810772ad596eb90a7cb83c7e7db1fab67916bfa496fc022018f8628388a4084e

Sharing

Copy URL Twitter E-mail

General

Target

810772ad596eb90a7cb83c7e7db1fab67916bfa496fc022018f8628388a4084e
Size

56KB
MD5

2ef55d32fa2bc3ffca433801868c1752
SHA1

186714cc8d6950c510b4b31d1238adfc1140ab0c
SHA256

810772ad596eb90a7cb83c7e7db1fab67916bfa496fc022018f8628388a4084e
SHA512

6ebedf254d06dfbd69ceda8dca32e53d4a8203bfff4ac03bc0ca970079a33da8a4438a66f8410d39b5a982b72cf18b03a8537998d8e0920b8747535167b99999
SSDEEP

768:sPkLnaKjWP588GCKCQqoWBfs3P15qNmKSv9l457UA/6KaIrgG:jnfMoqfkwgKSVKj

Score

N/A

Malware Config

Signatures

Files

810772ad596eb90a7cb83c7e7db1fab67916bfa496fc022018f8628388a4084e
.dll windows x86

cfdfbcc430250b3a483b267585e309f7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

ZwQueryInformationToken
ZwOpenProcess
ZwClose
ZwOpenProcessToken
memcmp
memset
memcpy
RtlUnwind
NtQueryVirtualMemory

shlwapi

StrStrA
StrCmpNA
StrToIntA
StrChrA
StrStrIW
StrRChrA
StrStrIA
StrToIntExA

kernel32

CreateProcessA
GetLastError
GetModuleHandleA
CloseHandle
LocalFree
ResumeThread
CreateThread
SetEvent
HeapDestroy
HeapCreate
lstrlenA
HeapAlloc
SetWaitableTimer
HeapFree
CreateEventA
LeaveCriticalSection
lstrcatA
FindFirstFileA
lstrcmpiA
RemoveDirectoryA
EnterCriticalSection
LocalAlloc
WaitForMultipleObjects
FindNextFileA
CreateMutexA
ReleaseMutex
Sleep
DeleteFileA
lstrcpyA
InitializeCriticalSection
lstrcpynA
LoadLibraryExW
SetLastError
CreateFileA
GlobalLock
WriteFile
lstrlenW
GlobalUnlock
lstrcpyW
lstrcmpW
GetCurrentProcess
WaitForSingleObject
GetTickCount
Process32First
GetProcAddress
ResetEvent
Process32Next
CreateToolhelp32Snapshot
GetCurrentProcessId
GetTempPathA
FreeLibrary
InterlockedExchange
LoadLibraryA
RaiseException
CreateProcessW
GetVersion
CreateRemoteThread
OpenProcess
VirtualAllocEx
GetModuleFileNameA
WriteProcessMemory
VirtualProtect
SwitchToThread
TerminateThread
CreateWaitableTimerA
HeapReAlloc

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorA
LookupPrivilegeValueA
RegDeleteKeyA
OpenProcessToken
RegEnumValueA
RegCloseKey
RegOpenKeyA
RegNotifyChangeKeyValue
RegCreateKeyA
RegQueryValueExA
RegSetValueExA
CreateProcessAsUserW
CreateProcessAsUserA
AdjustTokenPrivileges
RegDeleteValueA

psapi

GetModuleFileNameExA
EnumProcessModules

Exports

Exports

CreateProcessNotify
DllEntryPoint

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cfdfbcc430250b3a483b267585e309f7

Headers

File Characteristics

Imports

ntdll

shlwapi

kernel32

advapi32

psapi

Exports

Exports

Sections

.text Size: 27KB - Virtual size: 27KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 27KB - Virtual size: 27KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 3KB