71f6bb482d025cb98a60c0734e8fb414c8cd2e7fa55bdf2fb62b43908cee6d6c

Sharing

Copy URL Twitter E-mail

General

Target

71f6bb482d025cb98a60c0734e8fb414c8cd2e7fa55bdf2fb62b43908cee6d6c
Size

20.5MB
MD5

e503e70c7ede8e568d0feced6d485421
SHA1

d2fec6bd33148858b904f297e6b2a537f3fc9a6b
SHA256

71f6bb482d025cb98a60c0734e8fb414c8cd2e7fa55bdf2fb62b43908cee6d6c
SHA512

88934479c5476597145bd934862ad4823c02e8254088871bf0cabfb4b5eaf6e08a51bbafe723b0d90ba73dc075c5b924071a0533e201c6ef18995ede250e2504
SSDEEP

393216:Hxa1X0lzCYGWPgLlVfmF+1u07kwOwlzoEsimBVi+5yrSX4iAVnOqdi:Q1X0lzC3dmFtBwpsBq0yrSXmZi

Score

N/A

Malware Config

Signatures

Files

71f6bb482d025cb98a60c0734e8fb414c8cd2e7fa55bdf2fb62b43908cee6d6c
.exe windows x86

6b4c61d0923c1aecbfcddabeea5db9e6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MultiByteToWideChar
FreeLibrary
VirtualFree
LocalAlloc
GetModuleFileNameA
GetFileType
GetCurrentThreadId
GetCurrentProcess
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
GetStartupInfoA
InterlockedCompareExchange
Sleep
InterlockedExchange
GetLocaleInfoA
GetStdHandle
LoadLibraryExW
GetStringTypeA
UnhandledExceptionFilter
TerminateProcess
InterlockedIncrement
GetProcessHeap
CreateThread
CloseHandle
GetACP
LeaveCriticalSection
AddAtomW
GetCurrentProcessId
CreateEventA
GetCommandLineW
CreateEventW
HeapCreate
ExitProcess
VirtualQueryEx
_lopen
GetTickCount
GetSystemTimeAsFileTime

user32

SetFocus
SystemParametersInfoW
GetDC
IsIconic
LoadIconW
UnregisterClassA
IsWindowVisible
SetForegroundWindow
GetSystemMetrics
MapWindowPoints
UpdateWindow
CopyRect
KillTimer
PostMessageW
DialogBoxParamW
RegisterWindowMessageW
GetDlgCtrlID
CreateWindowExA
EqualRect
DrawFocusRect
DestroyMenu

gdi32

GetTextColor
Escape
CreateMetaFileA
CreatePalette
GetCurrentPositionEx
SetWindowExtEx
GetCurrentObject
SetMapMode
GetWindowExtEx

advapi32

AllocateAndInitializeSid
CopySid
RegSetValueExA
ImpersonateLoggedOnUser
QueryServiceConfigW
GetUserNameA
LookupPrivilegeValueW
CheckTokenMembership
CryptExportKey
RegDeleteValueA
StartServiceW

msvcrt

_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
?terminate@@YAXXZ
_except_handler3
_controlfp
_amsg_exit
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
__setusermatherr

Sections

.text
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 142KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xdata
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 422KB - Virtual size: 422KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6b4c61d0923c1aecbfcddabeea5db9e6

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

msvcrt

Sections

.text Size: 4.1MB - Virtual size: 4.1MB

.rdata Size: 142KB - Virtual size: 156KB

.xdata Size: 512B - Virtual size: 100B

.tls Size: 1024B - Virtual size: 3KB

.rsrc Size: 422KB - Virtual size: 422KB

.text
Size: 4.1MB - Virtual size: 4.1MB

.rdata
Size: 142KB - Virtual size: 156KB

.xdata
Size: 512B - Virtual size: 100B

.tls
Size: 1024B - Virtual size: 3KB

.rsrc
Size: 422KB - Virtual size: 422KB