8e57b86c8e8c793bac458f253b86ee7435833d6f7eb37b2bddaee284a1616148

Sharing

Copy URL Twitter E-mail

General

Target

8e57b86c8e8c793bac458f253b86ee7435833d6f7eb37b2bddaee284a1616148
Size

309KB
MD5

c867621c6074aa14847ccbae52902744
SHA1

6a649b4c2fa6d107606df81ad61419cd246d3f38
SHA256

8e57b86c8e8c793bac458f253b86ee7435833d6f7eb37b2bddaee284a1616148
SHA512

9b849ea3695718e3df47fc52c61ef3e7f212cf7006ad56bda89c22fc82f63840424df2b371538e1345dc4e91ba771be4a38d6ce4d52f25ca0cdcbdddd825e933
SSDEEP

6144:9EoTDHxAcidjh1ghyVkdQRWh7wg+FQRXlqxnwkaEL8XZkaYx3KAdd2L:9EoXHxAcAj8hyVkdQ8l4QqJzL8XZkaAc

Score

N/A

Malware Config

Signatures

Files

8e57b86c8e8c793bac458f253b86ee7435833d6f7eb37b2bddaee284a1616148
.exe windows x86

d5a81c0732010655d4e86695e2942b17

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalAlloc
TlsSetValue
GetSystemInfo
OpenFileMappingA
FreeLibrary
GetOEMCP
WaitForSingleObject
IsValidLocale
SetEndOfFile
LeaveCriticalSection
TlsFree
RaiseException
HeapAlloc
OpenSemaphoreA
EnterCriticalSection
GetModuleHandleA
ReadFile
OpenEventA
WideCharToMultiByte
TlsGetValue
VirtualAlloc
IsBadCodePtr
LoadLibraryExA
HeapDestroy
VirtualProtect
CreateFileA
GetFileSize
WriteFile
LCMapStringA
CreateSemaphoreA
ResetEvent
GetACP
GetUserDefaultLCID
CreateEventA
UnhandledExceptionFilter
LocalFree
lstrlenA
FreeEnvironmentStringsA
HeapSize
TlsAlloc
HeapFree
DeleteCriticalSection
SetFilePointer
SetLastError
SetStdHandle
OutputDebugStringA
LCMapStringW
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
GetLocalTime
GetFileType
VirtualQuery
FreeEnvironmentStringsW
UnmapViewOfFile
CloseHandle
EnumSystemLocalesA
GetStdHandle
FileTimeToSystemTime
HeapReAlloc
IsValidCodePage
GetCommandLineA
GetCurrentThreadId
MapViewOfFile
SetHandleCount
FlushFileBuffers
WaitForMultipleObjects
GetThreadLocale
RtlUnwind
CreateFileMappingA
VirtualFree
lstrlenW
ReleaseSemaphore
CreateMutexW
VirtualAllocEx

advapi32

SetSecurityDescriptorDacl
CryptGetProvParam
GetSidIdentifierAuthority
CryptDeriveKey
FreeSid
CryptGetHashParam
RegQueryInfoKeyA
RegOpenKeyExA
CryptDestroyHash
CryptHashData
GetSidSubAuthority
OpenProcessToken
RegEnumKeyExA
InitializeSecurityDescriptor
CryptDestroyKey
EqualSid
CryptDecrypt
RegCloseKey
CryptEncrypt
RegSetValueExA
GetTokenInformation
AllocateAndInitializeSid
GetSidSubAuthorityCount
RegDeleteKeyA
RegQueryValueExA
RegCreateKeyExA
CryptAcquireContextA
CryptReleaseContext
IsValidSid
CryptCreateHash

user32

wsprintfA
CharUpperBuffA

oleaut32

VariantClear
SysStringByteLen
SysAllocStringByteLen
VariantInit
VarBstrCmp
SysStringLen
SysFreeString
SysAllocStringLen
SysAllocString

ole32

CoCreateInstance
CoUninitialize
CoInitialize

resutils

ResUtilCreateDirectoryTree
ResUtilEnumResources
ResUtilFindSzProperty
ResUtilGetMultiSzProperty
ResUtilEnumPrivateProperties
ResUtilGetPropertySize
ResUtilGetBinaryProperty
ResUtilResourceTypesEqual

kbdhela2

KbdLayerDescriptor

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 285KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d5a81c0732010655d4e86695e2942b17

Headers

File Characteristics

Imports

kernel32

advapi32

user32

oleaut32

ole32

resutils

kbdhela2

Sections

.text Size: 14KB - Virtual size: 13KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 285KB - Virtual size: 1.1MB

.rsrc Size: 5KB - Virtual size: 8KB

.text
Size: 14KB - Virtual size: 13KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 285KB - Virtual size: 1.1MB

.rsrc
Size: 5KB - Virtual size: 8KB