f3ec7fb205d74808281ad02ff2a16f278cb3d9d1315876328940109222be926a

Sharing

Copy URL Twitter E-mail

General

Target

f3ec7fb205d74808281ad02ff2a16f278cb3d9d1315876328940109222be926a
Size

95KB
MD5

a682038a42a367640909110e355a4d9d
SHA1

21be6a12c598db9001f5c17690be813de464978b
SHA256

f3ec7fb205d74808281ad02ff2a16f278cb3d9d1315876328940109222be926a
SHA512

83d86b1ee075f1f5de39e77d5c1eb2a2ed58713c81a48b44669cae10890a0ff6290a2598401b0b6fd22c37be0308c286f57dfedcfffe216d0962dbaac054e9a7
SSDEEP

1536:QpDPyR121EabEComWKAlx1X+pdHoKspirP8JL7:QpDPyRqlECoPxCdL0

Score

N/A

Malware Config

Signatures

Files

f3ec7fb205d74808281ad02ff2a16f278cb3d9d1315876328940109222be926a
.exe windows x86

6d1b57f479109350d5b12b6fc6591ea0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetWindowsDirectoryA
lstrcpyA
ExpandEnvironmentStringsA
lstrcpyW
ExpandEnvironmentStringsW
GetCurrentThreadId
GetSystemInfo
GetModuleHandleW
GlobalMemoryStatus
GlobalMemoryStatusEx
GetTempPathA
GetTempFileNameA
VirtualAlloc
VirtualFree
VirtualProtect
VirtualLock
VirtualUnlock
GetSystemTimeAsFileTime
SetErrorMode
OpenEventA
OpenMutexA
OpenSemaphoreA
CreateEventA
GetSystemDirectoryA
CreateSemaphoreA
SleepEx
OutputDebugStringA
QueryPerformanceFrequency
HeapDestroy
HeapValidate
HeapReAlloc
HeapSize
ResetEvent
WaitForSingleObjectEx
PulseEvent
ReleaseMutex
OpenProcess
WideCharToMultiByte
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ReleaseSemaphore
CreateSemaphoreW
WaitForSingleObject
GetModuleHandleA
CloseHandle
FreeLibrary
GetProcessHeap
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
HeapFree
HeapAlloc
CreateMutexA
IsDebuggerPresent
HeapCreate
GetProcAddress

user32

CharToOemBuffA
OemToCharBuffA
ExitWindowsEx
GetSystemMetrics
wsprintfA
CharUpperA
CharLowerA
CharUpperW
CharLowerW

advapi32

DuplicateTokenEx
GetUserNameA
LookupAccountSidA
LookupPrivilegeValueA
AdjustTokenPrivileges
GetTokenInformation
EqualSid
InitializeAcl
AddAccessAllowedAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorSacl
AllocateAndInitializeSid
GetLengthSid
FreeSid
CopySid
OpenThreadToken
ImpersonateLoggedOnUser
OpenProcessToken
DuplicateToken
SetThreadToken
RevertToSelf

shlwapi

PathUnExpandEnvStringsW
PathUnExpandEnvStringsA

msoert2

PszAllocA

tsbyuv

DriverProc

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.PhbjNE
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.F
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.jMMc
Size: 1024B - Virtual size: 987B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Mlxkta
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 41KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6d1b57f479109350d5b12b6fc6591ea0

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

msoert2

tsbyuv

Sections

.text Size: 26KB - Virtual size: 25KB

.rdata Size: 3KB - Virtual size: 2KB

.PhbjNE Size: 2KB - Virtual size: 2KB

.F Size: 1KB - Virtual size: 1KB

.jMMc Size: 1024B - Virtual size: 987B

.Mlxkta Size: 1KB - Virtual size: 1KB

.data Size: 41KB - Virtual size: 105KB

.rsrc Size: 17KB - Virtual size: 17KB

.text
Size: 26KB - Virtual size: 25KB

.rdata
Size: 3KB - Virtual size: 2KB

.PhbjNE
Size: 2KB - Virtual size: 2KB

.F
Size: 1KB - Virtual size: 1KB

.jMMc
Size: 1024B - Virtual size: 987B

.Mlxkta
Size: 1KB - Virtual size: 1KB

.data
Size: 41KB - Virtual size: 105KB

.rsrc
Size: 17KB - Virtual size: 17KB