d2ab4ef656d295ffca0a1ad4beeb530d509e66574df74d02abf667da249b6ee4

Sharing

Copy URL

Twitter E-mail

General

Target

d2ab4ef656d295ffca0a1ad4beeb530d509e66574df74d02abf667da249b6ee4
Size

160KB
MD5

68bcde222157ff9e6db679e2e434f410
SHA1

d4136b208b43c80f842a40869c607dfe26e4ce2f
SHA256

d2ab4ef656d295ffca0a1ad4beeb530d509e66574df74d02abf667da249b6ee4
SHA512

fec3b11a29d6ec61aab65c15d2ea3bc4558df3c7aaf5da850988d8b9c7e590e6f77f2233ad3d80eb4f2bc8989af5882bed0cde515ac9e44558b668d5bb4beb46
SSDEEP

3072:rqppw9wvwxqhCLTsurUXgJrNSu09jddIZsM1DnwA4xCkwK4rzWKSN/zIblN5FkAK:rqppw9wvwxqATsurUsrNSu09jddIZsM4

Score

N/A

Malware Config

Signatures

Files

d2ab4ef656d295ffca0a1ad4beeb530d509e66574df74d02abf667da249b6ee4
.exe windows x86

0f2d65b7d4e46d00d244d6a2b1758c78

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleW
CreateEventW
ResetEvent
SetEvent
TerminateThread
WideCharToMultiByte
GlobalFree
WriteFile
WTSGetActiveConsoleSessionId
MultiByteToWideChar
lstrlenA
GetTempFileNameW
GetProcAddress
ReadFile
GetFileSize
FlushFileBuffers
WriteConsoleW
SetStdHandle
LoadLibraryW
CreateFileW
GetCommandLineW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
LocalAlloc
LocalFree
CreateProcessW
WaitForSingleObject
CloseHandle
GetModuleFileNameW
CopyFileW
DeleteFileW
CreateDirectoryW
GetTickCount
Sleep
GetLastError
FindResourceExW
FindResourceW
LoadResource
LockResource
GetTempPathW
GetConsoleMode
GetConsoleCP
SetFilePointer
GetCurrentProcessId
SizeofResource
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetStringTypeW
HeapCreate
GetStdHandle
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
IsProcessorFeaturePresent
ExitProcess
GetVolumeInformationW
RaiseException
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RtlUnwind
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
ExitThread
GetCurrentThreadId
CreateThread
HeapSetInformation
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement

shell32

SHGetSpecialFolderPathW
CommandLineToArgvW

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

SysAllocString
SysFreeString

advapi32

RegOpenKeyExW
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
CreateProcessAsUserW
SetServiceStatus
GetTokenInformation
DuplicateTokenEx
RegSetValueExW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
QueryServiceConfigW
UnlockServiceDatabase
LockServiceDatabase
OpenSCManagerW
CreateServiceW
ControlService
QueryServiceStatusEx
StartServiceW
ChangeServiceConfig2W
ChangeServiceConfigW
OpenServiceW
CloseServiceHandle

shlwapi

PathFileExistsW
PathAppendW

winhttp

WinHttpAddRequestHeaders
WinHttpQueryDataAvailable
WinHttpConnect
WinHttpSetStatusCallback
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpCloseHandle
WinHttpReadData
WinHttpOpen
WinHttpSendRequest
WinHttpOpenRequest
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpSetOption

wtsapi32

WTSQueryUserToken

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

Sections

.text
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0f2d65b7d4e46d00d244d6a2b1758c78

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shell32

ole32

oleaut32

advapi32

shlwapi

winhttp

wtsapi32

userenv

Sections

.text Size: 109KB - Virtual size: 109KB

.rdata Size: 31KB - Virtual size: 30KB

.data Size: 5KB - Virtual size: 13KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 11KB - Virtual size: 38KB

.text
Size: 109KB - Virtual size: 109KB

.rdata
Size: 31KB - Virtual size: 30KB

.data
Size: 5KB - Virtual size: 13KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 11KB - Virtual size: 38KB