aef9a06f43b8b9edb3ff3be008a6d55104014194891ecc2b8c65c8e037275e25

Sharing

Copy URL

Twitter E-mail

General

Target

aef9a06f43b8b9edb3ff3be008a6d55104014194891ecc2b8c65c8e037275e25
Size

293KB
MD5

1c827b23f806d56d6d50b214b249a3be
SHA1

a04087fc07fe2398e9fdb5c4473d3c8fd9e0a567
SHA256

aef9a06f43b8b9edb3ff3be008a6d55104014194891ecc2b8c65c8e037275e25
SHA512

1dd34c8203c1c8d3acdde0e36ccea78b8b8cf2948d30a705d55db7eae208166e63741dd9e55dde0ef3c08be230d04046dd27dffdcd6cc49101bcc4e6dddbad9c
SSDEEP

6144:gNwYOYeJpZ15X/wVaTM86j0XaFGLcNYvE26SMM6glM9cOeWbOmEx:cOYeJ/cETYj0XasINjhKMnJ

Score

N/A

Malware Config

Signatures

Files

aef9a06f43b8b9edb3ff3be008a6d55104014194891ecc2b8c65c8e037275e25
.exe windows x86

8841a306ef53b5d87d6da058a9cab09c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

UnhandledExceptionFilter
HeapFree
SetThreadLocale
GetSystemTimeAsFileTime
LockResource
GetACP
GetThreadLocale
FormatMessageW
HeapDestroy
lstrlenW
FindResourceExW
RaiseException
GetProcessHeap
SetUnhandledExceptionFilter
HeapSize
IsDebuggerPresent
HeapReAlloc
DeleteCriticalSection
FindResourceW
EnterCriticalSection
CloseHandle
LoadResource
SizeofResource
GetCurrentThreadId
LeaveCriticalSection
HeapAlloc
HeapCreate
VirtualAllocEx

ole32

CoImpersonateClient
CoCreateInstance
CoRevertToSelf

oleaut32

SafeArrayGetVartype
SafeArrayRedim
VarBstrCat
VariantCopy
SafeArrayCreate
SysAllocStringLen
SafeArrayUnlock
SafeArrayDestroy
SysFreeString
SysStringByteLen
SysAllocStringByteLen
SafeArrayGetLBound
VariantInit
VariantCopyInd
SysStringLen
LoadRegTypeLi
SafeArrayLock
SafeArrayGetUBound
LoadTypeLi
SafeArrayCopy
VariantClear
SysAllocString
VarBstrCmp

advapi32

LookupAccountSidW
CopySid
GetLengthSid
GetTokenInformation
EqualSid
ConvertStringSidToSidW
OpenProcessToken
IsValidSid
OpenThreadToken

user32

UnregisterClassA
wsprintfW

userenv

UnloadUserProfile

rtm

RtmCloseEnumerationHandle
RtmEnumerateGetNextRoute
CheckTable
MgmDeInitialize
RtmInsertInRouteList
RtmReleaseEntities
MgmDeRegisterMProtocol
RtmAddRouteToDest
RtmRegisterClient
RtmLockRoute
RtmDeleteRouteToDest
RtmDeleteNextHop

fontext

DllCanUnloadNow

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 261KB - Virtual size: 650KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8841a306ef53b5d87d6da058a9cab09c

Headers

File Characteristics

Imports

kernel32

ole32

oleaut32

advapi32

user32

userenv

rtm

fontext

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 261KB - Virtual size: 650KB

.rsrc Size: 4KB - Virtual size: 10KB

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 261KB - Virtual size: 650KB

.rsrc
Size: 4KB - Virtual size: 10KB