85064e2e8be878059ea47f97520851064300be5a02fc554b8d9a34a887eb8708

Sharing

Copy URL Twitter E-mail

General

Target

85064e2e8be878059ea47f97520851064300be5a02fc554b8d9a34a887eb8708
Size

844KB
MD5

f783a5a8f4d668051a78511a70812283
SHA1

5d28de0121ac19c6d6b96d4a5353c4aae6e4abb6
SHA256

85064e2e8be878059ea47f97520851064300be5a02fc554b8d9a34a887eb8708
SHA512

7485fd657e565a50c3356fe6b6c554e6b97291950943497b7549cb96f6ec3d6da71153ff22200e90c0032884f91eb1ad9e1621c0fae8628ca8a336a63180dc25
SSDEEP

24576:ysOdn7uhjV0Pp6zJgX/S2K+1yCG/c2tPGb/lLy:bOghZLgXql9CG02hGjlL

Score

N/A

Malware Config

Signatures

Files

85064e2e8be878059ea47f97520851064300be5a02fc554b8d9a34a887eb8708
.exe windows x86

cc4951a8580a09f49cfc7bc1ef79049a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

StgOpenPropStg
OleLoadFromStream
CLSIDFromString
CoSuspendClassObjects
UtConvertDvtd16toDvtd32
CoImpersonateClient
OleCreateFromDataEx
CoGetMalloc
CoRegisterMallocSpy
CoCancelCall
CLIPFORMAT_UserFree
HPALETTE_UserUnmarshal
OleCreateLinkFromData
OleUninitialize
CoUnmarshalHresult
OleGetClipboard
PropVariantChangeType
PropStgNameToFmtId
UtGetDvtd16Info
CoIsOle1Class
CoQueryProxyBlanket
HkOleRegisterObject
SetConvertStg

regapi

RegWinStationQuerySecurityW
RegGetMachinePolicy
RegDefaultUserConfigQueryW
RegOpenServerA
RegCloseServer
RegWinStationCreateW
RegPdEnumerateW
RegWinStationSetSecurityA
RegWinStationQueryDefaultSecurity
RegPdEnumerateA
RegWinStationQueryW
RegConsoleShadowQueryW
RegWinStationCreateA
RegCdQueryA
RegPdCreateW
RegCdEnumerateW
RegCdEnumerateA
WaitForTSConnectionsPolicyChanges
RegWinStationQueryEx

kernel32

OpenSemaphoreW
GetModuleFileNameW
VirtualAlloc
OpenJobObjectA
GetStringTypeExW
AddConsoleAliasA
RegisterConsoleOS2
RegisterWaitForSingleObject
DosDateTimeToFileTime
InitializeCriticalSectionAndSpinCount
GetModuleHandleA
CreateToolhelp32Snapshot
LoadLibraryA
OutputDebugStringA
EnumResourceNamesA
ConvertFiberToThread
ScrollConsoleScreenBufferW
GetCurrentThreadId
GetGeoInfoA
EnumUILanguagesW

ntdll

ZwRequestWaitReplyPort
RtlDoesFileExists_U
ZwQueryFullAttributesFile
NtAccessCheckAndAuditAlarm
PfxRemovePrefix
wcscmp
RtlImageNtHeader
wcscspn
wcslen
RtlFindActivationContextSectionString
RtlLargeIntegerShiftLeft
strspn
RtlIsValidIndexHandle
NtSystemDebugControl
ZwQuerySystemEnvironmentValueEx
atoi
RtlCreateTimer
NtSaveKey
NtNotifyChangeKey
CsrFreeCaptureBuffer
RtlDeleteAce
wcsncmp
RtlGetSecurityDescriptorRMControl
RtlUpperString
ZwFlushKey

Sections

.text
Size: 483KB - Virtual size: 482KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 355KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 452B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cc4951a8580a09f49cfc7bc1ef79049a

Headers

DLL Characteristics

File Characteristics

Imports

ole32

regapi

kernel32

ntdll

Sections

.text Size: 483KB - Virtual size: 482KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 355KB - Virtual size: 1.8MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 452B

.text
Size: 483KB - Virtual size: 482KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 355KB - Virtual size: 1.8MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 452B