798085e7e4ab8ed8f19d39a273c6dd068cba6b2bbb769766c7e639cac69bf6cf

Sharing

Copy URL Twitter E-mail

General

Target

798085e7e4ab8ed8f19d39a273c6dd068cba6b2bbb769766c7e639cac69bf6cf
Size

271KB
MD5

6f3fb17b9998061781291d17a9d35a45
SHA1

30d4ee55648978ad6fa2755b989e3350376466fd
SHA256

798085e7e4ab8ed8f19d39a273c6dd068cba6b2bbb769766c7e639cac69bf6cf
SHA512

6d767fc8886842fe7a09259c58af88c4fec78bc8f543c9a2bcd4d8f984ae69ad8e2cc8f654a12c0a308ff2081a95939a8aef55542e1949f040c131e0d6ff1d89
SSDEEP

6144:qTRF9pt5Zdi3+yblSJsmu4+vRg7UgHDlF0TpI7RgGgQl:GF9P5ZaI444g7UqpaTpIVxH

Score

N/A

Malware Config

Signatures

Files

798085e7e4ab8ed8f19d39a273c6dd068cba6b2bbb769766c7e639cac69bf6cf
.exe windows x86

3827f0f5e7bc842060e7328e1d9a7a65

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoGetCallContext
CoDisconnectObject
CoQueryProxyBlanket
CoCreateGuid
CoTaskMemFree
CoSetProxyBlanket
CLSIDFromString
CoImpersonateClient
StringFromGUID2
CoRevertToSelf
CoRegisterClassObject
CoInitializeSecurity
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
StringFromIID
CoUninitialize
StringFromCLSID
CoInitializeEx
CoGetClassObject
CoRevokeClassObject

user32

PeekMessageA
GetMessageA
KillTimer
GetWindowThreadProcessId
LoadStringA
CharUpperA
IsWindowVisible
EnumWindows
DispatchMessageA
MessageBoxA
GetWindowTextA
PostThreadMessageA
CharNextA
wsprintfW
SetTimer
wsprintfA

advapi32

OpenSCManagerA
RegQueryValueExW
CloseServiceHandle
RegOpenKeyExA
RegCloseKey
RegisterEventSourceA
RegEnumKeyExA
ControlService
StartServiceCtrlDispatcherA
DeleteService
ReportEventA
OpenThreadToken
RegCreateKeyExA
RegEnumKeyA
RegQueryValueExA
RegisterServiceCtrlHandlerA
OpenServiceA
RegEnumValueA
AdjustTokenPrivileges
ChangeServiceConfigA
CreateServiceA
GetTokenInformation
DeregisterEventSource
RegQueryInfoKeyA
OpenProcessToken
RegDeleteKeyA
RegDeleteValueA
LookupPrivilegeValueA
RegSetValueExA
SetThreadToken
SetServiceStatus
RegCreateKeyA

kernel32

HeapFree
HeapCreate
UnmapViewOfFile
GetVersionExA
FindFirstFileA
lstrcpynA
GetThreadLocale
HeapSize
lstrcatA
GetModuleHandleA
GetLastError
FreeLibrary
LocalAlloc
EnterCriticalSection
WaitForSingleObject
GetPrivateProfileSectionA
TlsFree
GetSystemDirectoryA
IsBadWritePtr
TerminateProcess
lstrcpyA
SizeofResource
SetFilePointer
SetLastError
GetCurrentProcess
FindClose
LocalSize
WriteFile
ReadProcessMemory
GetCurrentThreadId
MultiByteToWideChar
CloseHandle
IsBadCodePtr
TlsGetValue
CreateDirectoryA
GetProcessTimes
HeapDestroy
TlsSetValue
GetModuleHandleW
CreateEventA
GetStringTypeW
LoadLibraryA
SetEnvironmentVariableA
FormatMessageA
ReadFile
WritePrivateProfileStringA
GetCurrentThread
MapViewOfFile
RaiseException
GetComputerNameA
GetCurrentProcessId
FindResourceExA
GetSystemInfo
GetPrivateProfileIntA
DeleteCriticalSection
CompareStringW
GetFileAttributesA
GetProfileStringA
FindResourceA
LCMapStringW
LocalFree
SetUnhandledExceptionFilter
LockResource
GetStdHandle
GetTickCount
HeapAlloc
EnumSystemLanguageGroupsW
GetExitCodeProcess
GetStartupInfoA
GetACP
RtlUnwind
GetProcAddress
GetCPInfo
SetEvent
CreateFileMappingA
CompareStringA
LoadLibraryExA
LeaveCriticalSection
IsBadReadPtr
CreateProcessW
CreateProcessA
HeapReAlloc
CreateMutexA
ResetWriteWatch
LoadResource
CreateFileA
OpenProcess
TlsAlloc
TerminateThread
GetLocaleInfoA
lstrlenA
lstrcmpiA
GetModuleFileNameW
ReleaseMutex
CreateThread
SetStdHandle
WideCharToMultiByte
GetEnvironmentStrings
GetVersion
VirtualFree
VirtualProtect
lstrlenW
GetFileType
GetPrivateProfileStringA
InterlockedIncrement
GetProcessHeap
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetPrivateProfileSectionNamesA
WriteProfileStringA
InitializeCriticalSection
InterlockedCompareExchange
Sleep
LoadLibraryW
GetStringTypeA
DuplicateHandle
LCMapStringA
SetEndOfFile
GetCommandLineA
VirtualQuery
FreeEnvironmentStringsW
SetHandleCount
InterlockedExchange
IsDBCSLeadByte
InterlockedDecrement
VirtualAlloc
SetErrorMode
FlushFileBuffers
QueryPerformanceCounter
ExitProcess
GetModuleFileNameA
GetOEMCP
HeapFree

rpcrt4

RpcStringBindingComposeA
RpcBindingSetAuthInfoA
RpcBindingFromStringBindingA
NdrClientCall
RpcStringFreeA

oleacc

LresultFromObject
AccessibleObjectFromWindow

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

shlwapi

PathFindExtensionA

Sections

.text
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 199KB - Virtual size: 198KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3827f0f5e7bc842060e7328e1d9a7a65

Headers

File Characteristics

Imports

ole32

user32

advapi32

kernel32

rpcrt4

oleacc

version

shlwapi

Sections

.text Size: 65KB - Virtual size: 64KB

.rdata Size: 6KB - Virtual size: 145KB

.data Size: 199KB - Virtual size: 198KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 65KB - Virtual size: 64KB

.rdata
Size: 6KB - Virtual size: 145KB

.data
Size: 199KB - Virtual size: 198KB

.rsrc
Size: 512B - Virtual size: 4KB