87f352a13b6960b50577024eb196c43bdf92f9572e46403c82236739e248af48

Sharing

Copy URL

Twitter E-mail

General

Target

87f352a13b6960b50577024eb196c43bdf92f9572e46403c82236739e248af48
Size

144KB
MD5

547b4d2cb92eb8e01c0c0f48bbe6a062
SHA1

813e72a671f503958908b09118b66f32c942378f
SHA256

87f352a13b6960b50577024eb196c43bdf92f9572e46403c82236739e248af48
SHA512

b861c238ef19b42ab2c683f32fcb9bd241d8d7253267fb8b16a98391e8122fc3482d7f6d72da45353c5bedb80d75ecd582c697b9373c15debd5e8fcd7f52d4ec
SSDEEP

3072:nG4jp/J2LnuXVOVvW0IblWhDS0mOZ559tJmf8tEH9hU8vBS/YUrOz6ZY:G4jp/J2LK+ySeKGOEH9a823DY

Score

N/A

Malware Config

Signatures

Files

87f352a13b6960b50577024eb196c43bdf92f9572e46403c82236739e248af48
.exe windows x86

0b11bfb6b75a3d52e0edc859e1e8a624

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

strncpy
fopen
_vsnprintf
exit
tolower
_initterm
_cexit
_acmdln
_stricmp
_XcptFilter
_strnicmp
fputs
time
_controlfp
strchr
fclose
_c_exit
ctime
__set_app_type
_exit
__setusermatherr
__getmainargs

advapi32

InitializeSecurityDescriptor
StartServiceCtrlDispatcherA
ObjectCloseAuditAlarmW
RegQueryValueA
SetSecurityDescriptorDacl
CreatePrivateObjectSecurity
IsValidSecurityDescriptor
RegDeleteKeyW
RegOpenKeyExA
AddAccessDeniedAce
RegOpenKeyA
FreeSid
AllocateAndInitializeSid
RegQueryValueExW
SetSecurityDescriptorOwner
RegQueryValueExA
RegisterServiceCtrlHandlerA
GetSecurityDescriptorLength
RegisterEventSourceA
GetPrivateObjectSecurity
OpenThreadToken
GetAce
RegCloseKey
RevertToSelf
RegCreateKeyExA
MakeSelfRelativeSD
GetSidLengthRequired
AccessCheckAndAuditAlarmW
SetSecurityDescriptorGroup
RegSetValueExW
SetPrivateObjectSecurity
InitializeSid
DeregisterEventSource
ObjectCloseAuditAlarmA
AddAccessAllowedAce
RegCreateKeyExW
RegEnumKeyExW
RegDeleteValueA
ReportEventW
InitializeAcl
ReportEventA
RegOpenKeyExW
GetSidSubAuthority
RegSetValueExA
GetLengthSid
ObjectDeleteAuditAlarmW
OpenProcessToken
SetServiceStatus
RegisterEventSourceW
GetTokenInformation
LookupAccountSidA
AccessCheckAndAuditAlarmA
DestroyPrivateObjectSecurity

kernel32

GetMailslotInfo
MultiByteToWideChar
GlobalFlags
_lopen
GetCurrentProcessId
EnterCriticalSection
GetCurrentProcess
SetProcessShutdownParameters
GlobalFree
LocalLock
FreeResource
GetThreadTimes
TlsSetValue
GetConsoleFontSize
LocalAlloc
CreateJobObjectW
ReadFile
OpenMutexA
SetConsoleCursorInfo
_hread
AllocConsole
GlobalCompact
LZCopy
lstrcmpiA
WriteFileGather
ResumeThread
SetConsoleCtrlHandler
TerminateProcess
IsBadStringPtrA
UnhandledExceptionFilter
GetFirmwareEnvironmentVariableA
LCMapStringA
CreateEventA
GlobalAddAtomW
GlobalGetAtomNameA
GetDefaultCommConfigW
GlobalUnfix
GlobalAddAtomA
GlobalAlloc
CreateDirectoryExA
GetBinaryTypeW
IsBadReadPtr
TlsAlloc
lstrcpynA
GetConsoleScreenBufferInfo
GetStartupInfoA
InterlockedDecrement
WaitForMultipleObjects
FindFirstVolumeW
ReadProcessMemory
GetLastError
ReadConsoleOutputA
GetNumaHighestNodeNumber
SetConsoleScreenBufferSize
GetCurrentActCtx
GlobalReAlloc
VirtualAllocEx
TransactNamedPipe
RtlUnwind
QueryPerformanceCounter
IsBadWritePtr
GetTimeFormatA
SuspendThread
ConsoleMenuControl
InterlockedIncrement
WideCharToMultiByte
OpenEventA
HeapCreate
HeapSummary
SizeofResource
LocalFree
ResumeThread
GlobalUnlock
ExpandEnvironmentStringsA
GetComputerNameA
WaitForSingleObject
GlobalSize
FreeLibrary
lstrcmpiW
MultiByteToWideChar
DisconnectNamedPipe
GetTickCount
GetConsoleCommandHistoryLengthW
CreateNamedPipeW
GetVolumeNameForVolumeMountPointW
InterlockedExchange
GetDiskFreeSpaceA
BuildCommDCBA
lstrcpyA
SetUnhandledExceptionFilter
QueryActCtxW
LocalFree
GetProcessTimes
GetComPlusPackageInstallStatus
SetEvent
GetCurrentThread
WriteConsoleW
lstrlenA
GetSystemTimeAsFileTime
CloseHandle
ConnectNamedPipe
GlobalHandle
GlobalDeleteAtom
SetDefaultCommConfigW
OutputDebugStringA
GetModuleHandleA
LocalShrink
LocalUnlock
WritePrivateProfileStringA
GetVolumePathNameA
BeginUpdateResourceW
EnumSystemLanguageGroupsA
DeleteTimerQueueTimer
LeaveCriticalSection
ExitProcess
GlobalLock

gdi32

GetPaletteEntries
DeleteMetaFile
DeleteEnhMetaFile
GetStockObject
SetEnhMetaFileBits
GetMetaFileBitsEx
DeleteObject
CreateBitmapIndirect
GetBitmapBits
SetMetaFileBitsEx
GetObjectA
CreatePalette
GetEnhMetaFileBits

user32

DispatchMessageA
UpdateWindow
GetDesktopWindow
IsWindow
PostQuitMessage
ImpersonateDdeClientWindow
ReuseDDElParam
RegisterWindowMessageA
GetClassLongA
RegisterClipboardFormatA
RegisterClassA
LoadCursorA
CloseWindowStation
DdeGetQualityOfService
GetClipboardFormatNameA
SendMessageA
GetWindow
GetParent
SetThreadDesktop
GetMessageA
CloseDesktop
SetWindowLongA
UnpackDDElParam
CreateWindowExA
GetThreadDesktop
OemToCharBuffA
TranslateMessage
DefWindowProcA
DestroyWindow
SendMessageTimeoutA
GetWindowThreadProcessId
PackDDElParam
SetProcessWindowStation
MessageBoxA
OpenDesktopW
GetWindowLongA
FindWindowA
GetProcessWindowStation
DdeSetQualityOfService
OpenWindowStationW
CharUpperA
PostMessageA
FreeDDElParam

nddeapi

ord505

ntdll

NtSetInformationThread
memmove
RtlCopyString
wcscat
RtlValidRelativeSecurityDescriptor
RtlInitAnsiString
wcscspn
wcschr
_snprintf
wcslen
_vsnwprintf
atoi
RtlAnsiStringToUnicodeString
swprintf
RtlOpenCurrentUser
NtAllocateLocallyUniqueId
RtlInitUnicodeString
wcscpy

rpcrt4

RpcServerUseProtseqEpA
NdrServerCall2
RpcServerRegisterAuthInfoA
RpcServerRegisterIf
RpcImpersonateClient
RpcServerListen

secur32

LsaCallAuthenticationPackage
LsaRegisterLogonProcess
LsaLogonUser
LsaFreeReturnBuffer
LsaLookupAuthenticationPackage

msi

MsiIsProductElevatedA
MsiApplyPatchA
MsiConfigureFeatureW
MsiRecordSetStringW
MsiReinstallProductA
MsiGetLastErrorRecord
MsiPreviewBillboardA
MsiUseFeatureExW
MsiDeleteUserDataW
MsiOpenPackageW
MsiGetComponentStateA
MsiFormatRecordA
MsiViewExecute
MsiConfigureFeatureFromDescriptorW
MsiSetFeatureAttributesW
MsiSetTargetPathA
MsiUseFeatureW
MsiAdvertiseScriptW
MsiSetTargetPathW
MsiInstallProductA
MsiEnableUIPreview
MsiSetFeatureStateW
MsiGetProductInfoW
MsiQueryFeatureStateW

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.SOUCZm
Size: 2KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gN
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_MEM_READ

.JH
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0b11bfb6b75a3d52e0edc859e1e8a624

Headers

File Characteristics

Imports

msvcrt

advapi32

kernel32

gdi32

user32

nddeapi

ntdll

rpcrt4

secur32

msi

Sections

.text Size: 18KB - Virtual size: 18KB

.SOUCZm Size: 2KB - Virtual size: 26KB

.gN Size: 2KB - Virtual size: 3KB

.JH Size: 3KB - Virtual size: 3KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 7KB - Virtual size: 101KB

.rsrc Size: 100KB - Virtual size: 100KB

.text
Size: 18KB - Virtual size: 18KB

.SOUCZm
Size: 2KB - Virtual size: 26KB

.gN
Size: 2KB - Virtual size: 3KB

.JH
Size: 3KB - Virtual size: 3KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 7KB - Virtual size: 101KB

.rsrc
Size: 100KB - Virtual size: 100KB