89ffaa095cdf1aabfe6e2b1798a04577256c26649015165e712fa2157f5af136

Sharing

Copy URL Twitter E-mail

General

Target

89ffaa095cdf1aabfe6e2b1798a04577256c26649015165e712fa2157f5af136
Size

165KB
MD5

4a448bbde3eea55757125bbfc4b864c5
SHA1

6b9d11eea14674cf234c4ac7cfb00e5113353bbc
SHA256

89ffaa095cdf1aabfe6e2b1798a04577256c26649015165e712fa2157f5af136
SHA512

e504834de9faaaa66825cce1c689657ba997146497abeb5e34d53349d94c65126dcec4944a0f9780a2e32ce0aff8c0e9de20a853bec4dda1a291658fbb364d57
SSDEEP

3072:QjPD9uiYCzPGt92VyQjl6E67odroCpQmZxq1bdpFWI4Z6jHdHuHqN:QjPPYWw9oyLEJjvZQKI4Z6jHdOW

Score

N/A

Malware Config

Signatures

Files

89ffaa095cdf1aabfe6e2b1798a04577256c26649015165e712fa2157f5af136
.exe windows x86

30f22f9140a62371ff4d06676e080662

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlUpcaseUnicodeStringToOemString
NtConnectPort
NtSetEvent
DbgPrint
NtOpenProcessToken
RtlAllocateHeap

kernel32

Sleep
VirtualFree
GetCommandLineA
GetModuleHandleA
ExitProcess
VirtualAlloc
GetCurrentProcessId
GetCurrentProcess
GetModuleHandleA
GetFileType
SetFileTime
GetTimeZoneInformation
ProcessIdToSessionId
ExitProcess
FindResourceA
GetCommandLineA
VirtualAlloc
VirtualFree
GetCurrentProcessId
GetCurrentProcess
HeapReAlloc
GetConsoleCP
CreateDirectoryW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
GetFileVersionInfoA

user32

GetWindowPlacement
CloseDesktop
WindowFromPoint
IsWindowEnabled
MessageBoxW
EnableMenuItem
PostQuitMessage
EnumChildWindows
GetDlgItemTextA

gdi32

AngleArc
GetTextColor
CreateCompatibleDC
AngleArc
SetTextAlign

msvcrt

_purecall
sprintf
_adjust_fdiv
wcslen
__CxxFrameHandler
wcscpy
exit
_except_handler3

advapi32

RegCloseKey
RegEnumKeyExW
RegSetValueExA
InitializeSecurityDescriptor
GetTokenInformation
FreeSid
RegEnumValueW
RegQueryValueExA
RegQueryValueExW
RegOpenKeyExW

Sections

.code
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 70KB - Virtual size: 394KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 65KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

30f22f9140a62371ff4d06676e080662

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

version

user32

gdi32

msvcrt

advapi32

Sections

.code Size: 8KB - Virtual size: 8KB

.data Size: 5KB - Virtual size: 10KB

.rdata Size: 70KB - Virtual size: 394KB

.idata Size: 65KB - Virtual size: 67KB

.rsrc Size: 16KB - Virtual size: 16KB

.code
Size: 8KB - Virtual size: 8KB

.data
Size: 5KB - Virtual size: 10KB

.rdata
Size: 70KB - Virtual size: 394KB

.idata
Size: 65KB - Virtual size: 67KB

.rsrc
Size: 16KB - Virtual size: 16KB