a4d3fda604fdafd7c1b06119e87bdc161a288c98843de25d9965dfe92dd3a03f

Sharing

Copy URL Twitter E-mail

General

Target

a4d3fda604fdafd7c1b06119e87bdc161a288c98843de25d9965dfe92dd3a03f
Size

283KB
MD5

28db05cbfd05da161a89b32c126bc77d
SHA1

aa860927e35ac3a1e929391461b25f3e7f9ade4f
SHA256

a4d3fda604fdafd7c1b06119e87bdc161a288c98843de25d9965dfe92dd3a03f
SHA512

eb81ba5afced6a30f3d214f851ccfdbffe1d8c9b7f0266ae79f50831ceb3c5654005d2ff1820641a6c96225f926ff3b6adf2f3d6686cbdae05d745e24e7a8484
SSDEEP

6144:JmT90zPpd79IiWpolDHZzwyE60efjbkQuGx/TYt1syF+pTwXGM0zigf:kT90zPGiWMDH1AefjbkQuGx/TYt1syF8

Score

N/A

Malware Config

Signatures

Files

a4d3fda604fdafd7c1b06119e87bdc161a288c98843de25d9965dfe92dd3a03f
.exe windows x86

0dfbd75578ecd8f4f6be12ac13e7f12b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHGetSpecialFolderPathA
SHGetFileInfoA

kernel32

FreeLibrary
LoadLibraryA
CloseHandle
ResetEvent
SetEvent
lstrcmpA
GetVersionExA
GetModuleFileNameA
WriteProcessMemory
GetLocalTime
HeapFree
LocalFree
LocalSize
GlobalFree
GlobalUnlock
GetLastError
RaiseException
InterlockedExchange
LocalAlloc
GetStartupInfoA
GetModuleHandleA
GetProcAddress

user32

OpenWindowStationA
SetProcessWindowStation
TranslateMessage
DispatchMessageA
IsWindowVisible
GetWindowThreadProcessId
ExitWindowsEx
GetCursorPos
SetRect
GetDC
SystemParametersInfoA
SendMessageA
LoadCursorA
GetProcessWindowStation
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
SetCursorPos
WindowFromPoint
MapVirtualKeyA
keybd_event
GetAsyncKeyState
GetForegroundWindow
EnumWindows
GetWindowTextA
CharNextA
MessageBoxA
GetClipboardData

advapi32

RegSetKeySecurity
GetTokenInformation
LookupAccountSidA
RegSaveKeyA
RegRestoreKeyA
RegQueryInfoKeyA
RegSetValueExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyExA
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAccessAllowedAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
FreeSid
OpenEventLogA
ClearEventLogA
CloseEventLog
OpenServiceA
QueryServiceStatus
ControlService
OpenProcessToken
LookupPrivilegeValueA
RegQueryValueA
LsaFreeMemory
LsaOpenPolicy
LsaRetrievePrivateData
LsaClose
IsValidSid

msvcrt

__p__commode
_controlfp
__set_app_type
rename
strncat
_beginthreadex
atoi
_strnset
_snprintf
_CxxThrowException
calloc
??1type_info@@UAE@XZ
__p__fmode
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
_strnicmp
_strupr
_exit
??3@YAXPAX@Z
memcpy
memmove
_ftol
__CxxFrameHandler
strcpy
strlen
memset
??2@YAPAXI@Z
memcmp
malloc
free
_except_handler3
strrchr
strcmp

Sections

.text
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0dfbd75578ecd8f4f6be12ac13e7f12b

Headers

File Characteristics

Imports

shell32

kernel32

user32

advapi32

msvcrt

Sections

.text Size: 90KB - Virtual size: 90KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 21KB - Virtual size: 24KB

.rsrc Size: 160KB - Virtual size: 159KB

.text
Size: 90KB - Virtual size: 90KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 21KB - Virtual size: 24KB

.rsrc
Size: 160KB - Virtual size: 159KB