e1ded8c9ffb4afa7b849b4009b3f0a5f27554f886fd8d1e24dbff438d76f642e

Sharing

Copy URL Twitter E-mail

General

Target

e1ded8c9ffb4afa7b849b4009b3f0a5f27554f886fd8d1e24dbff438d76f642e
Size

762KB
MD5

9eae597a15e26b7d51f6a1d679a78930
SHA1

338d784d4369e8082f08f5b2ba6a8c4fecf9736a
SHA256

e1ded8c9ffb4afa7b849b4009b3f0a5f27554f886fd8d1e24dbff438d76f642e
SHA512

e98178f5eb0f9547c02ffa42283ddfefe97d164fee5b91cd7d2b67cbc4764d809e638d761698917f08c8646bc713ee52bd097f502e4e78c094b1d7f044150f62
SSDEEP

12288:QFmA+Ca8f3bP9RlIbTC9UCDtkUifgBtBr8V5+Ta:QoA+Cam1oGqQth6ytBrXTa

Score

N/A

Malware Config

Signatures

Files

e1ded8c9ffb4afa7b849b4009b3f0a5f27554f886fd8d1e24dbff438d76f642e
.exe windows x86

5005057afec05d019d737d4af2eaf52d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

setupapi

SetupDiSetDeviceRegistryPropertyW
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW
SetupDiGetDeviceRegistryPropertyW
SetupDiDestroyDeviceInfoList

wtsapi32

WTSEnumerateSessionsW
WTSEnumerateProcessesW
WTSFreeMemory

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

pccs_dbengine

sqlite3_prepare16
sqlite3_errcode
sqlite3_bind_int
sqlite3_prepare
sqlite3_open16
sqlite3_column_text16
sqlite3_bind_text16
sqlite3_close
sqlite3_step
sqlite3_column_count
sqlite3_column_text
sqlite3_finalize
sqlite3_bind_int64
sqlite3_exec
sqlite3_column_type
sqlite3_column_int64
sqlite3_column_bytes
sqlite3_column_blob
sqlite3_bind_blob

kernel32

EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
CreateFileW
ReadFile
GetProcessHeap
HeapFree
HeapAlloc
WriteFile
HeapSize
HeapValidate
SetFilePointer
SetEndOfFile
FindFirstFileW
GetFileSize
FindClose
SetFileAttributesW
DeleteFileW
GetLastError
MultiByteToWideChar
CloseHandle
CreateProcessW
lstrlenW
SizeofResource
WaitForMultipleObjects
WaitForSingleObject
GetExitCodeProcess
FreeLibrary
CreateMutexW
ReleaseMutex
OpenProcess
CreateToolhelp32Snapshot
Process32FirstW
GetProcAddress
Process32NextW
GetModuleHandleA
GetCurrentProcess
GetVersionExW
GetSystemDirectoryW
GetModuleFileNameW
CreateDirectoryW
GetCurrentThreadId
LoadLibraryW
FindResourceW
LoadResource
LockResource
ExitThread
CreateEventW
CreateNamedPipeW
SetEvent
GetModuleHandleW
TerminateThread
Sleep
InterlockedIncrement
DisconnectNamedPipe
TerminateProcess
InterlockedDecrement
CancelIo
PeekNamedPipe
LoadLibraryExW
GetOverlappedResult
CreateThread
ResumeThread
ConnectNamedPipe
RaiseException
ResetEvent
lstrcmpiW
GetTickCount
LocalFree
SetUnhandledExceptionFilter
SetErrorMode
lstrcpyW
GetCommandLineW
GetCurrentThread
WideCharToMultiByte
OpenEventW
GetCommState
SetCommState
SetCommMask
PurgeComm
HeapReAlloc
GetSystemTimeAsFileTime
LoadLibraryA
CreateEventA
OpenEventA
TlsGetValue
RtlUnwind
GetStartupInfoW
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
GetFileAttributesW
GetDriveTypeW
FileTimeToLocalFileTime
FileTimeToSystemTime
GetCurrentProcessId
MoveFileW
IsDebuggerPresent
UnhandledExceptionFilter
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
DeleteCriticalSection
IsBadCodePtr
TlsAlloc
TlsSetValue
GetTimeZoneInformation
TlsFree
SetLastError
HeapDestroy
HeapCreate
VirtualFree
GetFullPathNameW
GetCurrentDirectoryA
ExitProcess
GetStdHandle
GetModuleFileNameA
GetCPInfo
GetOEMCP
IsValidCodePage
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
CreateFileA
CompareStringA
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
CompareStringW
SetEnvironmentVariableA
SetThreadPriority
LCMapStringA
LCMapStringW
GetDriveTypeA
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP

user32

CharNextW
PostThreadMessageW
MessageBoxW
MsgWaitForMultipleObjects
PeekMessageW
DispatchMessageW
CharUpperW
CharUpperBuffW
GetMessageW
RegisterClassW
CreateWindowExW
PostMessageW
DestroyWindow
UnregisterClassW
MessageBoxExW
LoadStringW
wsprintfW
UnregisterClassA
DefWindowProcW
TranslateMessage

advapi32

ImpersonateLoggedOnUser
RegOpenKeyExA
RegQueryValueExA
DeleteService
OpenThreadToken
SetServiceStatus
ControlService
DeregisterEventSource
OpenServiceW
ReportEventW
GetTokenInformation
RegisterEventSourceW
IsValidSid
GetLengthSid
CopySid
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
CloseServiceHandle
CreateServiceW
OpenSCManagerW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegSetValueExW
RegDeleteKeyW
RegDeleteValueW
InitializeSecurityDescriptor
RegEnumKeyExW
SetSecurityDescriptorDacl
CreateProcessAsUserW
RegQueryValueExW
GetUserNameW
RegQueryInfoKeyW
RevertToSelf
RegEnumKeyW
OpenProcessToken
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW

shell32

SHGetSpecialFolderPathW
SHGetFolderPathW

ole32

CoTaskMemAlloc
CoTaskMemRealloc
StringFromCLSID
CoCreateInstance
CoCreateGuid
CoInitializeEx
CoSuspendClassObjects
CoRegisterClassObject
StringFromGUID2
CoUninitialize
CoRevokeClassObject
CoResumeClassObjects
CoInitializeSecurity
CoTaskMemFree

oleaut32

SafeArrayUnaccessData
SafeArrayAccessData
VariantClear
VariantInit
SysAllocStringByteLen
SysFreeString
SysStringLen
VarBstrCmp
SysAllocString
SysStringByteLen
SysAllocStringLen
VarBstrCat
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SafeArrayDestroy
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElement
SafeArrayCreate
SafeArrayPutElement
SafeArrayRedim

shlwapi

PathAppendW

Sections

.text
Size: 415KB - Virtual size: 414KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 141KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 160KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5005057afec05d019d737d4af2eaf52d

Headers

File Characteristics

Imports

userenv

setupapi

wtsapi32

version

pccs_dbengine

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

Sections

.text Size: 415KB - Virtual size: 414KB

.rdata Size: 141KB - Virtual size: 140KB

.data Size: 17KB - Virtual size: 25KB

.rsrc Size: 27KB - Virtual size: 27KB

.text Size: 160KB - Virtual size: 164KB

.text
Size: 415KB - Virtual size: 414KB

.rdata
Size: 141KB - Virtual size: 140KB

.data
Size: 17KB - Virtual size: 25KB

.rsrc
Size: 27KB - Virtual size: 27KB

.text
Size: 160KB - Virtual size: 164KB