
Sleep
HeapFree
GetCurrentProcess
GetStringTypeW
TerminateProcess
IsDebuggerPresent
UnhandledExceptionFilter
LoadLibraryW
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
HeapCreate
InterlockedDecrement
GetLastError
GetCurrentThreadId
SetLastError
InterlockedIncrement
TlsFree
TlsGetValue
EncodePointer
DeleteCriticalSection
GetStartupInfoW
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
WideCharToMultiByte
GetVolumeInformationA
GetThreadTimes
GetSystemTime
FindResourceA
FindResourceExA
CreateMutexA
SetFileTime
GetCurrencyFormatW
ProcessIdToSessionId
ReadFile
CreateSemaphoreW
GetCurrentDirectoryA
GetUserDefaultUILanguage
CreateDirectoryExA
OpenWaitableTimerA
CreateEventW
GetFileAttributesA
ReleaseSemaphore
SetCurrentDirectoryW
GetCalendarInfoA
GetPrivateProfileSectionW
FreeConsole
FlushConsoleInputBuffer
FlushFileBuffers
OpenJobObjectW
GetSystemDefaultLangID
GetCPInfoExW
SetThreadAffinityMask
IsDBCSLeadByteEx
OpenSemaphoreW
SetTapePosition
VirtualAlloc
CreateIoCompletionPort
CopyFileW
OpenThread
LCMapStringW
GetPrivateProfileStringW
GetModuleFileNameA
GetModuleFileNameW
GetStdHandle
WriteFile
DecodePointer
ExitProcess
GetModuleHandleW
SetUnhandledExceptionFilter
GetCommandLineA

rpcrt4

NdrOleFree
RpcMgmtSetComTimeout
NdrFullPointerXlatInit
RpcBindingSetAuthInfoExW
NdrConformantArrayBufferSize
NdrPointerUnmarshall
RpcMgmtInqServerPrincNameW
UuidToStringA
RpcServerRegisterAuthInfoA
NdrUserMarshalBufferSize
NdrSimpleStructBufferSize
RpcServerRegisterAuthInfoW
RpcSsDestroyClientContext
RpcServerListen
RpcBindingFromStringBindingW
RpcCertGeneratePrincipalNameW
NdrDcomAsyncClientCall
RpcBindingSetObject
RpcMgmtEpEltInqDone

user32

AppendMenuW
GetClassNameW
SystemParametersInfoA
SetFocus
GetAltTabInfoA
DefWindowProcA
GetDialogBaseUnits
FindWindowW
SendDlgItemMessageW
IsDialogMessageW
GetClassNameA
DeleteMenu
RegisterClipboardFormatA
AllowSetForegroundWindow
GetDCEx
CreateDialogParamW
EqualRect
SendDlgItemMessageA
CharNextW
EnableMenuItem
TranslateAcceleratorW
BeginDeferWindowPos
SendNotifyMessageW
wsprintfA

advapi32

AreAllAccessesGranted
GetSidSubAuthorityCount
GetTokenInformation
RegSetValueExW
GetKernelObjectSecurity
AddAuditAccessAce
RegQueryInfoKeyA
GetSidLengthRequired
InitializeAcl
RegCreateKeyW
GetCurrentHwProfileW
RegQueryMultipleValuesA
CreateWellKnownSid
RegQueryValueExA
RegSetValueW
RegNotifyChangeKeyValue
AddAccessDeniedAce
GetSidIdentifierAuthority
RegQueryMultipleValuesW
StartServiceW
GetSecurityDescriptorOwner
IsValidSid
RegDeleteKeyA
CryptCreateHash
RegCreateKeyExW
AddAccessAllowedAce
SetTokenInformation
RegSetValueA
GetCurrentHwProfileA
SetKernelObjectSecurity
GetSidSubAuthority
RegSetKeySecurity
AreAnyAccessesGranted
RegSetValueExA
InitializeSecurityDescriptor
RegCreateKeyExA

shell32

SHGetDesktopFolder
SHBindToParent
ShellExecuteW
SHGetMalloc
SHBrowseForFolderW
SHGetSpecialFolderPathW
SHChangeNotify
ShellExecuteExW
CommandLineToArgvW
SHGetFolderPathW
SHGetFileInfoW
SHGetSpecialFolderLocation
SHFileOperationW

Sections

.text
Size: 673KB - Virtual size: 673KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 117KB - Virtual size: 277KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bdata
Size: 146KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dc70c897df6aef54c2681d49186a5968

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

rpcrt4

user32

advapi32

shell32

Sections

.text Size: 673KB - Virtual size: 673KB

.rdata Size: 123KB - Virtual size: 122KB

.data Size: 117KB - Virtual size: 277KB

.aspack Size: 10KB - Virtual size: 10KB

.bdata Size: 146KB - Virtual size: 145KB

.rsrc Size: 44KB - Virtual size: 44KB

.text
Size: 673KB - Virtual size: 673KB

.rdata
Size: 123KB - Virtual size: 122KB

.data
Size: 117KB - Virtual size: 277KB

.aspack
Size: 10KB - Virtual size: 10KB

.bdata
Size: 146KB - Virtual size: 145KB

.rsrc
Size: 44KB - Virtual size: 44KB