9a8a6e569c6e110b71b99947bf672188e3b761683723ba08c36705d2c1a89da9

Sharing

Copy URL Twitter E-mail

General

Target

9a8a6e569c6e110b71b99947bf672188e3b761683723ba08c36705d2c1a89da9
Size

833KB
MD5

9cef6bd0c546f17c6795e8f8a8c4e372
SHA1

91c69d9bf1885fbea47b038ed9e30fca3865c576
SHA256

9a8a6e569c6e110b71b99947bf672188e3b761683723ba08c36705d2c1a89da9
SHA512

12b4c2dd08b69f6e3ee6ae4b07504dbbe2b6ee8cf1819efd68bdabf2b95206612ab8e98ce41987de9016d95b6fd9fdf2a39d98aebc531cc233bc5135c8ab26a3
SSDEEP

24576:gRoMyn/HUGIfcsACYIDNUrv6IZiNaWix0Vqs0N0cx1vLP:HVNIYCBNUrHiNlugqs0Nvv

Score

N/A

Malware Config

Signatures

Files

9a8a6e569c6e110b71b99947bf672188e3b761683723ba08c36705d2c1a89da9
.exe windows x86

cce3254b714023287d020f25f8b9069b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SignalObjectAndWait
PulseEvent
VirtualFree
GetBinaryType
GetPrivateProfileStructA
GetLogicalDriveStringsA
ReadConsoleInputA
lstrcpyA
IsValidCodePage
GetEnvironmentStringsA
DosDateTimeToFileTime
LoadLibraryW
SetTermsrvAppInstallMode
SetupComm
GetComputerNameW
VDMConsoleOperation
GetLogicalDrives
DeleteFileW
IsDebuggerPresent
RequestWakeupLatency
VirtualProtectEx
GetCurrentThread
FlushFileBuffers
GetLocaleInfoA

ureg

??0REGISTRY@@QAE@XZ
?RestoreKeyFromFile@REGISTRY@@QAEEW4_PREDEFINED_KEY@@PAVREGISTRY_KEY_INFO@@PBVWSTRING@@EPAK@Z
?QueryValues@REGISTRY@@QAEEW4_PREDEFINED_KEY@@PBVWSTRING@@1PAVARRAY@@PAK@Z
?SaveKeyToFile@REGISTRY@@QAEEW4_PREDEFINED_KEY@@PAVREGISTRY_KEY_INFO@@PBVWSTRING@@PAK@Z
??0REGISTRY_KEY_INFO@@QAE@XZ
?DoesValueExist@REGISTRY@@QAEEW4_PREDEFINED_KEY@@PBVWSTRING@@11PAK@Z
?QuerySubKeysInfo@REGISTRY@@QAEEW4_PREDEFINED_KEY@@PBVWSTRING@@1PAVARRAY@@PAK@Z
?QueryKeyInfo@REGISTRY@@QAEEW4_PREDEFINED_KEY@@PBVWSTRING@@1PAVREGISTRY_KEY_INFO@@PAK@Z
?SetKeySecurity@REGISTRY@@QAEEW4_PREDEFINED_KEY@@PAVREGISTRY_KEY_INFO@@KPAXPAKE@Z
?Initialize@REGISTRY@@QAEEPBVWSTRING@@PAK@Z
?UnLoadHive@REGISTRY@@QAEEW4_PREDEFINED_KEY@@PAVREGISTRY_KEY_INFO@@PAK@Z
?UpdateKeyInfo@REGISTRY@@QAEEW4_PREDEFINED_KEY@@PAVREGISTRY_KEY_INFO@@PAK@Z

shlwapi

StrChrNW
StrChrIA
PathIsDirectoryW
SHSetThreadRef
PathUnmakeSystemFolderW
SHOpenRegStream2A
PathFindExtensionW
PathUndecorateA
SHStrDupA

advapi32

SetServiceObjectSecurity
CryptGetDefaultProviderW
RegEnumKeyExW
RegRestoreKeyW
CredUnmarshalCredentialW
MD5Update
SetSecurityDescriptorDacl
QueryServiceStatus
OpenTraceW
TrusteeAccessToObjectW
RegCreateKeyExW
LsaICLookupSidsWithCreds
LsaGetSystemAccessAccount
GetTraceEnableFlags
CryptSetProviderW

rtutils

RouterLogEventExA
LogErrorW
TracePrintfW
RouterLogEventDataA
RouterAssert
TraceDeregisterA
TraceRegisterExA
TracePutsExA
RouterGetErrorStringW
TraceGetConsoleW
RouterLogEventValistExW
TraceDeregisterExW
TraceDumpExA
TraceVprintfExA
TraceGetConsoleA
RouterLogEventValistExA
TracePutsExW
RouterLogDeregisterA
TraceDeregisterExA
RouterLogEventDataW

Sections

.text
Size: 417KB - Virtual size: 416KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 145KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 157KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 860B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cce3254b714023287d020f25f8b9069b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ureg

shlwapi

advapi32

rtutils

Sections

.text Size: 417KB - Virtual size: 416KB

.rdata Size: 145KB - Virtual size: 144KB

.data Size: 157KB - Virtual size: 1.5MB

.rsrc Size: 111KB - Virtual size: 111KB

.reloc Size: 1024B - Virtual size: 860B

.text
Size: 417KB - Virtual size: 416KB

.rdata
Size: 145KB - Virtual size: 144KB

.data
Size: 157KB - Virtual size: 1.5MB

.rsrc
Size: 111KB - Virtual size: 111KB

.reloc
Size: 1024B - Virtual size: 860B