eda5664b08e070bac23c379528fc92ce085dc5a8efbe1cf97185e3e263bf8c5f

Sharing

Copy URL Twitter E-mail

General

Target

eda5664b08e070bac23c379528fc92ce085dc5a8efbe1cf97185e3e263bf8c5f
Size

288KB
MD5

833a81cab7aefb951cf6df06734ade4e
SHA1

2e5f098f7ff113cafdcd4ae4e6f2a01f5f53082f
SHA256

eda5664b08e070bac23c379528fc92ce085dc5a8efbe1cf97185e3e263bf8c5f
SHA512

c61bd6c8d1a881361e6780bf35fa66cce106b917fe9f772a81d94b70b31c31cb6786de62c619306854705badad5211ea30d5a8608342465bacb674cdf0f3eb26
SSDEEP

6144:/lr6yDU7fqP/f0LETIOfrlYc5gTTArVR32GOuMMTrzuWeR7PP7EEPMW:/DqyXcLdWrll5gTT82ITrzpoPjR

Score

N/A

Malware Config

Signatures

Files

eda5664b08e070bac23c379528fc92ce085dc5a8efbe1cf97185e3e263bf8c5f
.exe windows x86

967f723b472b772a2acdb23b566da365

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

ReportEventW
OpenProcessToken
CopySid
GetTokenInformation
GetLengthSid
RegisterEventSourceW
DeregisterEventSource
IsValidSid
EqualSid
OpenThreadToken

kernel32

HeapDestroy
UnhandledExceptionFilter
GetThreadLocale
GetSystemTimeAsFileTime
GetCurrentThreadId
HeapAlloc
SetUnhandledExceptionFilter
FormatMessageW
DeleteCriticalSection
RaiseException
EnterCriticalSection
GetProcessHeap
CloseHandle
HeapSize
LeaveCriticalSection
lstrlenW
lstrlenA
IsDebuggerPresent
SetThreadLocale
GetACP
HeapFree
HeapReAlloc
GetCurrentDirectoryA
VirtualAllocEx

oleaut32

VariantChangeType
VariantCopyInd
SystemTimeToVariantTime
SafeArrayGetUBound
SafeArrayRedim
VariantCopy
LoadRegTypeLi
SafeArrayGetLBound
VariantInit
SafeArrayUnlock
SafeArrayCopy
SysStringLen
SafeArrayDestroy
VariantTimeToSystemTime
SysStringByteLen
SysFreeString
LoadTypeLi
VariantClear
SysAllocString
SafeArrayLock
SafeArrayGetVartype
SafeArrayCreate
SysAllocStringByteLen
GetErrorInfo

ole32

CLSIDFromProgID
CoRevertToSelf
CoCreateInstance
CoImpersonateClient

shell32

SHGetFolderPathW

userenv

UnloadUserProfile
GetProfileType
CreateEnvironmentBlock
LoadUserProfileA
GetProfilesDirectoryW
GetGPOListW
GetAppliedGPOListW

user32

UnregisterClassA

shlwapi

PathAppendW

catsrvps

DllUnregisterServer
GetProxyDllInfo
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 258KB - Virtual size: 261KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

967f723b472b772a2acdb23b566da365

Headers

File Characteristics

Imports

advapi32

kernel32

oleaut32

ole32

shell32

userenv

user32

shlwapi

catsrvps

Sections

.text Size: 15KB - Virtual size: 15KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 258KB - Virtual size: 261KB

.rsrc Size: 11KB - Virtual size: 11KB

.text
Size: 15KB - Virtual size: 15KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 258KB - Virtual size: 261KB

.rsrc
Size: 11KB - Virtual size: 11KB