aacb3f074b718f756335f3d78173e8025263cf8aa7846e7602b5824f1ad86e72

Sharing

Copy URL

Twitter E-mail

General

Target

aacb3f074b718f756335f3d78173e8025263cf8aa7846e7602b5824f1ad86e72
Size

274KB
MD5

97b37caa97072050cb5be4a28d51a9d4
SHA1

38bf833b884fbd2c55fa7f9bedd34659498857ff
SHA256

aacb3f074b718f756335f3d78173e8025263cf8aa7846e7602b5824f1ad86e72
SHA512

e0c0d3478dddc9072122d3e8b7deb485f9c71a1d70d0affc05b8d00c39a2256602a45f8c0185f9fb96a07838c9b261cd4d0e6dad52292f1952ff64d584cba138
SSDEEP

3072:upGO3F0EzKTQh/v3eeCX6OjL5Flzi0Y217rL74+uR0FU1LpeeQVoKHbRxHF4E:OXFxGEh/vn4jlnzi0jPPseRVPjHF4E

Score

N/A

Malware Config

Signatures

Files

aacb3f074b718f756335f3d78173e8025263cf8aa7846e7602b5824f1ad86e72
.exe windows x86

0243ecee68708d67966ae745b90a540d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegOpenKeyA
RegQueryValueExW
RegSetValueExA
RegQueryInfoKeyA
RegDeleteValueA
RegOpenKeyExW
RegQueryValueExA
RegEnumKeyExA
RegOpenCurrentUser
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegDeleteKeyA
GetSidSubAuthority
IsTokenUntrusted
LsaSetTrustedDomainInfoByName
WmiNotificationRegistrationW
EnumerateTraceGuids
CryptGetDefaultProviderW
LsaEnumerateAccounts
SetInformationCodeAuthzLevelW
AccessCheckByTypeAndAuditAlarmA
RegEnumValueA
ConvertAccessToSecurityDescriptorW
LsaStorePrivateData
AccessCheck
CredWriteW
TreeResetNamedSecurityInfoA
CredDeleteA
SetPrivateObjectSecurityEx
SystemFunction005
SaferGetPolicyInformation
GetWindowsAccountDomainSid
RegisterEventSourceW
CryptSetHashParam
MD4Init
CredReadA
QueryServiceStatus
SetServiceObjectSecurity
ConvertSecurityDescriptorToAccessW
ElfBackupEventLogFileA
CryptSetProviderW
StartTraceW
GetNamedSecurityInfoExW
SetSecurityDescriptorControl
RegisterEventSourceA
CryptEnumProvidersW
SaferiSearchMatchingHashRules
ConvertStringSidToSidW
GetSecurityDescriptorRMControl
GetTraceEnableLevel
ElfClearEventLogFileW
CryptHashSessionKey
EnumServicesStatusW
LsaEnumerateTrustedDomainsEx
ElfOpenBackupEventLogW
FreeInheritedFromArray
SystemFunction035
CloseServiceHandle
CryptEnumProviderTypesA
SetSecurityInfoExA
RegisterServiceCtrlHandlerA
FreeEncryptedFileKeyInfo
RegisterServiceCtrlHandlerExW
RegDisablePredefinedCache
QueryServiceConfigA
LsaAddAccountRights
BuildTrusteeWithSidW
LsaOpenSecret
CryptCreateHash
OpenServiceA
ConvertSidToStringSidW
QueryServiceConfigW
FlushTraceW
WmiReceiveNotificationsA
ElfChangeNotify
CryptGetDefaultProviderA
GetLengthSid
LsaRetrievePrivateData
CredFree
ConvertStringSidToSidA
LsaSetSecret
WmiSetSingleItemW
ObjectCloseAuditAlarmW
AddAce
IsValidSid
LsaRemovePrivilegesFromAccount
CreateCodeAuthzLevel
InstallApplication
WmiNotificationRegistrationA
GetExplicitEntriesFromAclW
GetFileSecurityA
GetTrusteeFormA
QueryServiceLockStatusA
WmiDevInstToInstanceNameW
CredWriteDomainCredentialsW

gdi32

CreateMetaFileA
TextOutA
CreateDCA
SaveDC
SetWindowOrgEx
SetWindowExtEx
CreateRectRgnIndirect
LPtoDP
DeleteDC
CloseMetaFile
SetViewportOrgEx
GetDeviceCaps
DeleteMetaFile
RestoreDC
SetMapMode
SetTextAlign

kernel32

DeleteFileW
HeapFree
FindFirstFileA
WaitForMultipleObjects
VirtualFree
DeleteFileA
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode
GetConsoleOutputCP
IsDebuggerPresent
CreateEventA
ReleaseMutex
SetFilePointer
WaitForSingleObjectEx
LCMapStringW
TlsGetValue
SetHandleCount
WriteFile
RtlUnwind
UnhandledExceptionFilter
EnterCriticalSection
SetStdHandle
IsDBCSLeadByte
HeapSize
CreateDirectoryW
MulDiv
VirtualProtect
RaiseException
IsValidCodePage
GetStdHandle
HeapReAlloc
lstrlenW
TerminateThread
lstrlenA
TlsAlloc
GetFileType
LeaveCriticalSection
CreateFileA
WaitForSingleObject
CreateMutexA
GlobalAlloc
FindNextFileA
GetLocalTime
SetFileAttributesA
VirtualQuery
SizeofResource
ReadFile
GlobalLock
LoadLibraryExA
lstrcmpiA
GetModuleHandleA
GetTempFileNameW
HeapDestroy
GetProcessHeap
GlobalUnlock
TlsFree
OutputDebugStringA
WriteConsoleW
VirtualAlloc
WriteConsoleA
FreeEnvironmentStringsA
IsProcessorFeaturePresent
HeapAlloc
CreateThread
GetACP
CreateMutexW
GetTempPathW
FindClose
FreeLibrary
lstrcmpA
WritePrivateProfileStringA
GetSystemInfo
SetUnhandledExceptionFilter
LoadResource
GetCommandLineA
DeleteCriticalSection
WideCharToMultiByte
CreateFileW
GetTempPathA
FreeEnvironmentStringsW
lstrcatA
TlsSetValue
FlushFileBuffers
CloseHandle
FlushInstructionCache
GetThreadLocale
SetLastError
GetCurrentThreadId
GetOEMCP
LCMapStringA
lstrcpyA
FindResourceA
VirtualAllocEx

user32

DestroyWindow
GetClientRect
InvalidateRect
OffsetRect
SetWindowRgn
wsprintfA
SetFocus
GetForegroundWindow
EqualRect
GetWindowLongA
GetKeyState
PtInRect
IntersectRect
GetDC
IsChild
CallWindowProcA
CharNextA
DefWindowProcA
SetCursor
IsWindow
SetWindowLongA
GetFocus
UnionRect
ShowWindow
LoadCursorA
ReleaseDC
GetParent
SetWindowPos
MessageBoxA
UnregisterClassA

ole32

CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
OleRegGetUserType
OleLoadFromStream
CreateOleAdviseHolder
WriteClassStm
OleSaveToStream
CoCreateInstance
OleRegEnumVerbs
CreateDataAdviseHolder
CoTaskMemAlloc
OleRegGetMiscStatus

oleaut32

LoadTypeLi
SysFreeString
DispCallFunc
RegisterTypeLi
VariantClear
VariantChangeType
VarUI4FromStr
VariantCopy
VariantInit
OleCreatePropertyFrame
SysStringLen
LoadRegTypeLi
SysAllocString
UnRegisterTypeLi
SysStringByteLen
SysAllocStringByteLen

ncobjapi

WmiDestroyObject

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.iUtLqp
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.voQr
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.iRDH
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cTBM
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.lQSsj
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 212KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.FoJnRM
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mkTY
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 199KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wqKf
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hulXzx
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rcdk
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.XuUkCd
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0243ecee68708d67966ae745b90a540d

Headers

File Characteristics

Imports

advapi32

gdi32

kernel32

user32

ole32

oleaut32

ncobjapi

Sections

.text Size: 20KB - Virtual size: 19KB

.iUtLqp Size: 2KB - Virtual size: 2KB

.voQr Size: 2KB - Virtual size: 2KB

.iRDH Size: 2KB - Virtual size: 2KB

.cTBM Size: 3KB - Virtual size: 2KB

.lQSsj Size: 3KB - Virtual size: 2KB

.rdata Size: 212KB - Virtual size: 212KB

.FoJnRM Size: 3KB - Virtual size: 2KB

.mkTY Size: 2KB - Virtual size: 2KB

.data Size: 8KB - Virtual size: 199KB

.wqKf Size: 2KB - Virtual size: 1KB

.rsrc Size: 6KB - Virtual size: 5KB

.hulXzx Size: 2KB - Virtual size: 1KB

.rcdk Size: 2KB - Virtual size: 2KB

.XuUkCd Size: 1KB - Virtual size: 1KB

.text
Size: 20KB - Virtual size: 19KB

.iUtLqp
Size: 2KB - Virtual size: 2KB

.voQr
Size: 2KB - Virtual size: 2KB

.iRDH
Size: 2KB - Virtual size: 2KB

.cTBM
Size: 3KB - Virtual size: 2KB

.lQSsj
Size: 3KB - Virtual size: 2KB

.rdata
Size: 212KB - Virtual size: 212KB

.FoJnRM
Size: 3KB - Virtual size: 2KB

.mkTY
Size: 2KB - Virtual size: 2KB

.data
Size: 8KB - Virtual size: 199KB

.wqKf
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 6KB - Virtual size: 5KB

.hulXzx
Size: 2KB - Virtual size: 1KB

.rcdk
Size: 2KB - Virtual size: 2KB

.XuUkCd
Size: 1KB - Virtual size: 1KB