613b079ff123d400c9c23e5fdd8803bbd9fa5f36ef6a2bf383006b084e09960f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

613b079ff123d400c9c23e5fdd8803bbd9fa5f36ef6a2bf383006b084e09960f
Size

816KB
MD5

b165f4c839519c07b14e59ed1bffda15
SHA1

26ded68ffe8632424256ac7efd7805243774f2b3
SHA256

613b079ff123d400c9c23e5fdd8803bbd9fa5f36ef6a2bf383006b084e09960f
SHA512

20be9bf394ff8e3177ec4240b7d62774f82148964b3ba746538c746fc49236b18d457fddbb76444f1f468eda6f7027b0ed5e27a1da964fc00621ecba734796be
SSDEEP

12288:Ehd3J1NTf1v0ixBWtG1RSVwf1lVP1T9/F9B7fonmQrcq2vzfmUrJoq+yRcnwcLB9:Ehaid1RSVaJTxNeZ2vfoqLCn/Bi4

Score

N/A

Malware Config

Signatures

Files

613b079ff123d400c9c23e5fdd8803bbd9fa5f36ef6a2bf383006b084e09960f
.exe windows x86

ea23975da239fa69ad2a93c64ff5d143

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLocaleInfoW
GetModuleHandleA
lstrcpynA
FormatMessageA
CreateEventA
FindNextVolumeW
lstrcpynA
DeleteFileW
TlsGetValue
GetModuleFileNameW
TlsAlloc
GetFullPathNameA
lstrcpynA
GetCurrentProcess
VirtualAlloc
GetNumberFormatA
lstrlenA
lstrcpynA
SetCurrentDirectoryA
GetStartupInfoW
lstrcpynA
TlsAlloc
GetPrivateProfileIntA

vssapi

IsVolumeSnapshotted
??0CVssWriter@@QAE@XZ
??1CVssWriter@@UAE@XZ
VssFreeSnapshotProperties

Sections

.text
Size: 11KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 797KB - Virtual size: 2.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ