94a067cba9bff047b7741fe329cefe7d76bf517b8cf5ba89d108e9235d18f44b

Sharing

Copy URL Twitter E-mail

General

Target

94a067cba9bff047b7741fe329cefe7d76bf517b8cf5ba89d108e9235d18f44b
Size

316KB
MD5

6511d7f4c62fe848672639160475dcce
SHA1

c7abd7b102384484cf713daca74b369587ecc3b5
SHA256

94a067cba9bff047b7741fe329cefe7d76bf517b8cf5ba89d108e9235d18f44b
SHA512

ce59c8128a3451899b8ead0c40582260c63006007311d65ce7a782ac6e2e89267749726e5a3df5ca228cafc8e9e2b891a1f611d78045720eb2c3de3591e3bf9a
SSDEEP

6144:sP0AmFE3rXlFuwvmuayPEMPPx7AduK5JJcvHGiUHnXlY+8YVUA4fp7:C0BFQlFuwyMPJ7WBJJcv9ia+BVyJ

Score

N/A

Malware Config

Signatures

Files

94a067cba9bff047b7741fe329cefe7d76bf517b8cf5ba89d108e9235d18f44b
.exe windows x86

a64e49e186fc8d3ab7353e6a6e936694

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegEnumValueA
RegQueryInfoKeyW
CryptCreateHash
IsValidSecurityDescriptor
RegSetValueExA
RegQueryValueExA
RegCreateKeyExW
RegCreateKeyExA
RegCloseKey
GetTokenInformation
RegOpenKeyExW
InitializeAcl
AddAccessAllowedAce
CryptAcquireContextA
RegEnumKeyExA
RegQueryInfoKeyA
GetSecurityDescriptorOwner
InitializeSecurityDescriptor
GetSidIdentifierAuthority
PrivilegeCheck
SetSecurityDescriptorOwner
AllocateAndInitializeSid
GetSidSubAuthorityCount
RegDeleteKeyA
SetSecurityDescriptorGroup
LookupPrivilegeValueW
CryptDestroyHash
RegDeleteValueA
SetSecurityDescriptorDacl
RegConnectRegistryW
GetUserNameW
CryptHashData
AccessCheck
CryptGetHashParam
OpenProcessToken
GetLengthSid
EqualSid
ConvertStringSecurityDescriptorToSecurityDescriptorW
DuplicateToken
CryptReleaseContext
RegQueryValueExW
AdjustTokenPrivileges
RegOpenKeyExA
FreeSid
GetSidSubAuthority
GetKernelObjectSecurity

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoCreateGuid
CoCreateInstance
CoUninitialize
StringFromCLSID
CoWaitForMultipleHandles
CoReleaseMarshalData
CoCreateFreeThreadedMarshaler
CoInitializeEx
CoTaskMemFree
StringFromGUID2

oleaut32

SysFreeString
VariantChangeType
VariantInit
SysStringByteLen
VarBstrCmp
SysAllocStringByteLen
SysReAllocStringLen
VariantClear
VariantCopy
VarUI4FromStr
SysAllocString
SysAllocStringLen
SysStringLen

user32

EnumWindows
SetDebugErrorLevel
PostThreadMessageW
LoadStringA
CharLowerBuffA
IsWindowVisible
GetWindowThreadProcessId
LoadStringW
CharNextA
GetWindowTextW
SetWindowLongW

shell32

CommandLineToArgvW

kernel32

GetThreadContext
SetErrorMode
LCMapStringW
EnterCriticalSection
GetThreadPriority
Process32Next
GetOverlappedResult
VirtualAlloc
LocalFree
FormatMessageA
VirtualFree
FindFirstFileW
ProcessIdToSessionId
VirtualProtectEx
IsDebuggerPresent
TransactNamedPipe
HeapDestroy
RaiseException
DuplicateHandle
SizeofResource
GetSystemDirectoryW
DeleteFileW
WaitForDebugEvent
GetComputerNameW
HeapAlloc
Process32First
CreateToolhelp32Snapshot
ReleaseMutex
ExpandEnvironmentStringsW
FindResourceW
GetModuleHandleA
TlsSetValue
LocalAlloc
LeaveCriticalSection
GetProcessAffinityMask
DeleteCriticalSection
LoadResource
GetModuleHandleW
ResetEvent
SuspendThread
SetUnhandledExceptionFilter
SwitchToThread
FindResourceA
TlsAlloc
WriteProcessMemory
GetThreadSelectorEntry
HeapSize
GetProcessHeap
ReadFile
FreeLibraryAndExitThread
CreateEventW
CreateEventA
GetCurrentThreadId
GetVolumeInformationW
GetFileInformationByHandle
UnmapViewOfFile
lstrcmpiA
CancelIo
DebugActiveProcess
CreateFileMappingW
GetSystemTimeAsFileTime
TlsGetValue
WaitNamedPipeW
TlsFree
FindResourceExW
GetFullPathNameW
MapViewOfFile
CreateProcessW
FreeEnvironmentStringsW
GetLongPathNameW
lstrlenW
CreateMutexW
FlushInstructionCache
SetThreadAffinityMask
ReadProcessMemory
VirtualQueryEx
FreeLibrary
OutputDebugStringW
CreateFileW
GetSystemInfo
CreateRemoteThread
GetCurrentDirectoryW
WaitForSingleObject
InitializeCriticalSectionAndSpinCount
LoadLibraryExA
LockResource
SetNamedPipeHandleState
SetThreadContext
GetFileSize
UnhandledExceptionFilter
FormatMessageW
QueryPerformanceFrequency
VirtualQuery
GetLogicalDrives
CreateThread
QueryDosDeviceW
SearchPathW
OpenProcess
GetWindowsDirectoryW
LoadLibraryExW
WideCharToMultiByte
SetFilePointer
CloseHandle
HeapReAlloc
SetLastError
lstrlenA
ResumeThread
GetFileTime
IsDBCSLeadByte
FindClose
OpenThread
CreateFileMappingA
SetHandleInformation
HeapFree
ContinueDebugEvent
IsValidCodePage
VirtualAllocEx

comctl32

CreateStatusWindow
ImageList_Write
InitCommonControlsEx
FlatSB_SetScrollInfo
ImageList_LoadImageA
ImageList_EndDrag
ImageList_Read
CreatePropertySheetPage
ImageList_SetBkColor

kbddv

KbdLayerDescriptor

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: 27KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 185KB - Virtual size: 458KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 58KB - Virtual size: 389KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a64e49e186fc8d3ab7353e6a6e936694

Headers

File Characteristics

Imports

advapi32

ole32

oleaut32

user32

shell32

kernel32

comctl32

kbddv

Sections

.text Size: 17KB - Virtual size: 17KB

.bss Size: 27KB - Virtual size: 184KB

.reloc Size: 185KB - Virtual size: 458KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 58KB - Virtual size: 389KB

.rsrc Size: 21KB - Virtual size: 88KB

.text
Size: 17KB - Virtual size: 17KB

.bss
Size: 27KB - Virtual size: 184KB

.reloc
Size: 185KB - Virtual size: 458KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 58KB - Virtual size: 389KB

.rsrc
Size: 21KB - Virtual size: 88KB