305e0b69656e8bfc6c12f3e8ef4a9de77e39035f6a7638a83a1db3c0a352b525

Sharing

Copy URL Twitter E-mail

General

Target

305e0b69656e8bfc6c12f3e8ef4a9de77e39035f6a7638a83a1db3c0a352b525
Size

133KB
MD5

d8b346995b04901f42eec042007b4167
SHA1

89c292b1fa76789bde92b9aa78d30d86405161c6
SHA256

305e0b69656e8bfc6c12f3e8ef4a9de77e39035f6a7638a83a1db3c0a352b525
SHA512

2cb310c667660bfa10faa2d443da8f75a756c942f6cd0eab2e4e50c0b87efbf99ea80856911c2998cf47dc75240938198c3b3d44b7c2b145187fa474627d2efd
SSDEEP

3072:FJkrAcLIg+K14WikJpT6AwS4uF9xH8si:Tkr3BYcTvNx/i

Score

N/A

Malware Config

Signatures

Files

305e0b69656e8bfc6c12f3e8ef4a9de77e39035f6a7638a83a1db3c0a352b525
.exe windows x64

96ac1a559d1a33176265ca55ee2af741

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

shlwapi

PathIsDirectoryA
PathFileExistsA

mfc42

ord4092
ord4093
ord4087
ord3173
ord4381
ord4992
ord4779
ord3926
ord1063
ord659
ord3840
ord318
ord834
ord5645
ord5919
ord6057
ord1267
ord2793
ord880
ord1992
ord3272
ord3269
ord4358
ord2810
ord2801
ord1265
ord374
ord1041
ord627
ord2108
ord1408
ord6640
ord5639
ord6713
ord3055
ord4730
ord5254
ord5415
ord2529
ord6445
ord4375
ord1791
ord4761
ord5670
ord2413
ord5595
ord6818
ord4703
ord5709
ord4027
ord5238
ord4798
ord2682
ord2074
ord6820
ord3943
ord5493
ord1749
ord5690
ord2471
ord2154
ord5706
ord4997
ord4780
ord3771
ord1469
ord337
ord4567
ord5086
ord2398
ord3175
ord3061
ord3375
ord3240
ord4824
ord3371
ord3252
ord3058
ord6060
ord5718
ord5737
ord5074
ord4378
ord2764
ord5731
ord5729
ord3477
ord2426
ord5624
ord1392
ord4201
ord6078
ord2527
ord2571
ord4845
ord6819
ord4608
ord6231
ord6232
ord6886
ord5048
ord4531
ord1690
ord2688
ord5839
ord6852
ord5987
ord1494
ord1506
ord1452
ord1287
ord2858
ord1263
ord617
ord5838
ord6710
ord1038
ord6711
ord6714
ord2795
ord620
ord626
ord6028
ord4446
ord1122
ord6890
ord6891
ord1124
ord622
ord1289
ord1040
ord1595
ord5694
ord852

msvcrt

__set_app_type
_fmode
_commode
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_cexit
_ismbblead
_exit
_c_exit
_XcptFilter
__C_specific_handler
_onexit
__dllonexit
_setmbcp
__CxxFrameHandler
_mbscmp
_mbsicmp
sprintf
memcpy
_mbsicoll
strrchr
_stricmp
??_U@YAPEAX_K@Z
??_V@YAXPEAX@Z
atoi
memset
_purecall

kernel32

Sleep
OpenProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
lstrlenA
CopyFileA
RemoveDirectoryA
GetCurrentProcess
TerminateThread
SetEvent
CreateEventA
GetDriveTypeA
GetStartupInfoA
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetSystemDefaultLangID
GetCurrentDirectoryA
CreateDirectoryA
GetTempPathA
DeleteFileA
GetUserDefaultLCID
GetSystemDefaultLCID
CloseHandle
WaitForSingleObject
CreateProcessA
FindClose
FindFirstFileA
GetVersionExA
GetProcAddress
GetSystemDirectoryA

user32

EnumWindows
IsWindowVisible
GetClassNameA
MessageBoxA
EnumChildWindows
GetWindowLongA
FindWindowA
GetSystemMetrics
EnableWindow
GetWindowTextA
PostMessageA

advapi32

GetTokenInformation
OpenProcessToken
RegDeleteValueA
RegSetValueExA
RegCreateKeyExA
RegDeleteKeyA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
LookupPrivilegeValueA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 62KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

udhdmqd
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

96ac1a559d1a33176265ca55ee2af741

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

mfc42

msvcrt

kernel32

user32

advapi32

version

Sections

.text Size: 42KB - Virtual size: 42KB

.rdata Size: 22KB - Virtual size: 22KB

.data Size: 512B - Virtual size: 608B

.pdata Size: 4KB - Virtual size: 3KB

.rsrc Size: 62KB - Virtual size: 63KB

udhdmqd Size: - Virtual size: 4KB

.text
Size: 42KB - Virtual size: 42KB

.rdata
Size: 22KB - Virtual size: 22KB

.data
Size: 512B - Virtual size: 608B

.pdata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 62KB - Virtual size: 63KB

udhdmqd
Size: - Virtual size: 4KB