a85862fc89f2e980206ab254b1ec2475a73ed06b90e8816c07a2b278a7354963

Sharing

Copy URL Twitter E-mail

General

Target

a85862fc89f2e980206ab254b1ec2475a73ed06b90e8816c07a2b278a7354963
Size

235KB
MD5

ffe4a71fe6f26e2beacfd81392c1e4d5
SHA1

0924b0fca1b7b3aa2689e07b56fec196c26f858a
SHA256

a85862fc89f2e980206ab254b1ec2475a73ed06b90e8816c07a2b278a7354963
SHA512

549f37aa8334eac479fd72e3fc091a45563fddd6d4106e399a664b0ff0cb76cf29d2358b847e7bc5442cee27f5aa2de5b95d6962ee1c58d576c62b0193a0767c
SSDEEP

6144:dSeKQQ4/fke1LuYadl3q/qaT9xwrA5Y2zakhh5L0LTObO9o+:dSxifr1p0o/qi9xoA5dzjhh1i0Io+

Score

N/A

Malware Config

Signatures

Files

a85862fc89f2e980206ab254b1ec2475a73ed06b90e8816c07a2b278a7354963
.exe windows x86

6df51642b230dd6c52d668ea9d782ec6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

powrprof

CallNtPowerInformation

shell32

SHGetSpecialFolderPathA
SHGetSpecialFolderPathW

ole32

CoUninitialize
CoInitialize
CoCreateInstance

psapi

GetModuleFileNameExA

user32

CreateWindowExA
TranslateMessage
UnregisterClassA
IsWindowVisible
EnumThreadWindows
RegisterClassExA
SendMessageA
IsIconic
FindWindowA
BeginPaint
GetMessageA
DefWindowProcA
EnumWindowStationsW
DispatchMessageA
GetWindowTextA
EnableWindow
GetWindowThreadProcessId
LoadCursorA
EndPaint
ShowWindow
LoadIconA
DestroyWindow
wvsprintfW
UpdateWindow
PostQuitMessage
GetDesktopWindow
PeekMessageA
RegisterClassA
PostMessageA
FindWindowW

gdi32

GetStockObject

kernel32

WaitForSingleObject
GetLastError
GetVersionExA
CreateToolhelp32Snapshot
GlobalMemoryStatus
MultiByteToWideChar
GetProcessPriorityBoost
SetFileAttributesA
Process32Next
lstrcmpiA
GetPriorityClass
DeleteCriticalSection
ExitProcess
GetDiskFreeSpaceExW
GetTickCount
DeleteFileW
GetCurrentProcess
SuspendThread
LeaveCriticalSection
GetFileSize
SetEvent
ResumeThread
Process32First
SetErrorMode
GetCurrentProcessId
OutputDebugStringA
ExitProcess
GetModuleHandleA
EnterCriticalSection
CreateEventW
GetTempPathW
GetStartupInfoA
Thread32First
OpenThread
SetPriorityClass
TerminateThread
Thread32Next
GetLongPathNameA
GetCommandLineA
GetCurrentThreadId
CloseHandle
WideCharToMultiByte
SetCurrentDirectoryA
lstrlenA
QueryPerformanceCounter
InitializeCriticalSection
ResetEvent
OutputDebugStringW
CreateDirectoryA
GetModuleFileNameW
Sleep
OpenProcess
SetFileAttributesW
CreateDirectoryW
lstrcpyA
CreateThread
GetModuleFileNameA
SetThreadPriority
GetSystemTimeAsFileTime

shlwapi

PathFileExistsW
PathAddBackslashW
PathRemoveFileSpecA
PathRemoveFileSpecW
PathFileExistsA
PathIsDirectoryW

Sections

.text
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.strings
Size: 5KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6df51642b230dd6c52d668ea9d782ec6

Headers

File Characteristics

Imports

powrprof

shell32

ole32

psapi

user32

gdi32

kernel32

shlwapi

Sections

.text Size: 120KB - Virtual size: 119KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 109KB - Virtual size: 109KB

.strings Size: 5KB - Virtual size: 142KB

.text
Size: 120KB - Virtual size: 119KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 109KB - Virtual size: 109KB

.strings
Size: 5KB - Virtual size: 142KB