ac7028d0f1eab7ed81eb3d1d6c37f89d357ec524478c210e540333065aace305

Sharing

Copy URL Twitter E-mail

General

Target

ac7028d0f1eab7ed81eb3d1d6c37f89d357ec524478c210e540333065aace305
Size

440KB
MD5

940ee8fd7b96054f22ccc6a5f0e286fa
SHA1

3defdbd9a4aa85474cd169c563d1ac3f10f729e4
SHA256

ac7028d0f1eab7ed81eb3d1d6c37f89d357ec524478c210e540333065aace305
SHA512

4bb51413ffd5bed499943f6d9354a7fa5d7ab4c586d308ff9810f9f12be78d309ee396e1d3a2f402d0eaa5062ecdf3c1ebb05564da7d20719b555a3e00641389
SSDEEP

12288:vD9C5XQlx7ozdS+G+XzJcqyNDJrOEscz/bjs+/2:L9C5XCOzOCW5ucwh

Score

N/A

Malware Config

Signatures

Files

ac7028d0f1eab7ed81eb3d1d6c37f89d357ec524478c210e540333065aace305
.exe windows x86

3780b917a2e3d32683bcce9ffbd516d4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoCreateInstance
CoTaskMemFree
StringFromGUID2
CoGetObjectContext
CoTaskMemAlloc

kernel32

GetLastError
BackupSeek
VirtualAlloc
AddConsoleAliasW

advapi32

RegCloseKey
RegSetValueExW
IsValidSid
FreeSid
RegCreateKeyExW
RegDeleteKeyW
GetLengthSid
CopySid
ReportEventW
EqualSid
OpenProcessToken
SetThreadToken
RegOpenKeyExW
DeregisterEventSource
GetTokenInformation
AllocateAndInitializeSid
OpenThreadToken
RegisterEventSourceW
RegQueryValueExW
DuplicateToken
RegNotifyChangeKeyValue

version

VerQueryValueW

esent

JetCommitTransaction

secur32

GetUserNameExW

ntdll

RtlFreeHeap
RtlAllocateHeap
RtlImageNtHeader

user32

MapWindowPoints
GetDesktopWindow
CloseDesktop
SetWindowPos
DialogBoxParamW
GetProcessWindowStation
DlgDirListComboBoxW
SetDlgItemTextW
EnumPropsA
SetProcessWindowStation
CloseWindowStation
OpenWindowStationW
GetThreadDesktop
GetWindowRect
EndDialog
SetThreadDesktop
LoadStringW

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 387KB - Virtual size: 387KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 38KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3780b917a2e3d32683bcce9ffbd516d4

Headers

DLL Characteristics

File Characteristics

Imports

ole32

kernel32

advapi32

version

esent

secur32

ntdll

user32

Sections

.text Size: 1KB - Virtual size: 1KB

.idata Size: 2KB - Virtual size: 1KB

.rdata Size: 9KB - Virtual size: 8KB

.reloc Size: 512B - Virtual size: 28B

.rsrc Size: 387KB - Virtual size: 387KB

.data Size: 38KB - Virtual size: 1.8MB

.text
Size: 1KB - Virtual size: 1KB

.idata
Size: 2KB - Virtual size: 1KB

.rdata
Size: 9KB - Virtual size: 8KB

.reloc
Size: 512B - Virtual size: 28B

.rsrc
Size: 387KB - Virtual size: 387KB

.data
Size: 38KB - Virtual size: 1.8MB