a4632d8c64d98e2e4b70e1ca70e1c171d27079e7bb4a386cfb75a3d63c6d5778

Sharing

Copy URL Twitter E-mail

General

Target

a4632d8c64d98e2e4b70e1ca70e1c171d27079e7bb4a386cfb75a3d63c6d5778
Size

268KB
MD5

4b230fbc939a8e39ad8d149457d95551
SHA1

5c85ba92b81e79b5e7d7e88c69728d949c225a03
SHA256

a4632d8c64d98e2e4b70e1ca70e1c171d27079e7bb4a386cfb75a3d63c6d5778
SHA512

267305d53a9dda1c393570054e1122857dee0ce159f038b4f15ee3c512d1616fcc36e27c2d5a317a9d9fce422dcc6cbee5337115ff1d503909b22e08e261e07b
SSDEEP

6144:dLZ249Od7GkwQvQDWwzOgV4ZFWgYkwbUbYJ/:dLo4sJbvBPgGWgYBbUbYJ/

Score

N/A

Malware Config

Signatures

Files

a4632d8c64d98e2e4b70e1ca70e1c171d27079e7bb4a386cfb75a3d63c6d5778
.exe windows x86

a2e6ab0d0e5ccf23e4ec09d18c8f5b1d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
TerminateThread
Sleep
WaitForSingleObject
GetComputerNameA
GetProcessHeap
VirtualAlloc
VirtualProtect
GetProcessVersion
GetTickCount
GetLastError
FlushFileBuffers
GetCommandLineA
HeapAlloc
GetProcessHeaps
GetStartupInfoA
GlobalFree
GlobalAlloc
CreateThread
FreeLibrary
ExitProcess
GetCurrentDirectoryA
GetModuleHandleA
LoadLibraryA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
GetCPInfo
GetOEMCP
GetACP
VirtualQuery
InterlockedExchange
GetSystemInfo
WideCharToMultiByte
GetModuleFileNameA
GetSystemTimeAsFileTime
GetProcAddress
ExitThread
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
SetStdHandle
GetStdHandle
RtlUnwind
WriteFile
VirtualFree
HeapFree
HeapReAlloc
TerminateProcess
GetCurrentProcess
SetFilePointer

gdi32

GetTextMetricsA
TextOutA
SetTextColor
SetBkColor
GetTextExtentPoint32A

user32

BeginPaint
GetClientRect
PostQuitMessage
DefWindowProcA
GetSystemMetrics
GetDesktopWindow
GetDC
ReleaseDC
CreateCaret
ShowCaret
HideCaret
DestroyCaret
UnregisterHotKey
SetCaretPos
DrawTextA
SetRect
EndPaint
SendMessageA
GetKeyState
MessageBoxA
MessageBeep

advapi32

OpenEventLogA

winmm

timeBeginPeriod

winscard

SCardAccessStartedEvent

ole32

OleIsRunning

Sections

.text
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 196KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 744B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a2e6ab0d0e5ccf23e4ec09d18c8f5b1d

Headers

File Characteristics

Imports

kernel32

gdi32

user32

advapi32

winmm

winscard

ole32

Sections

.text Size: 40KB - Virtual size: 37KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 196KB - Virtual size: 1.2MB

.rsrc Size: 4KB - Virtual size: 744B

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 40KB - Virtual size: 37KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 196KB - Virtual size: 1.2MB

.rsrc
Size: 4KB - Virtual size: 744B

.reloc
Size: 8KB - Virtual size: 6KB