a572d1c5a30e4f45210e568a913ee671212326fdb81edc07a2e202f3618b1bb9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a572d1c5a30e4f45210e568a913ee671212326fdb81edc07a2e202f3618b1bb9
Size

69KB
MD5

c5179aba7cb61697f5428cc917044cc6
SHA1

e0748f51fa07f329546882b64143ce8f8ab8cb2c
SHA256

a572d1c5a30e4f45210e568a913ee671212326fdb81edc07a2e202f3618b1bb9
SHA512

d3910e53421b16ce2faf7717727fb0a628b4ab7726f827ec8e1aa31b51fa7935fd23a7bda75186b6e15ab15d9275ad1a7df762ce807fa470615f261f15962eb6
SSDEEP

1536:+pPZbsXOkkkkgL4uqgSZhS9C1duDzHjF5d/lF7/CZ:WZYXsWL4r5281dcHJNZ/C

Score

N/A

Malware Config

Signatures

Files

a572d1c5a30e4f45210e568a913ee671212326fdb81edc07a2e202f3618b1bb9
.exe windows x86

ca4661888ef96ffd56e5246cb6a1cdfe

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindNextVolumeW
TlsAlloc
lstrcpynA
TlsAlloc
lstrcpynA
TlsGetValue
GetLocaleInfoW
lstrcpynA
GetModuleFileNameW
lstrcpynA
GetFullPathNameA
CreateEventA
VirtualAlloc
DeleteFileW
FormatMessageA
lstrlenA
GetNumberFormatA
GetStartupInfoW
SetCurrentDirectoryA
GetCurrentProcess
GetModuleHandleA
lstrcpynA
GetPrivateProfileIntA

vssapi

VssFreeSnapshotProperties
??0CVssWriter@@QAE@XZ
??1CVssWriter@@UAE@XZ
IsVolumeSnapshotted

Sections

.text
Size: 11KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 20KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE