6260a6b4503b12c2b9035782d66827e47b3025420de197341500e1041886e2f5

Sharing

Copy URL Twitter E-mail

General

Target

6260a6b4503b12c2b9035782d66827e47b3025420de197341500e1041886e2f5
Size

718KB
MD5

4edd67472c598b9517a76503e22bff49
SHA1

081cdc632d3269a731a1579a01a36d81db141d6a
SHA256

6260a6b4503b12c2b9035782d66827e47b3025420de197341500e1041886e2f5
SHA512

c9773c6142353c07e6e9273d63c50fa28316d00bf1055ffb3a8698648673514505aa00e5c7b4dc979bc3ec68465472189f0439f9da375d1d29c39c87288c765b
SSDEEP

12288:ID27lVjiyvA0tqmyz8vEjeYjrbdiBeIUuQsEJ5bp:w27f+ZQM8vEjVLUfhQsibp

Score

N/A

Malware Config

Signatures

Files

6260a6b4503b12c2b9035782d66827e47b3025420de197341500e1041886e2f5
.exe windows x86

ec72a9040956aa254c30a3fdd25fc483

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

oleaut32

SysAllocStringLen
SysReAllocStringLen
VariantCopy
SysStringLen
VariantInit
SysAllocStringByteLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayCreate
GetActiveObject
SysFreeString
VariantChangeType
VariantClear
VariantChangeTypeEx
SafeArrayGetLBound
GetErrorInfo
VariantCopyInd

shlwapi

SHQueryValueExA
PathFindSuffixArrayW
PathIsUNCW
PathIsUNCServerShareW
PathIsNetworkPathW
StrCatBuffW
StrStrIA
PathCanonicalizeW
ColorHLSToRGB
StrTrimA
UrlUnescapeW
SHRegEnumUSValueW
StrStrIW
PathIsUNCA
StrCatW
StrDupW
PathGetArgsA
StrStrW
PathCompactPathExW
PathIsDirectoryA
PathCompactPathW
PathGetCharTypeW

netapi32

NetServiceInstall
NetGroupAddUser
NetFileEnum
NetFileGetInfo
NetUserModalsGet
NetShareEnum
NetScheduleJobDel
Netbios
NetRenameMachineInDomain
NetApiBufferFree
NetUserAdd
NetapipBufferAllocate
NetWkstaTransportEnum
NetpIsRemote
NetServerGetInfo
NetGroupDel
NetUseGetInfo

user32

DdeInitializeA
PeekMessageA
IsRectEmpty
CharToOemBuffA
GetSysColor
RegisterClipboardFormatA
NotifyWinEvent
SendMessageA
DlgDirListW
OpenDesktopW
RegisterDeviceNotificationA
BeginPaint
LoadImageW
AppendMenuW
EnableScrollBar
GetGUIThreadInfo
GetScrollBarInfo
DefWindowProcA
SetTimer
EmptyClipboard
GetCaretPos

advapi32

StartServiceA
SetTokenInformation
InitializeSecurityDescriptor
AddAccessDeniedAce
RegQueryValueExA
GetEventLogInformation
OpenSCManagerW
OpenSCManagerA
LsaFreeMemory
IsValidSecurityDescriptor
WmiCloseBlock
RevertToSelf
GetSecurityDescriptorLength
CryptVerifySignatureA
IsValidSid
LookupAccountNameW
CryptSignHashW
RegisterTraceGuidsA
RegSetValueA
RegCloseKey
SetSecurityDescriptorOwner

kernel32

GetUserDefaultLCID
GetEnvironmentVariableW
OutputDebugStringW
GetCommState
GetVersionExW
MoveFileWithProgressW
GetModuleFileNameA
InterlockedExchange
OpenWaitableTimerW
FindFirstVolumeMountPointW
GetSystemDefaultLCID
GetTempFileNameW
MoveFileW
GetConsoleCP
GetStdHandle
IsSystemResumeAutomatic
GetAtomNameA
DebugActiveProcess
UnmapViewOfFile
SetProcessWorkingSetSize
FreeEnvironmentStringsW
SetCommState
SetErrorMode
CreateProcessInternalW
FillConsoleOutputCharacterW
FileTimeToLocalFileTime
VirtualAlloc
GetPriorityClass
GetSystemDefaultUILanguage
DuplicateHandle
GetModuleHandleW
WriteProfileStringA
GlobalLock
GetDriveTypeW
GetProfileIntW
GetDefaultCommConfigA
GetVolumeNameForVolumeMountPointW
FreeResource
WriteConsoleOutputA
Process32Next
GetThreadContext
ReadConsoleOutputW
GetSystemPowerStatus
GetSystemDirectoryW
CompareStringW
FindNextFileW
HeapValidate
LoadResource
LeaveCriticalSection
WriteProfileStringW
_llseek
WaitForMultipleObjects

msvcrt

wcslen
_rmdir
__lconv_init
wcsrchr
localeconv
printf
fgetwc
strncmp
_Gettnames
iswdigit
_itoa
isspace
towupper
__p__fmode
floor
_wtoi64
difftime
_EH_prolog
wcstombs
memcmp
strcspn
??1exception@@UAE@XZ
_mbsnbicmp
_mbscpy
_CxxThrowException
_commode
_callnewh
__isascii
isupper
toupper
??_U@YAPAXI@Z
wcsspn
_isnan
_cexit
??0exception@@QAE@ABV0@@Z
_wcsicoll
_getche
_pclose
_snwprintf
_wcsicmp
__crtLCMapStringA
swscanf
isprint
sscanf

Sections

.text
Size: 19KB - Virtual size: 448KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: 552KB - Virtual size: 982KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 145KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 146B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ec72a9040956aa254c30a3fdd25fc483

Headers

DLL Characteristics

File Characteristics

Imports

oleaut32

shlwapi

netapi32

user32

advapi32

kernel32

msvcrt

Sections

.text Size: 19KB - Virtual size: 448KB

.bss Size: 552KB - Virtual size: 982KB

.rsrc Size: 145KB - Virtual size: 144KB

.reloc Size: 1024B - Virtual size: 146B

.text
Size: 19KB - Virtual size: 448KB

.bss
Size: 552KB - Virtual size: 982KB

.rsrc
Size: 145KB - Virtual size: 144KB

.reloc
Size: 1024B - Virtual size: 146B