44309546c982528e4ca551d5c4b0073cee7ffc93f785e7c4cae21b075a8bc966

Sharing

Copy URL Twitter E-mail

General

Target

44309546c982528e4ca551d5c4b0073cee7ffc93f785e7c4cae21b075a8bc966
Size

291KB
MD5

3cbae0766e394fd56260690223329ffa
SHA1

632562ff6d9329aa3cd50002f281000945404f18
SHA256

44309546c982528e4ca551d5c4b0073cee7ffc93f785e7c4cae21b075a8bc966
SHA512

25deb48c6b27ac5eb73941737e5d2611bd2c62007166a8426a7eaa78ab3ff916fecb7eea2ad59e6246966621b85901acbc4ab5abae5856623faff684f693531f
SSDEEP

6144:f/PmVne7psQcfB+DeS7HtNN4F2mEp0knUdO6iIWm:fmVeODp+iWN70knUdO7m

Score

N/A

Malware Config

Signatures

Files

44309546c982528e4ca551d5c4b0073cee7ffc93f785e7c4cae21b075a8bc966
.exe windows x86

dc25be152f02b32800ce4dbf2f0a9df7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpynA
lstrcatA
GetCurrentThreadId
CreateEventA
SetEvent
LoadResource
FindResourceA
GetModuleHandleA
GetCurrentProcessId
GetModuleFileNameA
OpenEventA
OpenSemaphoreA
GetLocalTime
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
ExitProcess
lstrcpyA
Sleep
FreeLibrary
LoadLibraryA
WaitForMultipleObjects
GetExitCodeThread
WaitForSingleObject
lstrlenA
lstrcmpiA
lstrlenW
InitializeCriticalSection
RaiseException
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
CreateMutexA
CreateSemaphoreA
GetLastError
CreateMutexW
GetProcAddress

user32

CharUpperA
CharNextA
MessageBoxA
GetMessageA
PeekMessageA
DefWindowProcA
PostQuitMessage
CreateWindowExA
RegisterClassExA

advapi32

StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
CreateServiceA
SetServiceStatus
RegQueryInfoKeyA
ControlService
DeleteService
OpenSCManagerA
OpenServiceA
CloseServiceHandle
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
CryptGetProvParam
CryptReleaseContext
CryptDestroyHash
CryptDestroyKey
CryptDeriveKey
CryptHashData
CryptCreateHash
CryptAcquireContextA
CryptDecrypt
CryptGetHashParam
SetSecurityDescriptorDacl
InitializeSecurityDescriptor

ole32

CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

SysAllocString
SysAllocStringByteLen
SysAllocStringLen
SysStringByteLen
VariantInit
VarBstrCmp
SysStringLen
VariantClear
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysFreeString

shlwapi

PathFindExtensionA

samlib

SamSetInformationGroup
SamEnumerateUsersInDomain
SamQueryInformationAlias
SamGetDisplayEnumerationIndex
SamLookupNamesInDomain
SamQueryDisplayInformation
SamiChangePasswordUser
SamiEncryptPasswords

dfsshlex

DllUnregisterServer

Sections

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.GJa
Size: 3KB - Virtual size: 379KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nzkj
Size: 2KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.D
Size: 2KB - Virtual size: 215KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 96KB - Virtual size: 193KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.w
Size: 2KB - Virtual size: 288KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 296KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xn
Size: 3KB - Virtual size: 486KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.H
Size: 4KB - Virtual size: 361KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.B
Size: 1KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 117KB - Virtual size: 214KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.H
Size: 512B - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dc25be152f02b32800ce4dbf2f0a9df7

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

samlib

dfsshlex

Sections

.rdata Size: 9KB - Virtual size: 9KB

.GJa Size: 3KB - Virtual size: 379KB

.nzkj Size: 2KB - Virtual size: 15KB

.text Size: 14KB - Virtual size: 13KB

.D Size: 2KB - Virtual size: 215KB

.rdata Size: 3KB - Virtual size: 41KB

.edata Size: 96KB - Virtual size: 193KB

.w Size: 2KB - Virtual size: 288KB

.data Size: 6KB - Virtual size: 296KB

.xn Size: 3KB - Virtual size: 486KB

.H Size: 4KB - Virtual size: 361KB

.B Size: 1KB - Virtual size: 200KB

.edata Size: 117KB - Virtual size: 214KB

.H Size: 512B - Virtual size: 33KB

.rsrc Size: 24KB - Virtual size: 24KB

.rdata
Size: 9KB - Virtual size: 9KB

.GJa
Size: 3KB - Virtual size: 379KB

.nzkj
Size: 2KB - Virtual size: 15KB

.text
Size: 14KB - Virtual size: 13KB

.D
Size: 2KB - Virtual size: 215KB

.rdata
Size: 3KB - Virtual size: 41KB

.edata
Size: 96KB - Virtual size: 193KB

.w
Size: 2KB - Virtual size: 288KB

.data
Size: 6KB - Virtual size: 296KB

.xn
Size: 3KB - Virtual size: 486KB

.H
Size: 4KB - Virtual size: 361KB

.B
Size: 1KB - Virtual size: 200KB

.edata
Size: 117KB - Virtual size: 214KB

.H
Size: 512B - Virtual size: 33KB

.rsrc
Size: 24KB - Virtual size: 24KB