86f4456c8cf43c87a2e1bc7afee1983e4de28b7156aa69b5107d4aef9db301a1

Sharing

Copy URL Twitter E-mail

General

Target

86f4456c8cf43c87a2e1bc7afee1983e4de28b7156aa69b5107d4aef9db301a1
Size

192KB
MD5

617ac42721980cc6dd9a0ff5a92b1776
SHA1

f4408cc2c1d13149f14fc4fba6567e2c47245373
SHA256

86f4456c8cf43c87a2e1bc7afee1983e4de28b7156aa69b5107d4aef9db301a1
SHA512

301b23bb174319f8e4a7376b2c2cf513818cfbf430959c7bf9292c4b3a1207c0fafb388b1b1929577ba6ffe22bb27cddebc17e4b8f6baac3e15e55f6acc041a2
SSDEEP

3072:9r2eAiybKOiO8YDLQ6FGDHDpmKsuRgv32cnhIu8DpeAqy82eadRiDLvCL:xNqkVYDLQ6FMDpmBL32wSu8DpoCTLsG

Score

N/A

Malware Config

Signatures

Files

86f4456c8cf43c87a2e1bc7afee1983e4de28b7156aa69b5107d4aef9db301a1
.exe windows x86

3ddbfaa95298ddcbf280dd8d1a8a2368

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

LookupPrivilegeValueA
EqualSid
DeleteService
AllocateAndInitializeSid
RegOpenKeyExA
OpenSCManagerA
ControlService
RegCloseKey
GetTokenInformation
CloseServiceHandle
OpenProcessToken
RegEnumKeyExA
RegSetValueExA
RegDeleteKeyA
RegQueryValueExA
FreeSid
OpenServiceA
AdjustTokenPrivileges
RegDeleteValueA

msvcrt

__getmainargs
_access
_mbscmp
_mbsupr
strstr
_mbschr
__setusermatherr
_cexit
__set_app_type
exit
_initterm
memset
_ismbblead
memmove
strchr
_acmdln
_amsg_exit
_mbsinc
_adjust_fdiv
_XcptFilter
_getcwd
memcpy
__p__fmode
__p__commode
strtok
?terminate@@YAXXZ
_mbsicmp
malloc
_controlfp
_mbsstr
_exit

user32

SendMessageA
wsprintfA
LoadIconA
FindWindowA
ExitWindowsEx
LoadStringA
MessageBoxA

kernel32

SetFileAttributesA
GetCommandLineA
lstrcpyA
GetFileSize
GlobalAlloc
UnhandledExceptionFilter
VirtualProtect
GetPrivateProfileStringA
MoveFileExA
CreateFileA
GetProcAddress
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
lstrcpynA
CreateFileMappingA
GetSystemDirectoryA
GetCurrentThreadId
GlobalFree
FindNextFileA
MapViewOfFile
CreateFileW
LoadLibraryA
CreateProcessA
SetEndOfFile
UnmapViewOfFile
GetModuleHandleA
Sleep
SetFilePointer
lstrcatA
InterlockedCompareExchange
GetShortPathNameA
GetTickCount
GetLastError
DeleteFileA
FreeLibrary
GetExitCodeProcess
GetVersionExA
QueryPerformanceCounter
FindFirstFileA
FindClose
RemoveDirectoryA
GetFileType
GetCurrentProcess
CloseHandle
GetStartupInfoA
GetWindowsDirectoryA
CreateDirectoryA
TerminateProcess
InterlockedExchange
lstrlenA
GetCurrentProcessId
WaitForSingleObject

setupapi

SetupDiOpenDevRegKey
SetupDiCallClassInstaller
SetupDiEnumDeviceInfo
SetupDiDeleteDeviceInfo
SetupDiGetDeviceRegistryPropertyA
SetupDiGetClassDevsA

ntdll

RtlUnwind

Sections

.text
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 101KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3ddbfaa95298ddcbf280dd8d1a8a2368

Headers

File Characteristics

Imports

advapi32

msvcrt

user32

kernel32

setupapi

ntdll

Sections

.text Size: 83KB - Virtual size: 83KB

.rdata Size: 3KB - Virtual size: 15KB

.data Size: 101KB - Virtual size: 1.1MB

.rsrc Size: 3KB - Virtual size: 2KB

.text
Size: 83KB - Virtual size: 83KB

.rdata
Size: 3KB - Virtual size: 15KB

.data
Size: 101KB - Virtual size: 1.1MB

.rsrc
Size: 3KB - Virtual size: 2KB