a22bf9776a327d145309961219a436cc895658f6b7dfb3635c5fdc6b925a8941

Sharing

Copy URL Twitter E-mail

General

Target

a22bf9776a327d145309961219a436cc895658f6b7dfb3635c5fdc6b925a8941
Size

309KB
MD5

0ef0892e37877ac515287eef32ad0718
SHA1

93f5517964e85bd21725fc522fc3bfe8c7fd0bff
SHA256

a22bf9776a327d145309961219a436cc895658f6b7dfb3635c5fdc6b925a8941
SHA512

c86194f95c14a36a95c5ef40e86b2eaba2794ff04a63f35489ade231f9070ce5d85047471e4340fb2b806089c32a088e55743fe1fc381bf4d91f0ac19e000d7a
SSDEEP

6144:jVDSEWprbceGiglXPZtmig3LinbBDnj3rLGDgnxA:R2JpceG/lRBOinlnjfQ

Score

N/A

Malware Config

Signatures

Files

a22bf9776a327d145309961219a436cc895658f6b7dfb3635c5fdc6b925a8941
.exe windows x86

9bdaefbf3a1b86d676e91295dc524413

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

EnumProcessModules
GetModuleFileNameExW
EnumProcesses

msi

ord113

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
CloseServiceHandle
ChangeServiceConfig2W
RegQueryValueExW
GetSidSubAuthorityCount
SetTokenInformation
GetNamedSecurityInfoW
GetUserNameW
RegCloseKey
QueryServiceStatus
InitializeSecurityDescriptor
GetAclInformation
SetNamedSecurityInfoW
LookupPrivilegeValueW
CryptAcquireContextW
InitializeAcl
ControlService
GetLengthSid
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
CreateServiceW
SetSecurityDescriptorDacl
AllocateAndInitializeSid
AddAce
RegSetValueExW
RegDeleteValueW
GetSidIdentifierAuthority
OpenSCManagerW
OpenServiceW
GetSidSubAuthority
CryptGetHashParam
CreateProcessAsUserW
CryptCreateHash
DuplicateTokenEx
GetSecurityDescriptorSacl
SetServiceStatus
AdjustTokenPrivileges
SetEntriesInAclW
FreeSid
SetSecurityDescriptorSacl
OpenProcessToken
RegCreateKeyExW
CryptHashData
CryptDestroyHash
CryptGenRandom
RegEnumKeyW
CryptReleaseContext
StartServiceW
GetAce
AddAccessAllowedAce
RegOpenKeyExW

shlwapi

PathFileExistsW
PathFindFileNameW
PathRemoveFileSpecW
PathRemoveExtensionW
PathAppendW
PathFileExistsA
PathIsUNCServerShareW
PathRemoveBlanksW
PathUnquoteSpacesW
SHDeleteKeyW

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock
GetProfileType
UnloadUserProfile
WaitForUserPolicyForegroundProcessing
DllUnregisterServer
DeleteProfileA

shell32

SHGetFolderPathW
SHCreateDirectoryExW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

Process32FirstW
CopyFileW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
DeleteFileW
OpenEventW
HeapSize
GlobalFree
CloseHandle
VirtualQuery
HeapFree
GlobalMemoryStatus
ReleaseMutex
LocalFree
GetSystemDirectoryW
DeleteCriticalSection
GetModuleHandleW
GlobalUnlock
ExpandEnvironmentStringsW
OpenProcess
GlobalLock
UnmapViewOfFile
HeapAlloc
WaitForMultipleObjects
ResetEvent
LeaveCriticalSection
Process32NextW
CreateProcessW
LockResource
GetShortPathNameW
Module32FirstW
MoveFileExW
HeapDestroy
CreateFileW
WideCharToMultiByte
Module32NextW
FindResourceW
SizeofResource
LoadResource
ProcessIdToSessionId
GetSystemTimeAsFileTime
GetLocalTime
CreateEventW
RaiseException
GetCurrentThreadId
MapViewOfFile
ReadFile
EnterCriticalSection
CreateThread
InitializeCriticalSectionAndSpinCount
CreateMutexW
WriteFile
FindFirstFileW
GlobalAlloc
GetSystemTime
TryEnterCriticalSection
SetFilePointer
CreateDirectoryW
GetCommandLineW
GetProcessHeap
OpenMutexW
SetLastError
FindNextFileW
LocalAlloc
OpenFileMappingW
CreateFileMappingW
CreateToolhelp32Snapshot
WaitForSingleObject
FindClose
HeapReAlloc
ReadProcessMemory
FindResourceExW
FreeLibrary
IsDebuggerPresent
IsValidLocale
VirtualAllocEx

kbdlv

KbdLayerDescriptor

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 273KB - Virtual size: 275KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9bdaefbf3a1b86d676e91295dc524413

Headers

File Characteristics

Imports

psapi

msi

advapi32

shlwapi

userenv

shell32

version

kernel32

kbdlv

Sections

.text Size: 20KB - Virtual size: 19KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 273KB - Virtual size: 275KB

.rsrc Size: 9KB - Virtual size: 9KB

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 273KB - Virtual size: 275KB

.rsrc
Size: 9KB - Virtual size: 9KB