671563582f5557a2b64a9213b7a7a4ac14968b77f488ac4c33a38306e9478ebf

Sharing

Copy URL Twitter E-mail

General

Target

671563582f5557a2b64a9213b7a7a4ac14968b77f488ac4c33a38306e9478ebf
Size

700KB
MD5

5c36895e7428214f7cd9e4f5305c62e8
SHA1

75ce15c3ccb86715f2832cb5bdeb3297fb263310
SHA256

671563582f5557a2b64a9213b7a7a4ac14968b77f488ac4c33a38306e9478ebf
SHA512

717d9198c0618407a6cf252e68125342ee7e0d001127306bad6d4768ef953ac808bbcf3f21f3373efd99cd03520fd9eb8a910f80c50260e4d4a1b3dec56c0f99
SSDEEP

12288:DoGo/p9sKoUeqsOxdyFJnVm+SYqDdnEc+hlGrEH+g618051wL:MpPoUeqp4JnV/SYq5nE

Score

N/A

Malware Config

Signatures

Files

671563582f5557a2b64a9213b7a7a4ac14968b77f488ac4c33a38306e9478ebf
.exe windows x86

582d830c530cd982039f83634f569b90

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

GetSecurityDescriptorControl
RegSetValueExA
RegDeleteValueA
AllocateAndInitializeSid
RegDeleteValueW
RegOpenKeyW
RegQueryInfoKeyA
LockServiceDatabase
RegFlushKey
RegCreateKeyW
RegQueryInfoKeyW
RegEnumKeyExW
ChangeServiceConfig2A
RegSetValueExW
GetTokenInformation
RegQueryValueExW
UnlockServiceDatabase
RegCreateKeyExW
RegDeleteKeyW
CloseServiceHandle
RegQueryValueW
EqualSid
RegEnumKeyExA

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeW
GetFileVersionInfoSizeA
VerQueryValueW

comctl32

ImageList_Destroy
ord6
ord17
CreateToolbarEx
ImageList_AddMasked
CreatePropertySheetPageW
ImageList_ReplaceIcon
ImageList_Draw
PropertySheetA
ImageList_Create
CreatePropertySheetPageA
DestroyPropertySheetPage

kernel32

MultiByteToWideChar
GetCPInfo
GetOEMCP
IsBadWritePtr
GetProcAddress
RtlUnwind
VirtualAlloc
DeleteCriticalSection
HeapAlloc
GlobalLock
LocalFree
WriteConsoleW
InterlockedCompareExchange
IsBadStringPtrW
GetVersion
WideCharToMultiByte
InterlockedIncrement
SetErrorMode
lstrcmpiW
UnmapViewOfFile
ReadFile
ReleaseMutex
IsValidCodePage
SetStdHandle
ResumeThread
Sleep
CreateEventW
lstrcatA
GetProcessHeap
GetACP
SearchPathA
CreateFileMappingA
LoadResource
ExitThread
SetEvent
InterlockedDecrement
CopyFileW
GetCurrentProcessId
SizeofResource
GetTempPathA
LoadLibraryA
RaiseException
LeaveCriticalSection
CreateProcessW
HeapFree
VirtualQuery
CloseHandle
GetModuleFileNameW
CreateThread
GetLocalTime
GlobalHandle
GetSystemInfo
GetLastError
GetStartupInfoW
HeapDestroy
GetTempPathW
GlobalAlloc
lstrcmpiA
SetCurrentDirectoryW
FindResourceExW
CreateEventA
SetThreadPriority
CopyFileA
LocalAlloc
WriteFile
GetConsoleMode
GetCurrentThread
CreateFileW
HeapReAlloc
GetCurrentThreadId
SystemTimeToFileTime
GetThreadTimes
GlobalUnlock
LCMapStringW
ResetEvent
GetStringTypeW
VirtualFree
LoadLibraryExW
LoadLibraryW
GetStringTypeA
GetStartupInfoA
InterlockedExchange
WriteConsoleA
CreateFileMappingW
EnumSystemLocalesA
CompareStringW
GetShortPathNameA
FindResourceA
SetFilePointer
CompareStringA
GlobalFree
HeapCreate
LCMapStringA
GetStdHandle
IsValidLocale
GetTimeFormatA
MapViewOfFile
CreateMutexA
GetLocaleInfoA
ExitProcess
SetLastError
GetSystemTime
GetModuleHandleA
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetFileType

Sections

.text
Size: 88KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 600KB - Virtual size: 600KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

582d830c530cd982039f83634f569b90

Headers

File Characteristics

Imports

advapi32

version

comctl32

kernel32

Sections

.text Size: 88KB - Virtual size: 86KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 600KB - Virtual size: 600KB

.text
Size: 88KB - Virtual size: 86KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 600KB - Virtual size: 600KB