cd9a378c2844cf6eff95e3d11b90c30c88e0876248d0fa16b227e3828f712d7e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cd9a378c2844cf6eff95e3d11b90c30c88e0876248d0fa16b227e3828f712d7e
Size

815KB
MD5

2ba24a172e78fe94408abba69a4d0bf6
SHA1

b795dca263d16e066a38a1bdd148d1a943947285
SHA256

cd9a378c2844cf6eff95e3d11b90c30c88e0876248d0fa16b227e3828f712d7e
SHA512

c1c86c35df9fbb8165e4fa090f9adf66f910457041d89915de02792ff256ff9aa7343b8a68b88c11613ab1fe8ccebf1eb16ab45145975b30b53aa98565e9e4a2
SSDEEP

12288:YPokLZeTkZacLtSyc+82esDDm4yzF1dNSBSGg4dtW4gjXkg4dAOoDhuOr0hLbMyb:6nltQD2esD64uNSx1UXk5DbO4qR5qs9

Score

N/A

Malware Config

Signatures

Files

cd9a378c2844cf6eff95e3d11b90c30c88e0876248d0fa16b227e3828f712d7e
.exe windows x86

3233b87aec599ee0414cef56d5ae6357

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenA
GetModuleHandleA
lstrcpynA
VirtualAlloc
FormatMessageA
SetCurrentDirectoryA
GetFullPathNameA
DeleteFileW
lstrcpynA
lstrcpynA
GetCurrentProcess
GetLocaleInfoW
FindNextVolumeW
GetStartupInfoW
TlsAlloc
GetNumberFormatA
TlsGetValue
lstrcpynA
TlsAlloc
GetPrivateProfileIntA
CreateEventA
lstrcpynA
GetModuleFileNameW

vssapi

IsVolumeSnapshotted
VssFreeSnapshotProperties
??1CVssWriter@@UAE@XZ
??0CVssWriter@@QAE@XZ

Sections

.text
Size: 11KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 20KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 797KB - Virtual size: 2.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE