b5fa5cdd7ae6c0603ba4b38e9ee1938b290be2a0c8f18dcdf4fca4923b52a6cd

Sharing

Copy URL Twitter E-mail

General

Target

b5fa5cdd7ae6c0603ba4b38e9ee1938b290be2a0c8f18dcdf4fca4923b52a6cd
Size

958KB
MD5

5aac10225a356c008e52ceae328fc5b0
SHA1

8c8e6909c345e3e48539e6bcfb18ba2b2608699d
SHA256

b5fa5cdd7ae6c0603ba4b38e9ee1938b290be2a0c8f18dcdf4fca4923b52a6cd
SHA512

42288772198c7f2ea3840d19c1317fd3d4147e7269c95d89e4252655bb2c239904309f956ef2abdde398e9381fa3949b6c3fa7333f8f01bdee17b82c8a9dc127
SSDEEP

24576:IRFbPNATCYq+gU03zDeore1frB0NnDdlbBiX:IRFblAGYd2361WDTb0X

Score

N/A

Malware Config

Signatures

Files

b5fa5cdd7ae6c0603ba4b38e9ee1938b290be2a0c8f18dcdf4fca4923b52a6cd
.exe windows x86

81935bcd5a39fe5be580aae054f788a4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

VirtualAlloc
OpenMutexW
GetTempPathW
DefineDosDeviceW
FindNextChangeNotification
GetShortPathNameA
GetDefaultCommConfigA
WritePrivateProfileStructW
UnlockFileEx
ReadDirectoryChangesW
ConvertDefaultLocale
GetConsoleAliasA
WaitNamedPipeW
EnumResourceNamesW
lstrcpyA
GetDriveTypeA
GetDiskFreeSpaceW
ChangeTimerQueueTimer
IsBadStringPtrW
FindFirstVolumeW
LocalCompact

oleaut32

SysAllocStringByteLen
SafeArrayPtrOfIndex
VariantClear
VariantInit
SafeArrayGetLBound
VariantChangeType
SafeArrayGetUBound
GetErrorInfo
SysAllocStringLen
SysStringLen
SysReAllocStringLen
SafeArrayCreate

advapi32

RegQueryMultipleValuesA
RegOpenKeyW
RegSetValueExA
WmiOpenBlock
CryptEncrypt
RegSetKeySecurity
CryptDeriveKey
IsValidSid
SetFileSecurityW
RegQueryValueExA
InitializeSecurityDescriptor

netapi32

NetLocalGroupSetInfo
NetLocalGroupGetInfo
NetLocalGroupGetMembers
NetUseAdd
NetDfsSetClientInfo
NetUnjoinDomain
DsRoleFreeMemory
NetUseEnum
NetGetDCName
NetShareSetInfo
NetUseDel
NetLocalGroupAddMembers
NetGroupDelUser
NetFileGetInfo
NetLocalGroupEnum
NetShareDelSticky

shlwapi

PathRenameExtensionA
SHRegWriteUSValueW
AssocCreate
SHQueryValueExW
PathGetArgsA
SHRegOpenUSKeyA
PathRemoveFileSpecA
StrDupW

Sections

.text
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sFIc
Size: 251KB - Virtual size: 460KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.Ci
Size: 107KB - Virtual size: 326KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.znYv
Size: 355KB - Virtual size: 404KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 121KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

81935bcd5a39fe5be580aae054f788a4

Headers

File Characteristics

Imports

kernel32

oleaut32

advapi32

netapi32

shlwapi

Sections

.text Size: 120KB - Virtual size: 120KB

.sFIc Size: 251KB - Virtual size: 460KB

.Ci Size: 107KB - Virtual size: 326KB

.znYv Size: 355KB - Virtual size: 404KB

.rsrc Size: 121KB - Virtual size: 120KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 120KB - Virtual size: 120KB

.sFIc
Size: 251KB - Virtual size: 460KB

.Ci
Size: 107KB - Virtual size: 326KB

.znYv
Size: 355KB - Virtual size: 404KB

.rsrc
Size: 121KB - Virtual size: 120KB

.reloc
Size: 1KB - Virtual size: 1KB