5d25e3cd25e34a8c96395d01e34cccd188e11b237f233bdea3ff977076cd8b6f

Sharing

Copy URL Twitter E-mail

General

Target

5d25e3cd25e34a8c96395d01e34cccd188e11b237f233bdea3ff977076cd8b6f
Size

307KB
MD5

82e5994036da2ce05ca9d27e908e9f48
SHA1

098b35df0cbd468bc4b20d5df3c95504ff84bb53
SHA256

5d25e3cd25e34a8c96395d01e34cccd188e11b237f233bdea3ff977076cd8b6f
SHA512

fdd027390d2a03fef154e91bdccd33979809f39597eb4b2b8f460d25d5f31380f2cf28f211a4b994b6c95cf9eb024d8673ccc83d0cc99f2e940e2d61133ee514
SSDEEP

6144:cM6niRvRv1wOhL8QRjPH17YTzK/ixuSEo/k5devilbfbEz8GGDfZB2pOE:F6iRZ9hLVRjJYHKawIIlbzEI3Hc

Score

N/A

Malware Config

Signatures

Files

5d25e3cd25e34a8c96395d01e34cccd188e11b237f233bdea3ff977076cd8b6f
.exe windows x86

65f6d952c87a90d452d7636f525ce1ee

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CharUpperBuffW
UnregisterClassA
wsprintfW
UpdateWindow

oleaut32

SafeArrayUnlock
SysStringLen
VariantClear
LoadRegTypeLi
SafeArrayGetUBound
SafeArrayLock
SysStringByteLen
SafeArrayCopy
SafeArrayDestroy
SafeArrayGetLBound
VarBstrCat
VariantCopy
SafeArrayCreate
SafeArrayRedim
VariantInit
SafeArrayGetVartype
VariantCopyInd
SysAllocStringLen
LoadTypeLi
SysFreeString
SysAllocStringByteLen
VarBstrCmp
SysAllocString

kernel32

GetACP
GetSystemTimeAsFileTime
ExpandEnvironmentStringsW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LeaveCriticalSection
GetLogicalDrives
HeapAlloc
GetModuleHandleW
EnterCriticalSection
HeapReAlloc
FindFirstVolumeMountPointW
SetThreadLocale
CloseHandle
GetDriveTypeW
GetVolumeNameForVolumeMountPointW
HeapDestroy
FormatMessageW
lstrlenW
GetCurrentThreadId
GetThreadLocale
FindVolumeMountPointClose
GetLogicalDriveStringsW
QueryDosDeviceW
DeleteCriticalSection
HeapSize
GetProcessHeap
FindNextVolumeMountPointW
HeapFree
IsDebuggerPresent
RaiseException
SetLastError
CreateThread
VirtualAllocEx

advapi32

EqualSid
RegQueryValueExW
CopySid
RegQueryInfoKeyW
RegCloseKey
OpenProcessToken
RegEnumValueW
GetLengthSid
RegEnumKeyExW
GetTokenInformation
OpenThreadToken
IsValidSid
RegOpenKeyExW

shell32

SHGetDesktopFolder
SHGetMalloc

userenv

UnloadUserProfile

ole32

CoImpersonateClient
CoGetCallContext
CoRevertToSelf
CoCreateInstance

shlwapi

StrRetToStrW

comctl32

CreateStatusWindow
ImageList_GetIcon
GetMUILanguage
FlatSB_SetScrollInfo
CreatePropertySheetPageA
ImageList_DragShowNolock
ImageList_Replace
CreateMappedBitmap
CreateStatusWindowA
CreateStatusWindowW

kbdtuq

KbdLayerDescriptor

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: 40KB - Virtual size: 227KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 173KB - Virtual size: 411KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 57KB - Virtual size: 454KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

65f6d952c87a90d452d7636f525ce1ee

Headers

File Characteristics

Imports

user32

oleaut32

kernel32

advapi32

shell32

userenv

ole32

shlwapi

comctl32

kbdtuq

Sections

.text Size: 17KB - Virtual size: 17KB

.bss Size: 40KB - Virtual size: 227KB

.reloc Size: 173KB - Virtual size: 411KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 57KB - Virtual size: 454KB

.rsrc Size: 16KB - Virtual size: 16KB

.text
Size: 17KB - Virtual size: 17KB

.bss
Size: 40KB - Virtual size: 227KB

.reloc
Size: 173KB - Virtual size: 411KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 57KB - Virtual size: 454KB

.rsrc
Size: 16KB - Virtual size: 16KB