7613866a36cfa656d535f94b14e17ad32515034f3eab5e678db6a5b4497b3e01

Sharing

Copy URL

Twitter E-mail

General

Target

7613866a36cfa656d535f94b14e17ad32515034f3eab5e678db6a5b4497b3e01
Size

278KB
MD5

0c35912d03f23f699829620643eedb56
SHA1

8c9ef975e1e223be30992785cafb5f7c9a374004
SHA256

7613866a36cfa656d535f94b14e17ad32515034f3eab5e678db6a5b4497b3e01
SHA512

bb4e810bc62523592d973ebadf137cfb87d983b4dcc63380cfef9b09357ee166d970992eebb524837ce73a156177dcae0575c8f4795e9c6fff223404ee9e403c
SSDEEP

6144:fw8yL7ppV+WJG6de5dAqkNLBeYClpKzkc4qkeBACbx8YGLcRf:fw/t+AMlkN1eYCDckc4jXgSYGI

Score

N/A

Malware Config

Signatures

Files

7613866a36cfa656d535f94b14e17ad32515034f3eab5e678db6a5b4497b3e01
.exe windows x86

5b323ad38fa98d3f877190adc06e1e82

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

SysStringLen
SysAllocString
SysFreeString
VarUI4FromStr
SysStringByteLen
VariantClear
SysAllocStringByteLen
SysAllocStringLen
SysReAllocStringLen
VarBstrCmp
VariantCopy
VariantChangeType
VariantInit
LoadRegTypeLib
VarI2FromUI1
VarBstrFromBool
VarTokenizeFormatString
VarBoolFromDec
LHashValOfNameSys
VarUI2FromI8
VarI4FromI2
SysStringByteLen
VarI1FromCy
VarBoolFromStr
VarR8FromI1
VarDecCmpR8
VarI4FromUI4
VarCyInt
VarBstrCat
VarCyFix
VarDateFromUI1
SafeArrayDestroyData
SafeArrayGetLBound
CreateDispTypeInfo
VariantChangeType
VarI1FromUI4
VarI2FromStr
VarDecFromI4
SystemTimeToVariantTime
VarCmp
VarI8FromDate
VarDecFromI2
VarDecFromUI2
VarDecSub
VarCyMulI8
VarR8FromBool
VarUI1FromDec
OaBuildVersion

kernel32

LeaveCriticalSection
VirtualProtectEx
OpenProcess
GetWindowsDirectoryW
FindResourceExW
CreateProcessW
lstrcmpiA
GetThreadPriority
SearchPathW
GetModuleHandleW
GetFileSize
LoadLibraryExW
lstrlenW
HeapReAlloc
RaiseException
CreateRemoteThread
CreateEventA
ContinueDebugEvent
SizeofResource
TlsSetValue
ReadProcessMemory
MapViewOfFile
GetFileInformationByHandle
GetSystemTimeAsFileTime
CreateThread
SetThreadAffinityMask
WaitForSingleObject
InitializeCriticalSectionAndSpinCount
FreeLibrary
HeapDestroy
GetCurrentDirectoryW
OpenThread
FindFirstFileW
GetThreadSelectorEntry
GetLongPathNameW
ResumeThread
VirtualQuery
CancelIo
SetLastError
LCMapStringW
LoadLibraryExA
QueryDosDeviceW
EnterCriticalSection
ResetEvent
SetErrorMode
ReadFile
GetProcessHeap
TlsFree
WaitForDebugEvent
SetNamedPipeHandleState
LocalAlloc
CreateFileMappingW
FormatMessageA
FindClose
CreateMutexW
GetSystemInfo
VirtualAlloc
FindResourceW
GetComputerNameW
GetSystemDirectoryW
GetFileTime
GetLogicalDrives
SwitchToThread
TransactNamedPipe
GetVolumeInformationW
GetFullPathNameW
CreateEventW
UnhandledExceptionFilter
GetOverlappedResult
FormatMessageW
Process32First
WaitNamedPipeW
SetHandleInformation
VirtualQueryEx
HeapAlloc
SetUnhandledExceptionFilter
GetProcessAffinityMask
FlushInstructionCache
DuplicateHandle
OutputDebugStringW
DeleteFileW
SuspendThread
IsDebuggerPresent
GetCurrentThreadId
FindResourceA
CreateFileMappingA
GetThreadContext
FreeLibraryAndExitThread
Process32Next
ExpandEnvironmentStringsW
LoadResource
WideCharToMultiByte
QueryPerformanceFrequency
CreateFileW
FreeEnvironmentStringsW
LockResource
WriteProcessMemory
DeleteCriticalSection
VirtualFree
HeapFree
IsDBCSLeadByte
CloseHandle
DebugActiveProcess
UnmapViewOfFile
ProcessIdToSessionId
GetModuleHandleA
CreateToolhelp32Snapshot
HeapSize
ReleaseMutex
TlsGetValue
TlsAlloc
SetFilePointer
lstrlenA
SetThreadContext
LocalFree
VirtualAllocEx

user32

SetDebugErrorLevel
EnumWindows
PostThreadMessageW
GetWindowThreadProcessId
IsWindowVisible
CharLowerBuffA
LoadStringA
LoadStringW
GetWindowTextW
CharNextA

ole32

CoCreateFreeThreadedMarshaler
CoInitializeEx
CoCreateInstance
CoReleaseMarshalData
StringFromCLSID
CoTaskMemFree
CoTaskMemRealloc
CoUninitialize
CoTaskMemAlloc
CoWaitForMultipleHandles
CoCreateGuid
StringFromGUID2

advapi32

GetSecurityDescriptorOwner
CryptGetHashParam
RegCloseKey
GetSidIdentifierAuthority
CryptDestroyHash
IsValidSecurityDescriptor
RegQueryInfoKeyA
GetUserNameW
PrivilegeCheck
FreeSid
SetSecurityDescriptorGroup
RegEnumKeyExA
CryptReleaseContext
SetSecurityDescriptorDacl
LookupPrivilegeValueW
GetKernelObjectSecurity
RegDeleteKeyA
RegOpenKeyExA
CryptHashData
AdjustTokenPrivileges
AddAccessAllowedAce
GetTokenInformation
RegConnectRegistryW
AllocateAndInitializeSid
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegDeleteValueA
CryptCreateHash
RegQueryValueExW
CryptAcquireContextA
RegEnumValueA
RegOpenKeyExW
RegQueryValueExA
RegSetValueExA
GetSidSubAuthority
AccessCheck
InitializeSecurityDescriptor
InitializeAcl
GetLengthSid
RegQueryInfoKeyW
EqualSid
OpenProcessToken
RegCreateKeyExA
DuplicateToken
SetSecurityDescriptorOwner
GetSidSubAuthorityCount
RegCreateKeyExW

shell32

CommandLineToArgvW

qedit

DllGetClassObject

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: 30KB - Virtual size: 892KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 180KB - Virtual size: 841KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 315KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5b323ad38fa98d3f877190adc06e1e82

Headers

File Characteristics

Imports

oleaut32

kernel32

user32

ole32

advapi32

shell32

qedit

Sections

.text Size: 22KB - Virtual size: 21KB

.bss Size: 30KB - Virtual size: 892KB

.reloc Size: 180KB - Virtual size: 841KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 35KB - Virtual size: 315KB

.rsrc Size: 3KB - Virtual size: 15KB

.text
Size: 22KB - Virtual size: 21KB

.bss
Size: 30KB - Virtual size: 892KB

.reloc
Size: 180KB - Virtual size: 841KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 35KB - Virtual size: 315KB

.rsrc
Size: 3KB - Virtual size: 15KB