4be91d183c0f9fa4493e638e06cb4d48e64fd21ffd01728059f606320b9671b6

Sharing

Copy URL Twitter E-mail

General

Target

4be91d183c0f9fa4493e638e06cb4d48e64fd21ffd01728059f606320b9671b6
Size

176KB
MD5

be61da73c9848ca6df8ef011b65afe67
SHA1

710c7825fe3724c40e758294e5e73ada9782ae23
SHA256

4be91d183c0f9fa4493e638e06cb4d48e64fd21ffd01728059f606320b9671b6
SHA512

ed4a151761695cdf8a2fc0329e837b97ec3529eac63c037736c7ffec438711aa463dceec2f04622d04e796af2dc573b445ff2f4988bc2350fc435e587f817940
SSDEEP

3072:J7K5yiYoRMMMpHlEIwBgiOEW4S3uWPWEXCCXznkZmgNi:J7jIRMPHlEIRiOEW4XWOEXNi

Score

N/A

Malware Config

Signatures

Files

4be91d183c0f9fa4493e638e06cb4d48e64fd21ffd01728059f606320b9671b6
.dll windows x86

60f09e90e019fafc0b88cd24bb6df5af

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalAlloc
CreateProcessW
GlobalFree
SetEvent
GetCurrentDirectoryA
GetFullPathNameA
FileTimeToLocalFileTime
SetEndOfFile
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
CompareStringW
CompareStringA
HeapSize
RtlUnwind
VirtualQuery
VirtualProtect
VirtualAlloc
SetStdHandle
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentStringsW
GetEnvironmentStrings
GetCPInfo
GetOEMCP
SetEnvironmentVariableW
SetEnvironmentVariableA
GetStartupInfoA
GetFileType
SetHandleCount
WideCharToMultiByte
HeapFree
HeapReAlloc
HeapAlloc
GetFileAttributesA
ExitProcess
FindNextFileA
FindFirstFileA
GetCommandLineA
CreateProcessA
WaitForSingleObject
GetExitCodeProcess
GetLastError
GetModuleFileNameA
FlushFileBuffers
CreateFileA
CreateFileMappingA
MapViewOfFile
WaitForMultipleObjects
GetCurrentThread
GetFileInformationByHandle
FindNextFileW
FindClose
GetCompressedFileSizeW
LocalFree
GetTempPathW
GetFileAttributesW
MoveFileExW
RemoveDirectoryW
CreateDirectoryW
OutputDebugStringA
GetModuleHandleW
DeleteFileW
GetComputerNameExW
GetModuleFileNameW
FreeLibrary
BackupRead
ReadFile
CloseHandle
SetErrorMode
GetStdHandle
FileTimeToSystemTime
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
EnterCriticalSection
TryEnterCriticalSection
LeaveCriticalSection
TlsFree
TlsAlloc
TlsGetValue
TlsSetValue
GetExitCodeThread
OutputDebugStringW
GetModuleHandleA
GetVersionExA
GetSystemInfo
lstrcmpiA
QueryPerformanceFrequency
MultiByteToWideChar
GetACP
InitializeCriticalSection
InterlockedExchange
Sleep
QueryPerformanceCounter
UnhandledExceptionFilter
IsDebuggerPresent
GetCurrentProcess
TerminateProcess
CreateThread
DuplicateHandle
CreatePipe
CreateFileW
GetShortPathNameW
GetVersion
GetProcessHeap
InterlockedIncrement
InterlockedDecrement
FreeEnvironmentStringsA
GetConsoleCP
GetConsoleMode
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
GetVersionExW
WriteFile
DisableThreadLibraryCalls
InterlockedCompareExchange
CreateSemaphoreA
FindAtomA
GetAtomNameA
GetConsoleCursorInfo
GetConsoleScreenBufferInfo
ReleaseSemaphore
SetConsoleCursorInfo
SetConsoleCursorPosition
WriteConsoleOutputA
GetStartupInfoW
GetCurrentDirectoryW
SetFilePointer
ExitThread
SetUnhandledExceptionFilter

user32

SetFocus
IsDlgButtonChecked
GetClientRect
GetWindowRect
CheckDlgButton
FindWindowW
GetDlgItem
ExitWindowsEx
LoadStringW

advapi32

FreeSid
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
GetUserNameW
ReportEventW
GetExplicitEntriesFromAclW
EqualSid
GetLengthSid
InitializeAcl
AddAccessAllowedAce
InitializeSecurityDescriptor
RegOpenKeyExA
RegQueryValueExW
RegCloseKey
OpenThreadToken
RevertToSelf
MapGenericMask
AccessCheck
RegEnumKeyA
SetSecurityDescriptorDacl
LookupPrivilegeValueW
RegCreateKeyW
SetSecurityDescriptorOwner
AllocateAndInitializeSid
RegQueryValueExA
RegSetValueExA
GetSecurityDescriptorControl
GetNamedSecurityInfoW
RegDeleteKeyW
RegSetValueExW

shell32

SHGetFolderPathW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetMalloc

ole32

CoInitialize
CoTaskMemFree
CoSetProxyBlanket
CoCreateInstance
CoQueryProxyBlanket

msvcrt

malloc
_onexit
tolower
time
strtoul
strtol
strstr
strrchr
strlen
strerror
strcspn
strcmp
strchr
srand
_lock
signal
realloc
rand
qsort
printf
memset
memmove
sprintf
getenv
ftell
fseek
free
fputs
fputc
fprintf
fflush
fclose
exit
clock
clearerr
atoi
abort
mbstowcs
_unlock
__dllonexit

Exports

Exports

InstancesDeviceAccessesAny
SoftwareDevice
TwoYour

Sections

.text
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

60f09e90e019fafc0b88cd24bb6df5af

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

msvcrt

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 44KB

.rdata Size: 36KB - Virtual size: 35KB

.data Size: 56KB - Virtual size: 128KB

.rsrc Size: 28KB - Virtual size: 26KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 48KB - Virtual size: 44KB

.rdata
Size: 36KB - Virtual size: 35KB

.data
Size: 56KB - Virtual size: 128KB

.rsrc
Size: 28KB - Virtual size: 26KB

.reloc
Size: 4KB - Virtual size: 1KB