9cb0e6c827ebe4e9e39e3b891f097089f602eb62bff6a083daf0d4e431385491

Sharing

Copy URL Twitter E-mail

General

Target

9cb0e6c827ebe4e9e39e3b891f097089f602eb62bff6a083daf0d4e431385491
Size

260KB
MD5

38bdcb3ab956512593bcaaff54bea500
SHA1

125a19ab3703663414cec60d88876a0b2cac08f4
SHA256

9cb0e6c827ebe4e9e39e3b891f097089f602eb62bff6a083daf0d4e431385491
SHA512

0c6b0fbf171dff6fe69b8dbd50751ca1b2fe301b35062f912a3aafef919927575615cb46dd5c309c7c209595c2329defa612bcd8637313e2bf79a1b588521376
SSDEEP

3072:1gghgeilksPx7keseWBOlbi4umkrrhtR05mo0uNT/0NNEAKwNAjLlTOMGCNkUmmk:1bfgzuRBMbi4Ird05moJN/0NNpSLRN

Score

N/A

Malware Config

Signatures

Files

9cb0e6c827ebe4e9e39e3b891f097089f602eb62bff6a083daf0d4e431385491
.exe windows x86

0f8ce83dfbfbe6df0d1c7488c59f7511

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenProcess
GetProcAddress
GetModuleHandleA
GetCurrentProcessId
GetStdHandle
GetLastError
lstrlenA
SetFilePointer
GetFileSize
LoadResource
SizeofResource
FindResourceA
GetEnvironmentVariableA
MultiByteToWideChar
FreeLibrary
LoadLibraryA
GetCurrentProcess
GetCurrentThreadId
SetFileTime
GetFileTime
GetWindowsDirectoryA
TerminateProcess
CopyFileA
CreateEventA
DeleteFileA
SetThreadPriority
CreateThread
GetStringTypeA
LCMapStringW
LCMapStringA
FlushFileBuffers
SetStdHandle
GetOEMCP
GetACP
GetCPInfo
HeapReAlloc
VirtualAlloc
GetStringTypeW
HeapAlloc
RtlUnwind
VirtualFree
HeapCreate
HeapDestroy
GetFileType
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
CreateToolhelp32Snapshot
DeviceIoControl
Process32First
lstrcmpiA
Process32Next
GetVersionExA
GetTickCount
OpenEventA
Sleep
SetEvent
CloseHandle
GetTempPathA
GetSystemDirectoryA
CreateFileA
GetModuleFileNameA
WriteFile
WinExec
MoveFileExA
ExitProcess
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
HeapFree
GetVersion
MoveFileA
GetStartupInfoA
GetCommandLineA

user32

GetWindowThreadProcessId
PostThreadMessageA
GetMessageA
GetInputState
EnumWindows
GetWindowTextA
PostMessageA
wsprintfA
LoadCursorA
RegisterClassA
MessageBoxA
CreateWindowExA
ShowWindow
UpdateWindow
DefWindowProcA
BeginPaint
GetClientRect
DrawTextA
EndPaint
LoadIconA

gdi32

GetStockObject

advapi32

RegDeleteValueA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
ControlService
DeleteService
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
OpenSCManagerA
CreateServiceA
OpenServiceA
StartServiceA
CloseServiceHandle
RegEnumValueA

shell32

ShellExecuteA

shlwapi

StrStrIA
PathFileExistsA

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 204KB - Virtual size: 203KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0f8ce83dfbfbe6df0d1c7488c59f7511

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 16KB - Virtual size: 19KB

.rsrc Size: 204KB - Virtual size: 203KB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 16KB - Virtual size: 19KB

.rsrc
Size: 204KB - Virtual size: 203KB