1d4be82c80108d78661386824fc03bc4900d24fee3c4ffdac2ccccf5867b909d

Sharing

Copy URL Twitter E-mail

General

Target

1d4be82c80108d78661386824fc03bc4900d24fee3c4ffdac2ccccf5867b909d
Size

45KB
MD5

fec8b7707115f97cb82cdf0af2b18182
SHA1

7c759388f3676023aafbf64cfef71894f5e44271
SHA256

1d4be82c80108d78661386824fc03bc4900d24fee3c4ffdac2ccccf5867b909d
SHA512

062fb4fb5be633855fa44ed269f50c5fac28f502ed2bc12f3851b2aa2cb81f5e65045f8c80f129ff490766ca218f9a208607bb8331bf3a2ed51bbecf2cb63520
SSDEEP

768:FdCwu5OB6c0t0fmKCeMDykZGMpIbVKVmbWSDDrHNf2:FHu5OrY8wDyQG9kVLMdf2

Score

N/A

Malware Config

Signatures

Files

1d4be82c80108d78661386824fc03bc4900d24fee3c4ffdac2ccccf5867b909d
.exe windows x86

95572abb8026184d10dafbd756aa7ece

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenProcess
GetCommandLineW
WriteFileGather
GetHandleInformation
GlobalAddAtomA
GetConsoleSelectionInfo
GetSystemDefaultUILanguage
DosPathToSessionPathA
UnlockFile
RegisterConsoleIME
CommConfigDialogW
UnregisterWaitEx
MapViewOfFileEx
LoadLibraryExA
CloseConsoleHandle
GlobalFlags
LocalFree
GetVersion
GetModuleHandleW
IsBadHugeWritePtr
SetConsoleCursor
FileTimeToSystemTime
GetProfileSectionA
DuplicateHandle
LoadLibraryA
GetPrivateProfileSectionW
GetModuleFileNameA
PrivCopyFileExW
FindResourceA
CreateMutexA
GetProcessIoCounters
GetFileSize
AllocateUserPhysicalPages
AttachConsole
GetProcessVersion
lstrcpyA
DefineDosDeviceA
GetFileType
GetDiskFreeSpaceExA
InterlockedIncrement
VirtualAlloc
SetCalendarInfoW
SetEndOfFile
InterlockedExchange
GetModuleHandleA
MapUserPhysicalPagesScatter
IsBadHugeReadPtr
AddAtomW
GetConsoleCharType
OpenProfileUserMapping
CreateJobSet
lstrlenW
GetSystemWow64DirectoryW
GetNextVDMCommand
GetLogicalDrives
ReadFileScatter
GetTickCount
LZOpenFileA
GetPrivateProfileStructW
GetEnvironmentVariableA
QueueUserWorkItem
OpenSemaphoreW
GetConsoleCP
LCMapStringA

ntdll

NtNotifyChangeKey
NtDeleteValueKey
ZwUnlockVirtualMemory
RtlUpcaseUnicodeStringToAnsiString
NtCreateProfile
RtlFindActivationContextSectionString
strncpy
RtlZeroMemory
NtShutdownSystem
toupper
RtlConvertToAutoInheritSecurityObject
RtlExpandEnvironmentStrings_U
RtlCreateHeap
RtlCompareString
ZwOpenEventPair
RtlRemoveVectoredExceptionHandler
towupper
ZwWaitForSingleObject
RtlSetSecurityObject
RtlMakeSelfRelativeSD
ZwIsProcessInJob
NtStartProfile
ZwSetSystemEnvironmentValueEx
ZwSetInformationToken
RtlUniform
NtOpenThreadToken
RtlpUnWaitCriticalSection
RtlRunDecodeUnicodeString
RtlFindClearRuns
NtRequestWaitReplyPort
KiUserApcDispatcher
ZwLockRegistryKey
RtlDllShutdownInProgress

msi

MsiConfigureFeatureFromDescriptorA
MsiGetFeatureStateA
MsiSetComponentStateA
MsiRecordDataSize
MsiDatabaseGenerateTransformW
MsiRecordSetStringA
MsiQueryProductStateA
MsiGetProductInfoA
MsiDatabaseGenerateTransformA
MsiProcessAdvertiseScriptA
MsiProvideComponentFromDescriptorA
MsiGetProductCodeFromPackageCodeW
MsiSequenceW
MsiGetLastErrorRecord
MsiSetTargetPathW
MsiInstallMissingComponentA
MsiViewClose
MsiSetInstallLevel
MsiGetPropertyA
MsiQueryFeatureStateW
MsiViewGetErrorW
MsiVerifyPackageW
MsiDatabaseExportA
MsiInstallProductW
MsiIsProductElevatedW
MsiSetFeatureStateA
MsiGetComponentPathW
MsiDatabaseMergeW
MsiGetFeatureUsageW
MsiLocateComponentA

Sections

.text
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ifpcglu
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

95572abb8026184d10dafbd756aa7ece

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ntdll

msi

Sections

.text Size: 34KB - Virtual size: 34KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 260B

.rsrc Size: 2KB - Virtual size: 30KB

ifpcglu Size: - Virtual size: 4KB

.text
Size: 34KB - Virtual size: 34KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 260B

.rsrc
Size: 2KB - Virtual size: 30KB

ifpcglu
Size: - Virtual size: 4KB