9770cce67d4bd0cca3926eb9e18e13956beddedb352090baaacccbc146cc26fa | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9770cce67d4bd0cca3926eb9e18e13956beddedb352090baaacccbc146cc26fa
Size

307KB
MD5

a443a6b77f2a6d20ff07a046c909256b
SHA1

9a21028c1d390e0abbca0c04f648fa5778f5d4d7
SHA256

9770cce67d4bd0cca3926eb9e18e13956beddedb352090baaacccbc146cc26fa
SHA512

c85e1739b0ef4d904a25531a2dc04f3158f72fa63ca5cdf327741670f0dd07968a813a2d56dcde3c605c382604c839476d26d6f42688745fd8da9d056e96336c
SSDEEP

6144:LVcPCugd1ZFEXTxsJIIG2AoQzrKAKMTHzydBCYv:BcP0qx+IIG2AoAKA/t

Score

N/A

Malware Config

Signatures

Files

9770cce67d4bd0cca3926eb9e18e13956beddedb352090baaacccbc146cc26fa
.exe windows x86

271fe7192877c85cb75ddd08036a1c2e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
TlsAlloc
lstrcpynA
lstrcpynA
DeleteFileW
GetLocaleInfoW
lstrcpynA
SetCurrentDirectoryA
GetCurrentProcess
GetFullPathNameA
TlsAlloc
GetPrivateProfileIntA
lstrcpynA
GetNumberFormatA
lstrcpynA
TlsGetValue
lstrlenA
GetStartupInfoW
VirtualAlloc
CreateEventA
FindNextVolumeW
GetModuleFileNameW
FormatMessageA

vssapi

??1CVssWriter@@UAE@XZ
IsVolumeSnapshotted
??0CVssWriter@@QAE@XZ
VssFreeSnapshotProperties

Sections

.text
Size: 11KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 20KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 289KB - Virtual size: 288KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE