52388b88100131098d245232492b3ab3a470727d3b37b68767e0b9f2d1b09d58

Sharing

Copy URL Twitter E-mail

General

Target

52388b88100131098d245232492b3ab3a470727d3b37b68767e0b9f2d1b09d58
Size

246KB
MD5

39046e892b804741dcc3431835c3eae0
SHA1

7bfb105d592d78404ebbf7748dc9853d943cbda1
SHA256

52388b88100131098d245232492b3ab3a470727d3b37b68767e0b9f2d1b09d58
SHA512

cdba23125ddd6e4e0be13a08803a198b0f84238200bc30134b9557991e755bcae5f118fdf1f9ca74c1352517807226c5ba9c9e5cc61f398197d166251d6709d0
SSDEEP

6144:3HbXMK82eGYM6+OzTCmTqiJDeJQDFixLLl93DZO7zjKXmNU:3HDB7e89OzhDWpn3DSj

Score

N/A

Malware Config

Signatures

Files

52388b88100131098d245232492b3ab3a470727d3b37b68767e0b9f2d1b09d58
.exe windows x86

46b0cc46bb3a09f7cf7fd9d26fc18e8f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegSetValueW
AddAccessAllowedObjectAce
QueryServiceLockStatusA
AddAce
GetTraceEnableFlags
AreAnyAccessesGranted
RegCreateKeyExW
SystemFunction036
SetTokenInformation
RegSetValueExW
InstallApplication
GetSecurityDescriptorOwner
ReportEventW
AccessCheck
RegCloseKey
LookupPrivilegeDisplayNameW
RegDeleteKeyA

kernel32

SetConsoleKeyShortcuts
IsBadReadPtr
GetLogicalDriveStringsW
GetBinaryTypeW
UpdateResourceA
VirtualAlloc
SearchPathA
FreeEnvironmentStringsW
GetSystemWindowsDirectoryW
SetInformationJobObject
WriteProcessMemory

netapi32

NetConnectionEnum
NetWkstaTransportEnum
NetServerEnum
DsGetDcNameWithAccountW
NetUserSetInfo
NetShareAdd
NetShareGetInfo
DsGetDcNameW
NetUseGetInfo
NetGetJoinInformation

shell32

SHParseDisplayName
SHGetIconOverlayIndexW
SHGetSpecialFolderLocation
SHGetMalloc
SHFormatDrive
SHCreateDirectoryExW
SHGetDesktopFolder
ExtractIconExW
DragFinish
SHChangeNotifySuspendResume
SHGetFileInfoW
SHGetSpecialFolderPathW
ExtractIconW

imagehlp

ImageRvaToVa
ImageDirectoryEntryToData
ImageLoad
ImageNtHeader
CheckSumMappedFile
SymSetOptions
SymInitialize
ImageEnumerateCertificates
ImageRvaToSection
ImageUnload
ImageGetCertificateData
EnumerateLoadedModules64

Sections

.text
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.OcH
Size: 48KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.jESWt
Size: 122KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 444B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 684B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

46b0cc46bb3a09f7cf7fd9d26fc18e8f

Headers

File Characteristics

Imports

advapi32

kernel32

netapi32

shell32

imagehlp

Sections

.text Size: 73KB - Virtual size: 73KB

.OcH Size: 48KB - Virtual size: 110KB

.jESWt Size: 122KB - Virtual size: 147KB

.rsrc Size: 512B - Virtual size: 444B

.reloc Size: 1024B - Virtual size: 684B

.text
Size: 73KB - Virtual size: 73KB

.OcH
Size: 48KB - Virtual size: 110KB

.jESWt
Size: 122KB - Virtual size: 147KB

.rsrc
Size: 512B - Virtual size: 444B

.reloc
Size: 1024B - Virtual size: 684B