89d4b91ef0eafab8862d7ccc22fcf0404176abaa15a6ee2646aeb411c6af1977

Sharing

Copy URL Twitter E-mail

General

Target

89d4b91ef0eafab8862d7ccc22fcf0404176abaa15a6ee2646aeb411c6af1977
Size

378KB
MD5

36f69f59f3988e4ccf2c422eb2bbe8b4
SHA1

1029ca360a04679c2a52535befdbe3e45dcb61da
SHA256

89d4b91ef0eafab8862d7ccc22fcf0404176abaa15a6ee2646aeb411c6af1977
SHA512

9d5c617032ea29204001dc1a77f72ae2911a439b5c9e50fab19137bc86e28ca4681c1897d3f1de9a258eafdc5d9523a2edcd4e069ea07ab830ad9f854e8f9de7
SSDEEP

6144:jWtqY3xo10btJQMqSSrM3GHPdHvMUKE8mm/Iq+0ETPqIWSwP8gwoqjEErQhwT:gqY3C1eXQLNrM3GH1Pdoo0ETPFWSwP8P

Score

N/A

Malware Config

Signatures

Files

89d4b91ef0eafab8862d7ccc22fcf0404176abaa15a6ee2646aeb411c6af1977
.exe windows x86

fd87edd39d592e4da3cc15ae61c84554

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

wcsstr
_adjust_fdiv
wcscat
wcschr
_wtol
memmove
mktime
wcsncpy
malloc
_initterm
memcpy
free
_wcsicmp
_except_handler3
time
memset
_errno
mbstowcs
wcscmp
wcscpy
wcslen

ntdll

NtDeleteKey
NtGetDevicePowerState
NtQueryIoCompletion
NtQueryObject
NtFlushBuffersFile
NtQueryMultipleValueKey
RtlLengthSid

kernel32

SetEvent
DeleteCriticalSection
IsDebuggerPresent
GetModuleHandleA
QueryPerformanceCounter
GlobalFree
SetFileAttributesA
LoadLibraryA
GetStdHandle
GetCurrentThreadId
FindFirstFileA
CreateEventA
lstrlenA
GetCurrentProcessId
CreateFileA
OpenSemaphoreA
InterlockedExchange
TlsGetValue
GetSystemTimeAsFileTime
GlobalAlloc
TerminateProcess
CreateMutexW
FindResourceW
GetCurrentProcess
GetSystemDefaultUILanguage
GetAtomNameA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetEnvironmentStringsA
SetFilePointer
DisableThreadLibraryCalls
WaitForSingleObject
CloseHandle
InterlockedDecrement
ResetEvent
WaitForMultipleObjects
GetModuleFileNameA
CreateSemaphoreW
HeapDestroy
GetConsoleCP
OpenMutexW
HeapFree
CreateEventW
InitializeCriticalSection
FindResourceExW
GetCommandLineW
CreateMutexA
GetModuleHandleW
LoadLibraryW
GetProcAddress
GetSystemDefaultLCID
FindAtomA
FreeLibrary
lstrlenW
CreateSemaphoreA
GetLastError
LocalAlloc
OpenEventA
LCMapStringW
TlsSetValue
GetComputerNameW
GetSystemDefaultLangID
WideCharToMultiByte
GetLogicalDrives
LoadLibraryExA
InterlockedIncrement
GetStartupInfoA
GlobalMemoryStatusEx
MultiByteToWideChar
Sleep
CreateThread
TlsFree
GetCurrentDirectoryA
LocalFree
EnterCriticalSection
FormatMessageW
LeaveCriticalSection
PulseEvent
AddAtomA
ReadFile
HeapAlloc
GetUserDefaultLCID
GetProcessHeap
GetOEMCP
DeviceIoControl
GetComputerNameExW
SetLastError
FindClose
DeleteFileA
FindNextFileA
TlsAlloc
CreateFileW

rpcrt4

RpcServerInqDefaultPrincNameW
RpcServerUseProtseqW
RpcServerRegisterIfEx
RpcServerInqBindings
RpcEpRegisterW
RpcBindingVectorFree
RpcEpUnregister
RpcBindingToStringBindingW
RpcStringBindingParseW
RpcBindingInqAuthClientW
RpcStringFreeW
NdrServerCall2
RpcImpersonateClient
RpcRevertToSelf
UuidCreate
I_RpcBindingIsClientLocal
RpcServerRegisterAuthInfoW

advapi32

AddAccessDeniedAce
GetAce
SetSecurityDescriptorDacl
GetSecurityDescriptorLength
MakeSelfRelativeSD
RegDeleteKeyW
RegEnumKeyExW
RegDeleteValueW
RegOpenKeyExW
InitializeAcl
GetLengthSid
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
FreeSid
AllocateAndInitializeSid
RegEnumValueA
RegEnumKeyExA
RegCloseKey
RegQueryValueExW
RegOpenKeyW
RegSetValueExW
RegCreateKeyExW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegOpenKeyExA
RegisterTraceGuidsW
UnregisterTraceGuids
SetServiceStatus
RegQueryInfoKeyA
RegisterServiceCtrlHandlerExW
AddAccessAllowedAce

iphlpapi

GetPerAdapterInfo
GetAdaptersInfo
GetIpAddrTable
NhGetInterfaceNameFromGuid
GetInterfaceInfo

ws2_32

WSAIoctl
WSAEventSelect
WSACreateEvent
WSASocketW

user32

CountClipboardFormats
GetCursor
ReleaseDC
GetSysColor
GetDesktopWindow
GetDoubleClickTime
SendMessageA
LoadStringW
GetClipboardOwner
GetSystemMetrics
EnumWindows
PostQuitMessage
FindWindowExA
FindWindowA
RegisterClassExA
GetMessageA
DestroyWindow
DefWindowProcA
LoadCursorA
CreateWindowExA
wsprintfW

crypt32

CertStrToNameW

userenv

RefreshPolicy

netapi32

NetApiBufferFree
DsGetDcNameW

Sections

.text
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 195KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 85KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fd87edd39d592e4da3cc15ae61c84554

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ntdll

kernel32

rpcrt4

advapi32

iphlpapi

ws2_32

user32

crypt32

userenv

netapi32

Sections

.text Size: 56KB - Virtual size: 53KB

.rdata Size: 95KB - Virtual size: 95KB

.data Size: 192KB - Virtual size: 195KB

.bss Size: - Virtual size: 85KB

.rsrc Size: 29KB - Virtual size: 29KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 56KB - Virtual size: 53KB

.rdata
Size: 95KB - Virtual size: 95KB

.data
Size: 192KB - Virtual size: 195KB

.bss
Size: - Virtual size: 85KB

.rsrc
Size: 29KB - Virtual size: 29KB

.reloc
Size: 4KB - Virtual size: 4KB