d0618edc740fa6ec293d44e798ff7360fd1ea400f38d72894f6e75f967909c62

Sharing

Copy URL Twitter E-mail

General

Target

d0618edc740fa6ec293d44e798ff7360fd1ea400f38d72894f6e75f967909c62
Size

137KB
MD5

b9fe1068d8a5a878b61ff83a1ea1ff65
SHA1

12cea159025ac9c2366b156888595c51177ba0bf
SHA256

d0618edc740fa6ec293d44e798ff7360fd1ea400f38d72894f6e75f967909c62
SHA512

b19081e1bd940fb7e4e7433dd5abc4d4afacb4887a56b9e1ace982b271e6f210439ed27f81733ec5a2cd39689f22cb6dcd5ecfb00b81340d27ec2be8a01c66c1
SSDEEP

3072:3i/KxTJVBPL29OMS9JrItqCS11Qlorz1bcIUDx3jJF:4KzLzf11Corx+Zj7

Score

N/A

Malware Config

Signatures

Files

d0618edc740fa6ec293d44e798ff7360fd1ea400f38d72894f6e75f967909c62
.exe windows x86

fdfd1c0bb13aad8f2d2771d9b82dabb9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetPrivateProfileStringW
MoveFileW
Sleep
LoadLibraryExW
CreateEventW
CreateMutexW
WaitForSingleObject
SetEvent
Module32FirstW
ProcessIdToSessionId
InterlockedCompareExchange
GetTickCount
GetLocalTime
OutputDebugStringW
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
GetSystemInfo
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
OpenProcess
LocalAlloc
GetCurrentProcess
LocalFree
RaiseException
InitializeCriticalSectionAndSpinCount
GetVersionExW
GetModuleHandleW
WriteFile
WideCharToMultiByte
MultiByteToWideChar
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
GetLastError
GetFileAttributesW
GetModuleFileNameW
FreeLibrary
GetProcAddress
LoadLibraryW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetFileSize
CloseHandle
CreateFileW
ReadFile
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InitializeSListHead
WaitForSingleObjectEx
ResetEvent

advapi32

ImpersonateLoggedOnUser
RevertToSelf
SetServiceStatus
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
ControlService
StartServiceW
QueryServiceStatus
DeleteService
ChangeServiceConfig2W
ChangeServiceConfigW
OpenServiceW
CloseServiceHandle
CreateServiceW
OpenSCManagerW
CreateProcessAsUserW
EqualSid
SetTokenInformation
AllocateAndInitializeSid
FreeSid
DuplicateTokenEx
OpenProcessToken
GetTokenInformation
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegOpenKeyW
RegOpenCurrentUser

shell32

SHGetSpecialFolderPathW
ShellExecuteW
CommandLineToArgvW

shlwapi

PathAppendW
PathFileExistsW
PathFindFileNameW
PathRemoveFileSpecW

msvcp140

?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_BADOFF@std@@3_JB
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?_Xbad_function_call@std@@YAXXZ
?__ExceptionPtrAssign@@YAXPAXPBX@Z
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
?_ReportUnobservedException@details@Concurrency@@YAXXZ
?_Schedule_chore@details@Concurrency@@YAHPAU_Threadpool_chore@12@@Z
?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QAEXXZ
?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QAEXXZ
?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QAEXXZ
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QAEXXZ
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QAEXXZ
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QAEX_N@Z
?_Release_chore@details@Concurrency@@YAXPAU_Threadpool_chore@12@@Z
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AAEXXZ
?_Capture@_ContextCallback@details@Concurrency@@AAEXXZ
?_Reset@_ContextCallback@details@Concurrency@@AAEXXZ
?_CallInContext@_ContextCallback@details@Concurrency@@QBEXV?$function@$$A6AXXZ@std@@_N@Z
??0task_continuation_context@Concurrency@@AAE@XZ
_Mtx_current_owns
_Cnd_unregister_at_thread_exit
?__ExceptionPtrCreate@@YAXPAX@Z
_Cnd_init_in_situ
?__ExceptionPtrCopyException@@YAXPAXPBX1@Z
?__ExceptionPtrCopy@@YAXPAXPBX@Z
?_Throw_future_error@std@@YAXABVerror_code@1@@Z
?_Throw_Cpp_error@std@@YAXH@Z
?_Throw_C_error@std@@YAXH@Z
?_Rethrow_future_exception@std@@YAXVexception_ptr@1@@Z
?_Syserror_map@std@@YAPBDH@Z
_Cnd_timedwait
?__ExceptionPtrToBool@@YA_NPBX@Z
_Mtx_destroy_in_situ
?__ExceptionPtrDestroy@@YAXPAX@Z
_Mtx_lock
?__ExceptionPtrCurrentException@@YAXPAX@Z
_Mtx_init_in_situ
_Cnd_register_at_thread_exit
_Cnd_wait
_Xtime_get_ticks
_Mtx_unlock
_Cnd_broadcast
_Cnd_destroy_in_situ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsW

vcruntime140

__std_exception_destroy
__std_exception_copy
_purecall
wcsrchr
__vcrt_InitializeCriticalSectionEx
__CxxFrameHandler3
_CxxThrowException
memset
_except_handler4_common
memmove
__std_type_info_compare
__std_terminate
_local_unwind4
wcschr
memcpy

api-ms-win-crt-heap-l1-1-0

free
malloc
_set_new_mode
_callnewh

api-ms-win-crt-string-l1-1-0

_wcsnicmp
_wcsicmp
wcsncpy_s
iswspace
wmemcpy_s
wcsnlen
_wcslwr_s

api-ms-win-crt-runtime-l1-1-0

_controlfp_s
_errno
_invalid_parameter_noinfo
_register_thread_local_exe_atexit_callback
_c_exit
_exit
exit
_beginthread
_invalid_parameter_noinfo_noreturn
_initialize_onexit_table
_register_onexit_function
_crt_atexit
terminate
_cexit
_seh_filter_exe
_set_app_type
_configure_wide_argv
_initialize_wide_environment
_get_wide_winmain_command_line
_initterm
_initterm_e

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__stdio_common_vswprintf_s
__stdio_common_vswprintf
__p__commode

api-ms-win-crt-convert-l1-1-0

_wtoi

api-ms-win-crt-filesystem-l1-1-0

_waccess

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fdfd1c0bb13aad8f2d2771d9b82dabb9

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

shlwapi

msvcp140

version

wtsapi32

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 91KB - Virtual size: 91KB

.rdata Size: 30KB - Virtual size: 30KB

.data Size: 4KB - Virtual size: 5KB

.tls Size: 512B - Virtual size: 9B

.gfids Size: 512B - Virtual size: 92B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 91KB - Virtual size: 91KB

.rdata
Size: 30KB - Virtual size: 30KB

.data
Size: 4KB - Virtual size: 5KB

.tls
Size: 512B - Virtual size: 9B

.gfids
Size: 512B - Virtual size: 92B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 7KB - Virtual size: 6KB