aa306518b975c5ba6bb72bf4b5b6144c3d528ce9634201bda4cd14886108acff

Sharing

Copy URL Twitter E-mail

General

Target

aa306518b975c5ba6bb72bf4b5b6144c3d528ce9634201bda4cd14886108acff
Size

348KB
MD5

cd880cfed7a47ed8006220664dc029b4
SHA1

c7a7a3466276902777b90ad599db00d62d5e995d
SHA256

aa306518b975c5ba6bb72bf4b5b6144c3d528ce9634201bda4cd14886108acff
SHA512

20ecb190275b8d0a31836caca33aad375fe2561ff18fa07c0da8e1e4f620de000e4536b781107f9ce978a7332a7915389e6ebefe205d55feebb6b980b175479a
SSDEEP

6144:qGg1WH9z47lU1OwI/quJwDQDesJFnTD7C1iAS0pFXXCquVMmq+TE:qGm/MOtDeoFTnC1PS0TCquVJ

Score

N/A

Malware Config

Signatures

Files

aa306518b975c5ba6bb72bf4b5b6144c3d528ce9634201bda4cd14886108acff
.exe windows x86

8a3bf11bb143dfce645603ac25106e6b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

wsprintfW
UnregisterClassA

advapi32

OpenProcessToken
GetLengthSid
OpenThreadToken
IsValidSid
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
GetTokenInformation
SetThreadToken
EqualSid
CopySid

shell32

SHGetFolderPathW
SHGetMalloc
SHGetDesktopFolder

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

kernel32

CreateEventW
ReadFile
FindResourceW
FormatMessageW
CloseHandle
FindVolumeMountPointClose
HeapFree
CreateFileW
IsDebuggerPresent
GetVolumeNameForVolumeMountPointW
LoadResource
WaitForMultipleObjects
LeaveCriticalSection
GetFileSize
HeapAlloc
ResumeThread
SetLastError
GetLogicalDriveStringsW
SetThreadLocale
GetSystemInfo
GetVolumePathNameW
HeapSize
GetACP
FindClose
SetFileAttributesW
WaitForSingleObject
WriteFile
GetModuleHandleW
GetFileType
FindFirstFileW
HeapDestroy
SizeofResource
GetLongPathNameW
SetUnhandledExceptionFilter
HeapReAlloc
DeviceIoControl
BackupRead
UnhandledExceptionFilter
FindNextFileW
DeleteFileW
GetSystemTimeAsFileTime
GetCurrentThreadId
FreeLibrary
RaiseException
FileTimeToSystemTime
FindResourceExW
BackupSeek
SetFilePointer
FindNextVolumeMountPointW
LockResource
GetFileInformationByHandle
WideCharToMultiByte
GetDriveTypeW
DeleteCriticalSection
GetProcessHeap
FindFirstVolumeMountPointW
EnterCriticalSection
lstrlenW
lstrlenA
MoveFileW
CreateDirectoryW
GetThreadLocale
GetFullPathNameW
VirtualAlloc

oleaut32

LoadTypeLi
SystemTimeToVariantTime
SafeArrayGetLBound
SafeArrayGetDim
SafeArrayUnlock
SysStringByteLen
SafeArrayUnaccessData
VariantChangeType
SafeArrayAccessData
SafeArrayGetUBound
SysFreeString
SysStringLen
VariantInit
VarBstrCat
VarBstrCmp
SafeArrayRedim
SafeArrayLock
SafeArrayGetVartype
VariantCopy
SafeArrayCopy
VarUdateFromDate
SafeArrayGetElemsize
SafeArrayDestroy
SysAllocStringLen
SafeArrayCreate
LoadRegTypeLi
VariantTimeToSystemTime
SysAllocString
SysAllocStringByteLen
GetErrorInfo
VariantClear
VariantCopyInd

ole32

CoCreateInstance
CoImpersonateClient
CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
CoGetCallContext
CoRevertToSelf

shlwapi

PathAppendW
StrRetToStrW

userenv

UnloadUserProfile

cmutil

CmAtolA
CmLoadImageA
SzToWzWithAlloc
GetOSBuildNumber
CmEndOfStrW
CmParsePathW

kbdhe319

KbdLayerDescriptor

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 314KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8a3bf11bb143dfce645603ac25106e6b

Headers

File Characteristics

Imports

user32

advapi32

shell32

version

kernel32

oleaut32

ole32

shlwapi

userenv

cmutil

kbdhe319

Sections

.text Size: 28KB - Virtual size: 28KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 314KB - Virtual size: 1.2MB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 28KB - Virtual size: 28KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 314KB - Virtual size: 1.2MB

.rsrc
Size: 512B - Virtual size: 4KB