66a5e0d793541d5865ec7aa35178f314cc6eb92a10c7615516863710fcebec9b

Sharing

Copy URL

Twitter E-mail

General

Target

66a5e0d793541d5865ec7aa35178f314cc6eb92a10c7615516863710fcebec9b
Size

337KB
MD5

4e810196b3f8aa8fbfa03ffe9d844a82
SHA1

3de47200745472562c4e2f963f3dc047b5e84f7d
SHA256

66a5e0d793541d5865ec7aa35178f314cc6eb92a10c7615516863710fcebec9b
SHA512

6f25a3e6499fbc2b21f9346da767c7fca4cbff26656867d8f496f058eff83f0b239611297a66a73e556e028d4112cde02de9c4c8473acd67029bec9c563df0ac
SSDEEP

6144:Zin14AUzOHmhguMZ4Q7Q4Uo7+VjE0/6E/7DLz2hddmSvAu:Zi14bOHmNMN7Qo7+pE0/7HOmPu

Score

N/A

Malware Config

Signatures

Files

66a5e0d793541d5865ec7aa35178f314cc6eb92a10c7615516863710fcebec9b
.exe windows x86

7e5e4d10e4fbfcf9a7237b131c9e1a82

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

shell32

SHGetSpecialFolderPathA

user32

wsprintfA

advapi32

QueryServiceStatusEx
OpenThreadToken
CloseServiceHandle
GetAclInformation
LookupAccountNameW
RegOpenKeyExA
MakeAbsoluteSD
GetLengthSid
RevertToSelf
InitializeSecurityDescriptor
GetSecurityDescriptorControl
ControlService
GetSecurityDescriptorSacl
CopySid
GetSecurityDescriptorOwner
ImpersonateSelf
EqualSid
CryptAcquireContextA
MakeSelfRelativeSD
RegQueryValueExA
AdjustTokenPrivileges
GetFileSecurityW
CryptDestroyHash
InitializeAcl
LookupPrivilegeValueA
SetFileSecurityW
OpenServiceW
RegDeleteValueA
SetSecurityDescriptorDacl
IsValidSid
CryptReleaseContext
CryptGetHashParam
RegCloseKey
CryptCreateHash
CryptHashData
GetAce
GetSecurityDescriptorLength
OpenSCManagerA
GetSecurityDescriptorGroup
RegNotifyChangeKeyValue
RegSetValueExA
AddAce
GetSecurityDescriptorDacl

shlwapi

PathAddBackslashW
PathStripPathA
PathAppendW
PathQuoteSpacesW
PathStripPathW
PathRemoveFileSpecW
PathFileExistsW
PathRemoveExtensionW

ole32

CoCreateInstance
CoTaskMemFree
CoUninitialize
CoInitializeEx
StringFromGUID2
GetHGlobalFromStream
StringFromCLSID
CoDisconnectObject
OleRun
CoInitialize
CoQueryProxyBlanket
CoSetProxyBlanket
CreateStreamOnHGlobal
OleInitialize
CoGetMalloc
CoGetClassObject
CoCreateGuid

psapi

GetModuleBaseNameA

kernel32

lstrlenW
OpenEventA
GetStdHandle
GetProcessHeap
FormatMessageA
VirtualAlloc
CreateThread
GetUserDefaultLCID
LockResource
CreateFileA
HeapFree
VirtualProtect
VirtualFree
HeapReAlloc
SizeofResource
RtlUnwind
GetSystemTime
EnterCriticalSection
CreateWaitableTimerA
GetCurrentThreadId
VirtualQuery
SetLastError
WaitForSingleObject
GetOEMCP
HeapAlloc
LocalAlloc
SetStdHandle
GetFileType
SetWaitableTimer
SetFilePointer
TlsAlloc
LCMapStringA
UnhandledExceptionFilter
WideCharToMultiByte
SetHandleCount
LeaveCriticalSection
GetSystemInfo
HeapSize
GetSystemTimeAsFileTime
FlushFileBuffers
FindResourceA
FreeEnvironmentStringsA
IsValidCodePage
ReadFile
EnumSystemLocalesA
GlobalLock
lstrlenA
LCMapStringW
OpenProcess
FindResourceExA
IsValidLocale
WriteFile
TlsSetValue
GetCommandLineA
DeleteCriticalSection
HeapDestroy
CancelWaitableTimer
LoadResource
GlobalAlloc
WaitForMultipleObjects
ResumeThread
GetThreadLocale
GlobalSize
GetModuleHandleA
TlsGetValue
FreeEnvironmentStringsW
SetEndOfFile
CloseHandle
GlobalUnlock
LocalFree
GetACP
TlsFree
RaiseException
CreateEventA
CreateProcessW
IsBadCodePtr
SetUnhandledExceptionFilter
lstrcmpA
VirtualAllocEx

userenv

UnloadUserProfile

oleaut32

VariantTimeToSystemTime
SysFreeString
SysAllocString
SafeArrayCreate
LoadTypeLi
VariantCopyInd
SystemTimeToVariantTime
SafeArrayUnlock
VariantChangeType
SysStringByteLen
SafeArrayGetDim
SafeArrayDestroy
SafeArrayCopy
VariantInit
SafeArrayGetElement
VarBstrCmp
SafeArrayCreateVectorEx
SafeArrayLock
SafeArrayGetUBound
SafeArrayRedim
SafeArrayUnaccessData
GetErrorInfo
SysStringLen
LoadRegTypeLi
SysAllocStringByteLen
VariantClear
GetRecordInfoFromGuids
SafeArrayGetVartype
SafeArrayAccessData
VariantCopy
SysAllocStringLen
SafeArrayGetLBound

atmlib

ATMFinish
ATMGetNtmFields
ATMXYShowTextW
ATMForceFontChange
ATMMakePFM
ATMGetFontInfo
ATMFontAvailableW
ATMFontStatusW
ATMMakePSSA
ATMGetNtmFieldsW

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 309KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7e5e4d10e4fbfcf9a7237b131c9e1a82

Headers

File Characteristics

Imports

version

shell32

user32

advapi32

shlwapi

ole32

psapi

kernel32

userenv

oleaut32

atmlib

Sections

.text Size: 19KB - Virtual size: 18KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 309KB - Virtual size: 1.5MB

.rsrc Size: 3KB - Virtual size: 2KB

.text
Size: 19KB - Virtual size: 18KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 309KB - Virtual size: 1.5MB

.rsrc
Size: 3KB - Virtual size: 2KB