efbc3430ed0b7e72e89eefb67cc98cf79dac38177acff3eaf0e33e8c0ea4c47b

Sharing

Copy URL Twitter E-mail

General

Target

efbc3430ed0b7e72e89eefb67cc98cf79dac38177acff3eaf0e33e8c0ea4c47b
Size

85KB
MD5

2dbaa49d3c3067737bbf4e1969b4e629
SHA1

ad5b7bc344fc187a283cafae8329ae9ffef4a46a
SHA256

efbc3430ed0b7e72e89eefb67cc98cf79dac38177acff3eaf0e33e8c0ea4c47b
SHA512

54e60d497e4d98c423ed360f34cbf4dda6385463c4bc5cb22990940fb4426063dd69a21ac2f29be035829686964daea61cb0cda4cad1c370d95dc95b9bd592bf
SSDEEP

1536:N5h3fdgx3UupSnRzBVwYF7kBWxilbaJ/9IMr3+66K2/IzLkzuhhXpn:zhPOx54zBVnvxGaJ/x3+b/IzLkzuhxpn

Score

N/A

Malware Config

Signatures

Files

efbc3430ed0b7e72e89eefb67cc98cf79dac38177acff3eaf0e33e8c0ea4c47b
.exe windows x86

192d8484140d7f9e6d9902e8f63233e8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

RegisterClassW
SetCapture
PostMessageW
DestroyIcon
OpenClipboard
LoadIconA
SetActiveWindow
RegisterClassA
ScrollWindowEx
LockSetForegroundWindow
GetCapture

kernel32

HeapDestroy
LocalFree
CreateFileW
RaiseException
GlobalFree
QueryPerformanceCounter
FormatMessageW
SizeofResource
GetACP
GetTickCount
FindFirstFileW
WideCharToMultiByte
TerminateProcess
HeapAlloc
GetSystemInfo
FreeLibrary
SetLastError
ExitProcess
DeleteFileW
GetSystemTimeAsFileTime
Sleep
CreateThread
LocalAlloc
InterlockedCompareExchange
InterlockedExchange
GetStringTypeW
GetCurrentProcess
GetConsoleMode
SetFilePointer
GetFileAttributesA
WriteConsoleW
FindClose
SetEndOfFile
LoadLibraryA
IsDebuggerPresent
WaitForSingleObject
GetModuleFileNameW
TryEnterCriticalSection
SetEvent
LCMapStringW
CreateEventA
SetErrorMode
MultiByteToWideChar
lstrlenW
HeapFree
GetModuleHandleW
SetHandleCount
GetEnvironmentStringsW
GetStdHandle
CreateFileA
HeapSize
HeapCreate
FindNextFileW
GetCurrentProcessId
LoadLibraryW
GetStartupInfoA
SetFilePointerEx
CreateEventW
GetVersionExA
TlsFree
GetExitCodeProcess
GlobalAlloc
GetConsoleOutputCP
InterlockedIncrement
SetStdHandle
WriteFile
WaitForSingleObjectEx
GetOEMCP
LeaveCriticalSection
FindCloseChangeNotification
GetCurrentThreadId
EnterCriticalSection
GetFileAttributesW
LoadLibraryExW
SetUnhandledExceptionFilter
GetLocaleInfoA
FindFirstFileA
FreeLibraryAndExitThread
GetFileSize
LoadResource
GetFileSizeEx
GetCommandLineW
GetModuleFileNameA
GetStartupInfoW
FreeEnvironmentStringsW
CloseHandle
LockResource
InitializeCriticalSection
ReadFile
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
lstrlenA
GetProcAddress
GetModuleHandleA
GetLastError
InterlockedDecrement
GetVersionExW

gdi32

OffsetRgn
CreateFontIndirectW
FrameRgn
CreatePolygonRgn
GetRgnBox
CreateSolidBrush
CreateDCA
CreateRectRgn

setupapi

SetupOpenAppendInfFileA

advapi32

ControlService
DuplicateToken
CloseEventLog
RegRestoreKeyA
RegNotifyChangeKeyValue
InitiateSystemShutdownA
OpenEventLogW
RegSetValueExA
OpenSCManagerA
RegCreateKeyExA
RegCreateKeyA
RegCreateKeyExW
RegDeleteKeyW
OpenEncryptedFileRawW
GetNumberOfEventLogRecords
QueryServiceStatus
ImpersonateSelf
EnumServicesStatusA
RegEnumKeyExW
ReadEventLogW
OpenThreadToken
GetTokenInformation
RegOpenKeyExA
CreateProcessAsUserA
DeregisterEventSource
OpenServiceA
GetFileSecurityA
BackupEventLogA
OpenServiceW
AdjustTokenPrivileges
DuplicateTokenEx
OpenProcessToken
CloseServiceHandle
RegConnectRegistryA
LookupPrivilegeValueA
RegEnumValueA
RegFlushKey
RegEnumKeyExA
OpenSCManagerW
IsValidSid
RegQueryValueExA
RegDeleteValueA
RegCloseKey
RegGetKeySecurity
GetUserNameA
GetUserNameW
RegDeleteKeyA
RegQueryInfoKeyA
RegSetKeySecurity

msvcrt

_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
__dllonexit
_onexit
exit
_exit
_XcptFilter

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

192d8484140d7f9e6d9902e8f63233e8

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

gdi32

setupapi

advapi32

msvcrt

Sections

.text Size: 15KB - Virtual size: 14KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 48KB - Virtual size: 113KB

.rsrc Size: 16KB - Virtual size: 15KB

.text
Size: 15KB - Virtual size: 14KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 48KB - Virtual size: 113KB

.rsrc
Size: 16KB - Virtual size: 15KB