b9f507395e324bbe011bc37e6799d752e5adb1f6c158414fb838545d12c0a60b

Sharing

Copy URL Twitter E-mail

General

Target

b9f507395e324bbe011bc37e6799d752e5adb1f6c158414fb838545d12c0a60b
Size

325KB
MD5

72d1100df90b3bf961dfe7c9f44896cc
SHA1

7bb38411ade238d4e5db82a229a867da59570b73
SHA256

b9f507395e324bbe011bc37e6799d752e5adb1f6c158414fb838545d12c0a60b
SHA512

e837ca133acd68d407c19e5bfb142ca54269bbca2bc1180d7eff3befc4df7d077e3bef9e30b08e08543a4548683d394924b11ec9f1ec282ea81d54c274394a7d
SSDEEP

6144:Im73inEggC2EKeUECcMHJPGq0i/3zvpYBs7fZNdqJp/p/GxsG1Msd:ImggC2EKlRGOt+s7fZNcJp/pul1Ma

Score

N/A

Malware Config

Signatures

Files

b9f507395e324bbe011bc37e6799d752e5adb1f6c158414fb838545d12c0a60b
.exe windows x86

d2392971d8fe09b7c7c010262816c171

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

ntdll

RtlCreateUserThread
ZwQueryMultipleValueKey
ZwContinue
NtWaitLowEventPair
RtlGetAce
ZwQueryEaFile
RtlAddressInSectionTable
iswalpha
towupper
RtlInt64ToUnicodeString
NtAddAtom
_ui64tow
NtSetInformationToken
RtlTraceDatabaseValidate
RtlUniform
NtFlushKey
RtlDeleteRegistryValue
NtQueryVolumeInformationFile
RtlDllShutdownInProgress
RtlFirstFreeAce
RtlExtendedMagicDivide
RtlLargeIntegerNegate
RtlDeleteTimer
NtTerminateProcess
RtlIsValidIndexHandle
ZwCreateJobObject
RtlMakeSelfRelativeSD
NtOpenFile
RtlGetLengthWithoutLastFullDosOrNtPathElement
ZwQueryOpenSubKeys
RtlpApplyLengthFunction
RtlQueryInformationActiveActivationContext
NtWriteFile
RtlSetOwnerSecurityDescriptor
NtCreateNamedPipeFile
RtlQueryInformationActivationContext
NtUnlockFile
ZwIsProcessInJob
ZwSetThreadExecutionState
memmove
RtlTimeFieldsToTime
RtlQueryDepthSList
wcsstr

kernel32

SetConsoleCursor
GetComputerNameExW
GetLogicalDriveStringsA
GetCPInfo
lstrcmpW
RemoveDirectoryA
lstrcat
GlobalUnlock
lstrlenA
InitAtomTable
WriteConsoleOutputCharacterW
GetShortPathNameA
GlobalSize
GetTempPathW
MapUserPhysicalPages
GetCurrentProcessId
EndUpdateResourceW
WriteConsoleInputW
EnumSystemCodePagesA
GlobalFindAtomA
GetThreadPriority
Module32FirstW
DeleteFileA
EnumDateFormatsA
LoadLibraryA
VirtualAlloc
SetSystemPowerState
GetSystemWindowsDirectoryW
FindNextVolumeW
SetCommMask
WaitNamedPipeW
InterlockedExchangeAdd
FileTimeToSystemTime
GetConsoleCommandHistoryLengthW
IsValidLocale
GetEnvironmentStringsA
GetDefaultCommConfigW
Process32Next
FindClose
CloseProfileUserMapping

crtdll

__threadid
wcsncat
_mbsnbcpy
_snprintf
_tolower
fread
_execlp
_baseminor_dll
_kbhit
atan2
_getw
_winmajor_dll
_mbsninc
_wcsrev
_lseek

user32

GetUserObjectSecurity
GetRawInputBuffer
ScreenToClient
DispatchMessageW
CreateDialogParamA
MessageBoxTimeoutW
IsChild
FreeDDElParam
RemovePropW
UnregisterClassA
InflateRect
ToAsciiEx
ImpersonateDdeClientWindow
GetCursorInfo
IsCharLowerW
EnumPropsA
GetUpdateRect

Sections

.text
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 209KB - Virtual size: 209KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 400KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d2392971d8fe09b7c7c010262816c171

Headers

File Characteristics

Imports

ntdll

kernel32

crtdll

user32

Sections

.text Size: 103KB - Virtual size: 102KB

.rdata Size: 209KB - Virtual size: 209KB

.data Size: 1024B - Virtual size: 400KB

.rsrc Size: 11KB - Virtual size: 10KB

.text
Size: 103KB - Virtual size: 102KB

.rdata
Size: 209KB - Virtual size: 209KB

.data
Size: 1024B - Virtual size: 400KB

.rsrc
Size: 11KB - Virtual size: 10KB