440badc9400090eb3f687f66cb49c9e14bb7957a4774d407612dfa8d5b9acc48

Sharing

Copy URL Twitter E-mail

General

Target

440badc9400090eb3f687f66cb49c9e14bb7957a4774d407612dfa8d5b9acc48
Size

224KB
MD5

69cbafbfdef244db91f653d31d89e9be
SHA1

95b864b6776f350466cde11ff6d97e1a6a86bf84
SHA256

440badc9400090eb3f687f66cb49c9e14bb7957a4774d407612dfa8d5b9acc48
SHA512

1922a70e2d241f90719b7e82bed7bb22c4f47cccbc6ddbfe20d2a1855ddc8cfd9d37cf7f581d41d8d1e7a7bb6677a2a6c93d423d2c9f767901699d9747dc76c8
SSDEEP

6144:UbCYQ7PEE7n3xrmNNKhvd+jYUY2MMBqjVEM2K:U2YQ7EE7xroKnzUY2MM8JKK

Score

N/A

Malware Config

Signatures

Files

440badc9400090eb3f687f66cb49c9e14bb7957a4774d407612dfa8d5b9acc48
.exe windows x86

592a0d79c14c490258639f6038f37e32

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStartupInfoW
GetStdHandle
VirtualAlloc
GetProcessHeap
GetCurrentProcessId
CreateMutexA
ExitProcess
GetTempPathW
HeapAlloc
CreateProcessA
IsBadReadPtr
LoadLibraryA
IsValidLocale
GetShortPathNameW
SetStdHandle
ResumeThread
SetLastError
CreateProcessW
GetLocaleInfoA
CompareStringA
lstrcpyW
FileTimeToLocalFileTime

ole32

DoDragDrop

version

GetFileVersionInfoW
GetFileVersionInfoSizeW

advapi32

RegEnumKeyExW
CloseServiceHandle
RegDeleteKeyW
DeleteAce
LockServiceDatabase
RegQueryValueW
RegCreateKeyExW
RegDeleteValueW
RegQueryInfoKeyA
GetTokenInformation
AllocateAndInitializeSid
RegCreateKeyExA
RegDeleteValueA
RegFlushKey
LookupAccountSidW
RegDeleteKeyA
ChangeServiceConfigA
IsTextUnicode

msvcrt

swscanf
fseek
_splitpath
_stricmp
_strcmpi
_snprintf
bsearch
fwrite
localtime
atol
fread
__p__fmode
srand
_makepath

ntdll

NtWriteFile
NtFsControlFile
DbgBreakPoint
RtlOpenCurrentUser
RtlInitAnsiString
NtCreateFile
RtlCreateSecurityDescriptor
NtOpenKey
NtQuerySystemTime
RtlImageNtHeader
NtQuerySystemInformation
NtQueryInformationProcess
RtlSetDaclSecurityDescriptor
NtOpenThreadToken
RtlInitializeResource
RtlCopyUnicodeString
RtlFreeAnsiString
RtlLeaveCriticalSection
_wcsicmp

user32

GetSystemMetrics
DrawFocusRect
GetDC
ReleaseCapture
ScreenToClient
MessageBeep
SendMessageA
FillRect
PostMessageA
LoadIconW
SetCapture
IntersectRect
EnableWindow
TrackPopupMenu
LoadBitmapA
LoadIconA
GetWindowLongW
GetWindowLongA
CharPrevA

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 148KB - Virtual size: 481KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

592a0d79c14c490258639f6038f37e32

Headers

File Characteristics

Imports

kernel32

ole32

version

advapi32

msvcrt

ntdll

user32

Sections

.text Size: 4KB - Virtual size: 4KB

.data Size: 35KB - Virtual size: 35KB

.bss Size: 148KB - Virtual size: 481KB

.idata Size: 35KB - Virtual size: 35KB

.tls Size: - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 16B

.text
Size: 4KB - Virtual size: 4KB

.data
Size: 35KB - Virtual size: 35KB

.bss
Size: 148KB - Virtual size: 481KB

.idata
Size: 35KB - Virtual size: 35KB

.tls
Size: - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 16B