2a37769517183216e71ba6e895dabee2db3d1f0c96c344e724a8f9ff3e470966

Sharing

Copy URL Twitter E-mail

General

Target

2a37769517183216e71ba6e895dabee2db3d1f0c96c344e724a8f9ff3e470966
Size

93KB
MD5

9a5a462fe7689f5e977894e33abd57a9
SHA1

89ed1aef27e613b0c60242a64633920aa33c4924
SHA256

2a37769517183216e71ba6e895dabee2db3d1f0c96c344e724a8f9ff3e470966
SHA512

b8da29e8253943068a7ea3dd35ffae5fbb0ea70d099314a91436c460d05a9c9e49ad2aa787b7e1809517611429b4f61241fc6526a50e9ca0fc68ae99de466553
SSDEEP

1536:GqJ1/0C1nU8TZyhLRelIPqs7EFwD9KgkDuYXXPO3tr44Yvz+Zx9pB27TVCNI:V0Cm8TZGqIpfD9/qXPOZU6ZXPsTVCN

Score

N/A

Malware Config

Signatures

Files

2a37769517183216e71ba6e895dabee2db3d1f0c96c344e724a8f9ff3e470966
.dll windows x86

5390f87b157e71ce524e50a68560889d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CopySid
IsValidSid
GetSidIdentifierAuthority
ImpersonateSelf
RegisterServiceCtrlHandlerW
InitializeSid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetServiceStatus
RegisterEventSourceW
ReportEventW
DeregisterEventSource
LookupAccountSidW
RevertToSelf
LogonUserW
SetThreadToken
OpenThreadToken
EqualSid
GetLengthSid
GetTokenInformation
AddAccessAllowedAce
AllocateAndInitializeSid
GetSidSubAuthorityCount
EqualPrefixSid
GetSidSubAuthority
FreeSid
InitializeAcl

kernel32

CompareStringW
PulseEvent
ResetEvent
LocalSize
SetEvent
UnregisterWaitEx
RegisterWaitForSingleObject
CreateEventA
SetErrorMode
QueryPerformanceCounter
GetCurrentThreadId
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetVersionExA
CreateFileW
SearchPathW
OpenProcess
GetCurrentProcess
DuplicateHandle
GetTickCount
InterlockedIncrement
LoadLibraryW
GetProcAddress
FreeLibrary
ReadProcessMemory
SetLastError
LocalReAlloc
GetCurrentThread
CloseHandle
GetLastError
LocalAlloc
LocalFree
lstrlenW
GetCurrentProcessId

msvcrt

_adjust_fdiv
malloc
_initterm
free
_except_handler3
wcscpy

ntdll

NtQueryInformationProcess

rpcrt4

RpcStringFreeW
RpcStringBindingParseW
RpcBindingToStringBindingW
RpcServerUnregisterIf
RpcServerRegisterIfEx
RpcServerUseProtseqEpW
RpcImpersonateClient
RpcRevertToSelfEx
NdrServerCall2

user32

GetDlgItem
SetWindowTextW
EndDialog
SetWindowLongW
MessageBoxW
LoadStringW
PeekMessageW
SetCursor
LoadCursorW
GetDlgItemTextW
GetWindowLongW
DialogBoxParamW
wsprintfW

Exports

Exports

PSTOREServiceMain
ServiceEntry
Start

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5390f87b157e71ce524e50a68560889d

Headers

File Characteristics

Imports

advapi32

kernel32

msvcrt

ntdll

rpcrt4

user32

Exports

Exports

Sections

.text Size: 27KB - Virtual size: 26KB

.data Size: 60KB - Virtual size: 60KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 27KB - Virtual size: 26KB

.data
Size: 60KB - Virtual size: 60KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 1KB - Virtual size: 1KB