6ea9894d9814ecee5a1f184dfd3141e23108ece8ddd090d00ad243a0446c1db2

Sharing

Copy URL

Twitter E-mail

General

Target

6ea9894d9814ecee5a1f184dfd3141e23108ece8ddd090d00ad243a0446c1db2
Size

302KB
MD5

1234406bb187addf0e16f14f25b195f0
SHA1

1f71d03ab938eda1cc3a3de6cbcb5a56a93903dd
SHA256

6ea9894d9814ecee5a1f184dfd3141e23108ece8ddd090d00ad243a0446c1db2
SHA512

70f7520573d065f768000044b2a3576412ed3302e7fca04908b6d03d6198f462c7604d6b03c239f929ad2d16c36b2c67321f9f7ceb851ac0711125a9b30ab8a6
SSDEEP

6144:pKfini1TtwrIn4Qmj6bDnIC+ztnmRLcGp61026:pKfB+BQmefK5mRIk610p

Score

N/A

Malware Config

Signatures

Files

6ea9894d9814ecee5a1f184dfd3141e23108ece8ddd090d00ad243a0446c1db2
.exe windows x86

746a3e12e891955a369075dbb3232d3b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

SafeArrayLock
SafeArrayGetLBound
VariantTimeToSystemTime
LoadRegTypeLi
SafeArrayGetUBound
SafeArrayGetVartype
SafeArrayCopy
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElement
LoadTypeLi
VariantCopy
SafeArrayRedim
SysFreeString
SafeArrayDestroy
VariantClear
VariantInit
SysStringByteLen
SafeArrayUnlock
VarBstrCmp
GetErrorInfo
SysAllocStringByteLen
SystemTimeToVariantTime
VariantCopyInd
SysAllocString
VariantChangeType
SysStringLen
SysAllocStringLen

setupapi

SetupDiGetDeviceRegistryPropertyW
CM_Get_Device_IDW
CM_Locate_DevNodeW
SetupDiDestroyDeviceInfoList
SetupDiOpenDeviceInfoW
SetupDiGetDeviceInterfaceDetailW
CM_Get_Device_ID_Size
CM_Get_Parent
SetupDiGetClassDevsExW
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInstanceIdW
SetupDiCreateDeviceInfoList

kernel32

WriteFile
LockResource
SetLastError
SizeofResource
CancelIo
ReadFile
FindResourceW
OpenProcess
ConnectNamedPipe
GetComputerNameW
HeapFree
GetVolumePathNameW
HeapDestroy
GetOverlappedResult
FreeLibrary
GetDriveTypeW
DeviceIoControl
WideCharToMultiByte
GetStringTypeExW
CloseHandle
GetThreadLocale
GetACP
DisconnectNamedPipe
LCMapStringW
CreateEventW
GetCurrentThreadId
FindResourceExW
RaiseException
IsDebuggerPresent
HeapAlloc
UnhandledExceptionFilter
GetModuleHandleW
GetLocalTime
ResetEvent
GetFileSizeEx
lstrlenA
GetVolumeNameForVolumeMountPointW
WaitForSingleObject
lstrlenW
LeaveCriticalSection
EnterCriticalSection
SetUnhandledExceptionFilter
DeleteCriticalSection
GetLongPathNameW
CreateFileW
GetSystemTimeAsFileTime
LocalFree
GetProcessHeap
GetUserDefaultLCID
HeapSize
CreateNamedPipeW
SetThreadLocale
WaitForMultipleObjects
HeapReAlloc
FormatMessageW
LoadResource
GetCurrentProcessId
VirtualAlloc

shlwapi

PathIsUNCW
PathMatchSpecW
PathIsFileSpecW
PathStripPathW
PathSkipRootW

ole32

CoGetClassObject
CoTaskMemFree
CoCreateInstance
CoLoadLibrary
OleRun
CoImpersonateClient
CoFreeUnusedLibraries
CoInitializeEx
StringFromGUID2
CoRevertToSelf
StringFromCLSID
CoUninitialize

advapi32

CopySid
ConvertSidToStringSidW
InitializeSid
SetSecurityDescriptorOwner
RegOpenCurrentUser
DuplicateTokenEx
DuplicateToken
ConvertStringSidToSidW
ImpersonateNamedPipeClient
GetSidSubAuthority
GetAclInformation
GetSecurityDescriptorGroup
InitializeSecurityDescriptor
GetTokenInformation
OpenProcessToken
SetSecurityDescriptorDacl
GetSecurityDescriptorLength
AddAce
GetSecurityDescriptorOwner
GetLengthSid
InitializeAcl
RegCloseKey
GetSecurityDescriptorSacl
CheckTokenMembership
RegOpenKeyExW
RegQueryValueExW
GetSidLengthRequired
LookupAccountSidW
GetSecurityDescriptorDacl
OpenThreadToken
MakeAbsoluteSD
SetThreadToken
MakeSelfRelativeSD
RevertToSelf
EqualSid
IsValidSid
GetSecurityDescriptorControl
CloseServiceHandle
CryptDecrypt
MD4Update
SystemFunction012
OpenSCManagerW
SetInformationCodeAuthzPolicyW
WmiQuerySingleInstanceW
OpenServiceA
AccessCheckByTypeResultListAndAuditAlarmByHandleW
CryptGetHashParam
CreateWellKnownSid
AddAuditAccessObjectAce
SystemFunction028
EncryptionDisable
PrivilegedServiceAuditAlarmA
ObjectPrivilegeAuditAlarmA
RegisterEventSourceW
ConvertSecurityDescriptorToStringSecurityDescriptorW
ComputeAccessTokenFromCodeAuthzLevel
RegEnumValueA
UnregisterIdleTask
LsaQueryTrustedDomainInfo
SystemFunction024
MD5Init
SystemFunction030
CredWriteA
CryptVerifySignatureW
SaferiIsExecutableFileType
RegSetKeySecurity
SetEntriesInAccessListA
TraceEvent
FreeEncryptedFileKeyInfo
OpenTraceA
OpenEventLogA
ElfReportEventW
GetFileSecurityW
GetTrusteeFormW
StopTraceA
ConvertAccessToSecurityDescriptorW
CommandLineFromMsiDescriptor
CryptGetKeyParam
EqualPrefixSid
I_ScPnPGetServiceName
GetAce
EnumServiceGroupW
GetSecurityInfoExW
ImpersonateAnonymousToken
AccessCheckByType
CreatePrivateObjectSecurityWithMultipleInheritance
CryptSetKeyParam
SystemFunction026
GetSecurityDescriptorRMControl
LsaICLookupSidsWithCreds
I_ScGetCurrentGroupStateW
RegOpenUserClassesRoot
CredEnumerateA
QueryServiceObjectSecurity
LsaLookupNames2
LsaGetRemoteUserName
GetPrivateObjectSecurity
SystemFunction005
RegOpenKeyW
QueryServiceLockStatusW
StartServiceCtrlDispatcherW
AdjustTokenPrivileges
SaferiCompareTokenLevels
SetEntriesInAuditListW

shell32

SHGetFolderPathW

psapi

GetModuleFileNameExW

user32

wsprintfW
LoadStringW
UnregisterClassA

userenv

GetUserProfileDirectoryW
UnloadUserProfile

es

ServiceMain
NotifyLogonUser
DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 238KB - Virtual size: 9.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 6KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

746a3e12e891955a369075dbb3232d3b

Headers

File Characteristics

Imports

oleaut32

setupapi

kernel32

shlwapi

ole32

advapi32

shell32

psapi

user32

userenv

es

Sections

.text Size: 14KB - Virtual size: 13KB

.data Size: 238KB - Virtual size: 9.1MB

.rdata Size: 6KB - Virtual size: 170KB

.rsrc Size: 11KB - Virtual size: 10KB

.reloc Size: 32KB - Virtual size: 32KB

.text
Size: 14KB - Virtual size: 13KB

.data
Size: 238KB - Virtual size: 9.1MB

.rdata
Size: 6KB - Virtual size: 170KB

.rsrc
Size: 11KB - Virtual size: 10KB

.reloc
Size: 32KB - Virtual size: 32KB