654a9a16f3e9b1f0cd59bd0f5f29c4fa970a026b5fd7505c124a3b35baca3cbb

Sharing

Copy URL Twitter E-mail

General

Target

654a9a16f3e9b1f0cd59bd0f5f29c4fa970a026b5fd7505c124a3b35baca3cbb
Size

580KB
MD5

a8d2159305cf9e5a7608d403b7687f90
SHA1

18db3cce5f221441c4574d8a6c207144ba8f9e29
SHA256

654a9a16f3e9b1f0cd59bd0f5f29c4fa970a026b5fd7505c124a3b35baca3cbb
SHA512

7a4278d4d04bcde10199a8b7fd9c06eebcc3067bf45dea3da312f6f7d30388c9cffcd16251f5c5b7d5a95914c7f7db5b1b248394e1046e9d32b15c9e47edd5a6
SSDEEP

12288:TE+wiu+yjL0b6b6qMcKgLucz6+pN4G/fXq3yfjnkN3Fu2ZG:Hlu+a+YxMcKIztXf6ifjnkV3

Score

N/A

Malware Config

Signatures

Files

654a9a16f3e9b1f0cd59bd0f5f29c4fa970a026b5fd7505c124a3b35baca3cbb
.dll windows x86

48e65bf3055d9e49d8c00f45057795d1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcmpiW
InitializeCriticalSection
VirtualAlloc
LeaveCriticalSection
InterlockedDecrement
RaiseException
GetModuleFileNameW
GetTickCount
CreateMutexW
GetSystemTimeAsFileTime
InterlockedIncrement
LocalFree
lstrlenW
FreeLibrary
EnterCriticalSection
Sleep
GetVersionExA
InterlockedCompareExchange
GetDateFormatA
QueryPerformanceCounter
GetLastError
LocalAlloc
GetThreadLocale
TerminateProcess
WideCharToMultiByte
CloseHandle
GlobalFree
GetCurrentProcessId
GetCurrentThreadId
GetModuleHandleW
LoadResource
GlobalAlloc
CreateEventW
InterlockedExchange
UnhandledExceptionFilter
WaitForSingleObject
SetUnhandledExceptionFilter
GetModuleHandleA
SetEvent
ReadFile
DeviceIoControl
CreateFileW
MultiByteToWideChar
DeleteCriticalSection

oleaut32

SysFreeString
VarUI4FromStr
UnRegisterTypeLi
SysStringLen
LoadTypeLi
RegisterTypeLi
SysAllocString

advapi32

RegQueryValueExW
RegOpenUserClassesRoot
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryInfoKeyW
RegCreateKeyExW
RegCloseKey
CryptGetKeyParam

shell32

ShellExecuteW

ole32

CoTaskMemAlloc
CoUninitialize
CoTaskMemRealloc
CoInitializeEx
CoCreateInstance
CoInitialize

Exports

Exports

GetDesc
RestoreThread
build_grayscale_palette
free_default
get_user_chunk_ptr
read_rows
vSetTargetWPath

Sections

.text
Size: 196KB - Virtual size: 195KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 140KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

48e65bf3055d9e49d8c00f45057795d1

Headers

File Characteristics

Imports

kernel32

oleaut32

advapi32

shell32

ole32

Exports

Exports

Sections

.text Size: 196KB - Virtual size: 195KB

.rdata Size: 72KB - Virtual size: 71KB

.data Size: 140KB - Virtual size: 140KB

.rsrc Size: 156KB - Virtual size: 155KB

.reloc Size: 12KB - Virtual size: 8KB

.text
Size: 196KB - Virtual size: 195KB

.rdata
Size: 72KB - Virtual size: 71KB

.data
Size: 140KB - Virtual size: 140KB

.rsrc
Size: 156KB - Virtual size: 155KB

.reloc
Size: 12KB - Virtual size: 8KB