239f780abe6e8bb3c74810740db62aa3df08a29391aa028505dc6767aa05e54e

Sharing

Copy URL Twitter E-mail

General

Target

239f780abe6e8bb3c74810740db62aa3df08a29391aa028505dc6767aa05e54e
Size

275KB
MD5

d07a18a13aa4a07d61cc744b95af2f14
SHA1

ca0435c5270c7d670bd8f5b650b0b01a01330b44
SHA256

239f780abe6e8bb3c74810740db62aa3df08a29391aa028505dc6767aa05e54e
SHA512

04cb4079737ff349765f1ff8458aa3e96aa47a5e24d89e76cd8596adc1ff86e3f602ba4c4d673fbfa4bb90bf2c7d10bc4635ec7fec21d403024d69f36bc88e73
SSDEEP

6144:xGSPTRWLYeB7e/WWc/+R7KpFJPGp7lrg:RRW3B7Ycywu58

Score

N/A

Malware Config

Signatures

Files

239f780abe6e8bb3c74810740db62aa3df08a29391aa028505dc6767aa05e54e
.exe windows x86

2f2b0549f076eeb96296ccb3ecc3f1a3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

VarBstrCmp
SafeArrayDestroy
SafeArrayCopy
VariantCopyInd
SafeArrayRedim
VariantInit
SafeArrayGetUBound
SafeArrayCreate
VariantClear
VariantCopy
SafeArrayGetVartype
SysStringByteLen
SysFreeString
SafeArrayGetLBound
SysAllocStringLen
GetErrorInfo
SafeArrayUnlock
VariantChangeType
SysAllocString
SysAllocStringByteLen
SafeArrayLock
LoadTypeLi
LoadRegTypeLi
SysStringLen

shlwapi

PathAppendW

kernel32

WideCharToMultiByte
HeapDestroy
WaitForSingleObject
lstrlenW
DeleteCriticalSection
SignalObjectAndWait
LocalFree
CopyFileW
RaiseException
FindResourceW
SetUnhandledExceptionFilter
LeaveCriticalSection
SetThreadLocale
HeapFree
FindResourceExW
LoadResource
CreateThread
GetSystemTimeAsFileTime
CreateEventW
CreateDirectoryW
CreateFileW
FormatMessageW
lstrlenA
UnhandledExceptionFilter
IsDebuggerPresent
EnterCriticalSection
GetACP
GetProcessHeap
SizeofResource
GetCurrentThreadId
HeapReAlloc
LockResource
HeapSize
GetThreadLocale
HeapAlloc
CloseHandle
GetModuleHandleA
VirtualAllocEx
IsBadWritePtr

advapi32

GetSidSubAuthority
InitializeSid
IsValidSid
RegCloseKey
RegQueryValueExW
ConvertStringSidToSidW
RegEnumKeyExW
RegOpenKeyExW
EqualSid
RegisterEventSourceW
OpenProcessToken
DeregisterEventSource
GetSidLengthRequired
ReportEventW
GetTokenInformation
CopySid
GetLengthSid
OpenThreadToken
RegEnumValueW

userenv

UnloadUserProfile
GetAllUsersProfileDirectoryA
RsopAccessCheckByType
DeleteProfileA
GetPreviousFgPolicyRefreshInfo
DllCanUnloadNow

user32

UnregisterClassA

shell32

SHGetFolderPathW

ole32

CoInitializeEx
CLSIDFromProgID
CoCreateInstance
CoUninitialize
CoRevertToSelf
CoImpersonateClient
CLSIDFromString
OleRun

msafd

WSPStartup

Sections

.text
Size: 223KB - Virtual size: 223KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.KiSulqV
Size: 512B - Virtual size: 258B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bLUXlqV
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.oINdDsE
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zDgOpLE
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.GrVYpLE
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qscqprE
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eZOH
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avIBsnE
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.OasEtfj
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tCzPtfj
Size: 1024B - Virtual size: 949B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2f2b0549f076eeb96296ccb3ecc3f1a3

Headers

DLL Characteristics

File Characteristics

Imports

oleaut32

shlwapi

kernel32

advapi32

userenv

user32

shell32

ole32

msafd

Sections

.text Size: 223KB - Virtual size: 223KB

.KiSulqV Size: 512B - Virtual size: 258B

.bLUXlqV Size: 4KB - Virtual size: 3KB

.rdata Size: 3KB - Virtual size: 7KB

.oINdDsE Size: 4KB - Virtual size: 3KB

.zDgOpLE Size: 3KB - Virtual size: 3KB

.GrVYpLE Size: 4KB - Virtual size: 4KB

.qscqprE Size: 2KB - Virtual size: 1KB

.data Size: 8KB - Virtual size: 169KB

.rsrc Size: 11KB - Virtual size: 11KB

.eZOH Size: 2KB - Virtual size: 1KB

.avIBsnE Size: 2KB - Virtual size: 1KB

.OasEtfj Size: 4KB - Virtual size: 4KB

.tCzPtfj Size: 1024B - Virtual size: 949B

.text
Size: 223KB - Virtual size: 223KB

.KiSulqV
Size: 512B - Virtual size: 258B

.bLUXlqV
Size: 4KB - Virtual size: 3KB

.rdata
Size: 3KB - Virtual size: 7KB

.oINdDsE
Size: 4KB - Virtual size: 3KB

.zDgOpLE
Size: 3KB - Virtual size: 3KB

.GrVYpLE
Size: 4KB - Virtual size: 4KB

.qscqprE
Size: 2KB - Virtual size: 1KB

.data
Size: 8KB - Virtual size: 169KB

.rsrc
Size: 11KB - Virtual size: 11KB

.eZOH
Size: 2KB - Virtual size: 1KB

.avIBsnE
Size: 2KB - Virtual size: 1KB

.OasEtfj
Size: 4KB - Virtual size: 4KB

.tCzPtfj
Size: 1024B - Virtual size: 949B