896feedd06a7d1f1285d9fc5ac070f2ee487162cf7c5fa7f6787b5780db22662

Sharing

Copy URL Twitter E-mail

General

Target

896feedd06a7d1f1285d9fc5ac070f2ee487162cf7c5fa7f6787b5780db22662
Size

329KB
MD5

9a5b8adc1a8416e868116a336458de0d
SHA1

08161a7b825bb49609547afb8ef67a7a79325644
SHA256

896feedd06a7d1f1285d9fc5ac070f2ee487162cf7c5fa7f6787b5780db22662
SHA512

2bea652352a4a95e6f474843705e08357139123869e61c36e87a10793378f3ece54bea823dea9657050577c2300658949385f22e43e03d79307c2042ca48c4c2
SSDEEP

6144:zHcDMvB6fjh7oS8SL3ciV5vhMGOwjiDJBbdrx7X0bysK4xk7U1ZINi6bos:zHcYk7Z065ikM/b2nxkA1i18

Score

N/A

Malware Config

Signatures

Files

896feedd06a7d1f1285d9fc5ac070f2ee487162cf7c5fa7f6787b5780db22662
.exe windows x86

3fb1fcb9f090247fab45016cdaf4892a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualLock
TerminateThread
FreeLibrary
ExitProcess
GetVersionExA
VirtualAlloc
HeapReAlloc
CloseHandle
CreateFileW
GetFileSize
TryEnterCriticalSection
lstrcmpiA
FindFirstFileW
RtlUnwind
LockResource
DebugBreak
InterlockedExchangeAdd
GetModuleHandleW
CreateThread
GetCurrentProcess
LoadLibraryW
PulseEvent
MulDiv
CreateFileA
InitializeCriticalSectionAndSpinCount
OutputDebugStringW
DisableThreadLibraryCalls
GetProcessWorkingSetSize
RtlCaptureStackBackTrace
InitializeSListHead
ReadFile
GlobalUnlock
QueryPerformanceCounter
LeaveCriticalSection
InterlockedDecrement
WriteFile
TerminateProcess
LocalFree
LoadResource
GetCurrentThreadId
QueryPerformanceFrequency
CancelIo
WaitForSingleObject
GetSystemInfo
SystemTimeToFileTime
VirtualQuery
GetLastError
SetWaitableTimer
HeapAlloc
WaitForSingleObjectEx
InterlockedIncrement
SleepEx
VirtualFree
FindClose
SetThreadPriority
GetSystemDirectoryW
GetSystemTimeAsFileTime
QueryDepthSList
GetModuleHandleA
GetVersion
GetProcessHeap
UnmapViewOfFile
SetUnhandledExceptionFilter
InterlockedPushEntrySList
InterlockedCompareExchange
WideCharToMultiByte
GetProcAddress
GetCurrentThread
DuplicateHandle
DelayLoadFailureHook
CreateEventW
UnhandledExceptionFilter
GetProcessId
EnterCriticalSection
SizeofResource
GetOverlappedResult
InterlockedFlushSList
GetTickCount
InitializeCriticalSection
RaiseException
SetLastError
IsProcessorFeaturePresent
DeleteCriticalSection
MapViewOfFile
LocalAlloc
HeapFree
CreateWaitableTimerW
ProcessIdToSessionId
GetFullPathNameA
InterlockedExchange
CreateFileMappingW
SetProcessWorkingSetSize
IsDebuggerPresent
Sleep
LoadLibraryA
SetEvent
CompareStringW
ResetEvent
GetCurrentProcessId
GetVersionExW
CreateFileMappingA
FindResourceW
OutputDebugStringA
WaitForMultipleObjects

gdi32

CreateDCW
GetDeviceCaps
DrawEscape
CreateICW
GetSystemPaletteEntries
GetRegionData
RectInRegion
CreateRectRgnIndirect
GetDIBits
SelectObject
BitBlt
GetRgnBox
RealizePalette
SelectPalette
CreateCompatibleBitmap
GdiEntry13
DeleteObject
DeleteDC
CreatePalette
GetDCOrgEx
CombineRgn
CreateDIBSection
SetLayout
OffsetRgn
CreateCompatibleDC

advapi32

GetTraceEnableFlags
TraceMessage
RegisterTraceGuidsW
RegOpenKeyExW
UnregisterTraceGuids
RegQueryValueExA
RegOpenKeyA
TraceEvent
GetTraceLoggerHandle
RegCloseKey
GetTraceEnableLevel
RegQueryValueExW

user32

EnumDisplaySettingsW
GetDC
EnumDisplayMonitors
MsgWaitForMultipleObjects
EnumDisplayDevicesW
IntersectRect
UpdateLayeredWindow
InvalidateRect
GetDesktopWindow
EqualRect
OffsetRect
GetWindowLongW
IsWindow
GetClientRect
TranslateMessage
SetLayeredWindowAttributes
PostMessageW
RegisterWindowMessageW
IsRectEmpty
GetGuiResources
CopyRect
GetWindowDC
ReleaseDC
DispatchMessageW
SystemParametersInfoW
SetRect
PeekMessageW
ClientToScreen
GetMonitorInfoW

msvcrt

_CIsin
wcsstr
_stricmp
_CItanh
_fpclass
_initterm
_purecall
isalpha
malloc
_errno
_wtoi
realloc
atoi
_CIsqrt
_finite
isspace
_onexit
_isnan
_vsnprintf
atof
__dllonexit
_wtof
free
isdigit
_clearfp
_CIsinh
floor
_CIlog
strchr
_CIasin
clock
modf
_CItan
_amsg_exit
wcschr
memmove
_strdup
_CIcosh
_CIatan2
tolower
calloc
memset
isalnum
ceil
_copysign
_XcptFilter
memcpy
_resetstkoflw
_CIatan
_CIcos
_wcsicmp
_adjust_fdiv
_lock
_CIacos
_controlfp
toupper
_CIpow
wcstol
isxdigit
_vsnwprintf
_unlock
_CIexp
setlocale
_CIfmod
qsort

ole32

PropVariantClear
CoUninitialize
CoTaskMemFree
CoTaskMemAlloc
PropVariantCopy
CoCreateInstance
CoInitialize

ntdll

DbgPrintEx
DbgBreakPoint
RtlNumberGenericTableElements
NtMapViewOfSection
RtlFindClearBitsAndSet
RtlIsGenericTableEmpty
RtlDeleteElementGenericTable
RtlClearBits
NtAddAtom
RtlEnumerateGenericTableWithoutSplaying
RtlSetBits
DbgPrompt
NtAllocateVirtualMemory
RtlInsertElementGenericTable
RtlUlongByteSwap
RtlInitializeGenericTable
NtCreateSection
NtQuerySystemInformation
NtUnmapViewOfSection

psapi

GetProcessMemoryInfo

rpcrt4

RpcBindingVectorFree
RpcBindingFree
NdrAsyncClientCall
RpcAsyncInitializeHandle
RpcBindingSetAuthInfoExW
RpcServerRegisterIfEx
RpcAsyncCompleteCall
RpcBindingFromStringBindingW
UuidToStringW
RpcStringFreeW
RpcStringBindingComposeW
I_RpcExceptionFilter
RpcServerUnregisterIfEx
RpcServerInqBindings
RpcEpRegisterW
RpcServerUseProtseqW
NdrAsyncServerCall
UuidCreate
RpcAsyncCancelCall
RpcSsDestroyClientContext
RpcAsyncGetCallStatus
RpcServerInqCallAttributesW

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 248KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3fb1fcb9f090247fab45016cdaf4892a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

gdi32

advapi32

user32

msvcrt

ole32

ntdll

psapi

rpcrt4

Sections

.text Size: 26KB - Virtual size: 26KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 248KB - Virtual size: 248KB

.rdata Size: 40KB - Virtual size: 39KB

.data Size: 12KB - Virtual size: 1.4MB

.text
Size: 26KB - Virtual size: 26KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 248KB - Virtual size: 248KB

.rdata
Size: 40KB - Virtual size: 39KB

.data
Size: 12KB - Virtual size: 1.4MB