64e4c6f8baaa05b4f1a9b6606e1afc0ebcaf01bc8e9aace4df58910a4b2cfe41

Sharing

Copy URL Twitter E-mail

General

Target

64e4c6f8baaa05b4f1a9b6606e1afc0ebcaf01bc8e9aace4df58910a4b2cfe41
Size

132KB
MD5

cb37fb0af025c5b15405939467d3629f
SHA1

63c37c6da6a5879b56d31df28a542f17876a7fcf
SHA256

64e4c6f8baaa05b4f1a9b6606e1afc0ebcaf01bc8e9aace4df58910a4b2cfe41
SHA512

6fb9ba43a4653ead5d97e90fddbc87660ff3e4cb26137dee1a63daa115cc4ade184ba1a4501db0bb266860347c0b21694b3479e4b200be0a42b2d941ce2a486e
SSDEEP

3072:xMZA4XoGJ42k62s8lrEw1s2Y9bM7KvsJD2z:sTXo04GEhH1MI7rk

Score

N/A

Malware Config

Signatures

Files

64e4c6f8baaa05b4f1a9b6606e1afc0ebcaf01bc8e9aace4df58910a4b2cfe41
.exe windows x86

df9f2b5e8d5e3e5964047e67290c1410

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpyW
GetCurrentThread
HeapAlloc
GetSystemInfo
GetProfileSectionA
PulseEvent
GetProfileStringA
SetConsoleCtrlHandler
GetPriorityClass
GetLocaleInfoA
GetGeoInfoA
LZOpenFileW
FatalAppExitA
GetOEMCP
LoadLibraryW
GetConsoleCommandHistoryA
WriteProfileSectionA
RegisterWowExec
FatalExit
GetModuleHandleW
SetNamedPipeHandleState
DisconnectNamedPipe

msvcrt

exit
putwc
_mbctohira
_stat
_ismbcl2
_makepath
_ecvt
_futime64
_fileno
__p__commode
_mktemp
_wcsset
__set_app_type
_filelengthi64
_strtime
_adj_fdivr_m32i
_stricoll
__getmainargs
_splitpath
_lfind
_wchdir
_adj_fdiv_m32
_swab
isalnum
_CIatan
__RTDynamicCast
___setlc_active_func

shlwapi

DllGetVersion
SHRegOpenUSKeyA
UrlGetPartA
PathRemoveBackslashW
PathBuildRootW
GetMenuPosFromID
PathMakePrettyA
UrlIsOpaqueA
PathAppendA
SHSetValueW
UrlIsA
SHGetValueW

esent

JetAttachDatabase
JetMakeKey@20
JetOpenFile
JetAttachDatabase2
JetCompact
JetGetTableIndexInfo
JetOpenDatabase
JetPrepareToCommitTransaction
JetReadFileInstance
JetBackup
JetEndExternalBackup
JetTruncateLogInstance
JetBeginTransaction@4
JetSetLS
JetBeginTransaction2
JetSeek
JetGetLS
JetEnumerateColumns
JetCloseFileInstance
JetInit
JetSetTableSequential
JetOSSnapshotFreeze

wshrm

WSHSetSocketInformation
WSHJoinLeaf
WSHEnumProtocols
WSHGetSockaddrType
WSHGetProviderGuid
WSHOpenSocket
WSHGetWildcardSockaddr
WSHNotify
WSHGetWSAProtocolInfo
WSHAddressToString
WSHGetWinsockMapping
WSHStringToAddress
WSHIoctl
WSHGetBroadcastSockaddr
WSHGetSocketInformation
WSHOpenSocket2

resutils

ResUtilSetBinaryValue
ResUtilSetResourceServiceEnvironment
ResUtilIsPathValid
ResUtilFindDwordProperty
ClusWorkerCreate
ResUtilEnumProperties
ResUtilVerifyPrivatePropertyList
ResUtilGetResourceDependencyByClass
ResUtilStopService
ResUtilFreeEnvironment
ResUtilFreeParameterBlock
ResUtilGetDwordValue
ResUtilPropertyListFromParameterBlock
ResUtilSetSzValue

user32

DefWindowProcW
RegisterClassW
PostQuitMessage

Sections

.text
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

df9f2b5e8d5e3e5964047e67290c1410

Headers

File Characteristics

Imports

kernel32

msvcrt

shlwapi

esent

wshrm

resutils

user32

Sections

.text Size: 74KB - Virtual size: 74KB

.rdata Size: 46KB - Virtual size: 46KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 5KB - Virtual size: 5KB

.text
Size: 74KB - Virtual size: 74KB

.rdata
Size: 46KB - Virtual size: 46KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 5KB - Virtual size: 5KB