f988a5b2656e030f1302329885db2933c3e482eff9dec7c119ffc27923e80310

Sharing

Copy URL Twitter E-mail

General

Target

f988a5b2656e030f1302329885db2933c3e482eff9dec7c119ffc27923e80310
Size

158KB
MD5

0eae75a7ddd38c6e094a68a4fdee0af0
SHA1

6675690f13ba182953d130bba58d778b26e866e2
SHA256

f988a5b2656e030f1302329885db2933c3e482eff9dec7c119ffc27923e80310
SHA512

27821968526bc19439cc59bdfbac38b3fb9b1aaa375e39f602ba7fa8500700dc6d7c92d17c24288732f305939a273f4b67e2422d3ce7d5eea5e92c7144b7e931
SSDEEP

3072:ZdeSJfuQj6v0EQGijgc2CMdsTmOFLc9qo:Z8qfZ6v0pGrcFCamOd4

Score

N/A

Malware Config

Signatures

Files

f988a5b2656e030f1302329885db2933c3e482eff9dec7c119ffc27923e80310
.exe windows x86

6bee82c5540e5893dd9c1b9581ddcbfb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenA
FlushInstructionCache
lstrcmpW
GetSystemInfo
WaitForSingleObject
GlobalLock
GlobalUnlock
FindResourceW
LoadResource
LockResource
GlobalFree
FreeResource
lstrcatW
lstrlenW
lstrcpyW
InterlockedExchange
GetTempPathA
GetTempFileNameA
DeleteFileA
ReadFile
CloseHandle
LocalAlloc
InterlockedCompareExchange
OutputDebugStringA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetVersionExW
GetCurrentDirectoryW
HeapSize
SetLastError
Sleep
LeaveCriticalSection
IsDebuggerPresent
IsProcessorFeaturePresent
TlsAlloc
InterlockedIncrement
GetModuleHandleW
HeapFree
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
SizeofResource
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetSystemTimeAsFileTime
EnterCriticalSection
GetCPInfo
GetACP
IsValidCodePage
HeapAlloc
HeapReAlloc
LoadLibraryW
WriteFile
GetModuleFileNameW
GetStringTypeW
FreeLibrary
LoadLibraryA
GetProcAddress
GetModuleHandleA
DisableThreadLibraryCalls
GetLastError
LocalFree
TlsFree
TlsGetValue
TlsSetValue
GetStdHandle
RaiseException
RtlUnwind
UnhandledExceptionFilter
GetCommandLineA
MultiByteToWideChar
WideCharToMultiByte
InterlockedDecrement
GetVersion
VirtualAlloc
VirtualFree
InitializeCriticalSection
DeleteCriticalSection
GetFileSize
CreateFileW
lstrcmpiW
lstrcpynW
DebugBreak
GetStartupInfoA
CreateFileA
ExitProcess
CreateDirectoryExW
GetStartupInfoW
ExitThread

user32

IsCharAlphaNumericA
GetKeyboardType

advapi32

LogonUserW
RegEnumKeyExW
GetLengthSid
LookupAccountSidW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
ConvertSidToStringSidW

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen

msvcrt

wcsstr
strstr
wcscspn
memmove
iswspace
wcsncmp
swscanf
wcstok
wcstol
wcschr
wcsrchr
strrchr
strtoul
isxdigit
realloc
fwrite
qsort
fopen
tolower
strcspn
ungetc
strpbrk
strncmp
strlen
strcmp
strchr
malloc
free
fflush
fclose
ceil
bsearch

Sections

.text
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6bee82c5540e5893dd9c1b9581ddcbfb

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

msvcrt

Sections

.text Size: 56KB - Virtual size: 53KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 40KB - Virtual size: 2.2MB

.rsrc Size: 48KB - Virtual size: 47KB

.text
Size: 56KB - Virtual size: 53KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 40KB - Virtual size: 2.2MB

.rsrc
Size: 48KB - Virtual size: 47KB