fa5220ec2ccd87e2c3d104354b0ae7b0ad12193f2ae1a00b5def323b35665537

Sharing

Copy URL

Twitter E-mail

General

Target

fa5220ec2ccd87e2c3d104354b0ae7b0ad12193f2ae1a00b5def323b35665537
Size

288KB
MD5

70955c6d019b1861e0e5011f82ed5ded
SHA1

5265345b4354416d311003e27ffe52e385efc022
SHA256

fa5220ec2ccd87e2c3d104354b0ae7b0ad12193f2ae1a00b5def323b35665537
SHA512

b2633d8c3d2aaeca63ba4960541e82a96ad96d12614690173278a1869e653d328f24d62e81d5c63639928802b88add2d5cce4cdfe9d9c80f1a4e80cd229bca1d
SSDEEP

6144:Zlr6yDU7fqP/f0LETIOfrlYc5gTTArVR32GOuMMTrzuWeR7PP7EEPMW:9DqyXcLdWrll5gTT82ITrzpoPjR

Score

N/A

Malware Config

Signatures

Files

fa5220ec2ccd87e2c3d104354b0ae7b0ad12193f2ae1a00b5def323b35665537
.exe windows x86

967f723b472b772a2acdb23b566da365

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

ReportEventW
OpenProcessToken
CopySid
GetTokenInformation
GetLengthSid
RegisterEventSourceW
DeregisterEventSource
IsValidSid
EqualSid
OpenThreadToken

kernel32

HeapDestroy
UnhandledExceptionFilter
GetThreadLocale
GetSystemTimeAsFileTime
GetCurrentThreadId
HeapAlloc
SetUnhandledExceptionFilter
FormatMessageW
DeleteCriticalSection
RaiseException
EnterCriticalSection
GetProcessHeap
CloseHandle
HeapSize
LeaveCriticalSection
lstrlenW
lstrlenA
IsDebuggerPresent
SetThreadLocale
GetACP
HeapFree
HeapReAlloc
GetCurrentDirectoryA
VirtualAllocEx

oleaut32

VariantChangeType
VariantCopyInd
SystemTimeToVariantTime
SafeArrayGetUBound
SafeArrayRedim
VariantCopy
LoadRegTypeLi
SafeArrayGetLBound
VariantInit
SafeArrayUnlock
SafeArrayCopy
SysStringLen
SafeArrayDestroy
VariantTimeToSystemTime
SysStringByteLen
SysFreeString
LoadTypeLi
VariantClear
SysAllocString
SafeArrayLock
SafeArrayGetVartype
SafeArrayCreate
SysAllocStringByteLen
GetErrorInfo

ole32

CLSIDFromProgID
CoRevertToSelf
CoCreateInstance
CoImpersonateClient

shell32

SHGetFolderPathW

userenv

UnloadUserProfile
GetProfileType
CreateEnvironmentBlock
LoadUserProfileA
GetProfilesDirectoryW
GetGPOListW
GetAppliedGPOListW

user32

UnregisterClassA

shlwapi

PathAppendW

catsrvps

DllUnregisterServer
GetProxyDllInfo
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 258KB - Virtual size: 261KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

967f723b472b772a2acdb23b566da365

Headers

File Characteristics

Imports

advapi32

kernel32

oleaut32

ole32

shell32

userenv

user32

shlwapi

catsrvps

Sections

.text Size: 15KB - Virtual size: 15KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 258KB - Virtual size: 261KB

.rsrc Size: 11KB - Virtual size: 11KB

.text
Size: 15KB - Virtual size: 15KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 258KB - Virtual size: 261KB

.rsrc
Size: 11KB - Virtual size: 11KB