c409f5e2989e9f054fe48e482e7f801da60d08f8124ac56d41b2ef8807843eda | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c409f5e2989e9f054fe48e482e7f801da60d08f8124ac56d41b2ef8807843eda
Size

813KB
MD5

0b79b75ef2381a9d1bf368a09ac0935c
SHA1

a7c8f33e53ad6f5871300219c7f970f2e11fd6d2
SHA256

c409f5e2989e9f054fe48e482e7f801da60d08f8124ac56d41b2ef8807843eda
SHA512

7b5817e14f8e20df325be3d5b5517c697f46f9aeca1f6d688e167c8ff51f40593fc2e57f5b231473963e71a30eee0a1100daf9edf50fae2595ce5080cfc88a1a
SSDEEP

24576:YnV4KkofIezO2UkaU+5O4FtA4TViNRj3TM3qN:Y+KTIUUka5/E4TVE9AaN

Score

N/A

Malware Config

Signatures

Files

c409f5e2989e9f054fe48e482e7f801da60d08f8124ac56d41b2ef8807843eda
.exe windows x86

dc3baa72a84876eb66a5d61637e151b3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetNumberFormatA
lstrcpynA
GetStartupInfoW
GetFullPathNameA
GetCurrentProcess
VirtualAlloc
DeleteFileW
lstrcpynA
lstrlenA
GetModuleHandleA
CreateEventA
TlsGetValue
TlsAlloc
lstrcpynA
lstrcpynA
GetModuleFileNameW
GetPrivateProfileIntA
FindNextVolumeW
GetLocaleInfoW
SetCurrentDirectoryA
lstrcpynA
SetConsoleTitleW
TlsAlloc

vbscript

DllUnregisterServer
DllGetClassObject
DllRegisterServer
DllCanUnloadNow

Sections

.text
Size: 11KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 796KB - Virtual size: 2.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE