c8ac3c7176c1ca49ffab1b7e6b576d9ddd1482b6d6e5489808ce382ba4f908b5

Sharing

Copy URL

Twitter E-mail

General

Target

c8ac3c7176c1ca49ffab1b7e6b576d9ddd1482b6d6e5489808ce382ba4f908b5
Size

477KB
MD5

91f061b886d038e75b5e3f720de0b785
SHA1

59a105c3eebd337909e75080ed864649867fe637
SHA256

c8ac3c7176c1ca49ffab1b7e6b576d9ddd1482b6d6e5489808ce382ba4f908b5
SHA512

4dec9f13eb498671c090512acccd4cc7a194c20bbd383c3a2ed2f15cedc3c4a188beca3c7a9b70ef10dc26a884d6a3e6b377d83c6d5d7652a3543cd2f488d2c4
SSDEEP

12288:pcJ52J0w1W0MMZdgfMMMMMMMMLMMMMMMMMMMG7XE3k8:pcJ52l1W0MMEfMMMMMMMMLMMMMMMMMMW

Score

N/A

Malware Config

Signatures

Files

c8ac3c7176c1ca49ffab1b7e6b576d9ddd1482b6d6e5489808ce382ba4f908b5
.exe windows x86

da412ede5f6a97a8148f5503cabe03d7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey
OpenProcessToken
GetTokenInformation
CreateRestrictedToken
CreateProcessAsUserW
EqualSid
CreateWellKnownSid
LsaOpenPolicy
LsaLookupPrivilegeValue
LsaNtStatusToWinError
LsaClose
CopySid
GetKernelObjectSecurity
GetSecurityDescriptorDacl
SetTokenInformation
GetAclInformation
GetLengthSid
InitializeAcl
AddAccessAllowedAce
GetAce
AddAce
RegCreateKeyExW
RegSetValueExW
TraceEvent
GetTraceEnableLevel
RegisterTraceGuidsW
RegEnumValueW
GetTraceLoggerHandle

kernel32

InterlockedDecrement
GetVersionExW
ExitProcess
GetCurrentProcess
InterlockedIncrement
GetStartupInfoW
GetCommandLineW
GetModuleFileNameW
HeapSetInformation
IsDebuggerPresent
OpenEventW
GetModuleHandleW
LocalFree
LoadLibraryW
GetProcAddress
lstrcmpiW
lstrlenW
InitializeCriticalSectionAndSpinCount
HeapCreate
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
WaitForMultipleObjects
HeapReAlloc
HeapFree
HeapDestroy
DeleteCriticalSection
GetTempPathW
GetTempFileNameW
DeleteFileW
CreateFileW
SetFilePointerEx
ReadFile
InterlockedExchange
SetEvent
CloseHandle
ResetEvent
CreateEventW
GetLastError
InterlockedCompareExchange
Sleep
GetStartupInfoA
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetLastError
LoadResource
FindResourceExW
LoadLibraryExW
MapViewOfFile
CreateFileMappingW
GetLocaleInfoW
FreeLibrary
UnmapViewOfFile
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
FindResourceW
SearchPathW
RaiseException
OutputDebugStringW
CreateTimerQueueTimer

msvcr80

bsearch
memcpy
memset
wcsncmp
_vsnwprintf
wcscpy_s
_crt_debugger_hook
_controlfp_s
_invoke_watson
_except_handler4_common
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
iswdigit
_wcsicmp
_wcsnicmp
??_V@YAXPAX@Z
??3@YAXPAX@Z
_callnewh
malloc
qsort

user32

LoadStringW
MessageBoxW
MsgWaitForMultipleObjects
PostMessageW
PostQuitMessage
WaitForInputIdle
GetMessageW
TranslateMessage
DispatchMessageW
PeekMessageW

ntdll

RtlInitUnicodeString

ole32

CoRevokeClassObject
CoInitialize
CoUninitialize
CreateBindCtx
CoTaskMemFree
CoTaskMemAlloc
CoRegisterClassObject

oleaut32

SysFreeString
SysAllocString

mscoree

CoEEShutDownCOM

shlwapi

PathFindExtensionW
AssocQueryStringW

urlmon

CreateURLMonikerEx
CoInternetParseUrl
RegisterBindStatusCallback

shell32

ShellExecuteExW
CommandLineToArgvW

Sections

.text
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 232KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vmp0
Size: 192KB - Virtual size: 1.3MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

da412ede5f6a97a8148f5503cabe03d7

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcr80

user32

ntdll

ole32

oleaut32

mscoree

shlwapi

urlmon

shell32

Sections

.text Size: 47KB - Virtual size: 46KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 232KB - Virtual size: 232KB

.reloc Size: 4KB - Virtual size: 4KB

.vmp0 Size: 192KB - Virtual size: 1.3MB

.text
Size: 47KB - Virtual size: 46KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 232KB - Virtual size: 232KB

.reloc
Size: 4KB - Virtual size: 4KB

.vmp0
Size: 192KB - Virtual size: 1.3MB