b15a5daece44be09c2f3bf5a7ad402dfa96741c2801e283b8659c8ab30f321ea

Sharing

Copy URL Twitter E-mail

General

Target

b15a5daece44be09c2f3bf5a7ad402dfa96741c2801e283b8659c8ab30f321ea
Size

162KB
MD5

e99f2a110741b3c0044574fb86a7e494
SHA1

d44add573ee688f9275a0a313230f74bc019cf6c
SHA256

b15a5daece44be09c2f3bf5a7ad402dfa96741c2801e283b8659c8ab30f321ea
SHA512

46d69de7056e8bb59ef86c1ae17da110e30710b349e8d982baba988d863a60f50ac987f05b1516dfe61c3ce42a0e35f8d285d32c5a044b3e56423262f87e4f03
SSDEEP

3072:TbYta3vfGqWBE7OXyIAfT+36siIvCZ6A864EOVJrOqxRQJRWPhG4CWtMXW:TbxnGquE7vIkT+36VNFt4EPqxaTWPk

Score

N/A

Malware Config

Signatures

Files

b15a5daece44be09c2f3bf5a7ad402dfa96741c2801e283b8659c8ab30f321ea
.exe windows x86

2852e82d7d2794a4d22d789428c81503

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mprapi

MprConfigServerConnect
MprConfigServerDisconnect
MprConfigGetFriendlyName

advapi32

ChangeServiceConfig2W
FreeSid
StartServiceA
InitializeSecurityDescriptor
IsValidSecurityDescriptor
GetAce
LookupPrivilegeDisplayNameA
RegOpenKeyExW
LookupPrivilegeNameA
DeleteService
AdjustTokenPrivileges
RegDeleteValueW
GetSecurityInfo
CloseServiceHandle
GetNamedSecurityInfoW
LookupPrivilegeValueA
EnumDependentServicesW
SetEntriesInAclA
InitializeAcl
RegRestoreKeyW
EqualSid
ControlService
UnlockServiceDatabase
OpenProcessToken
SetNamedSecurityInfoW
GetTokenInformation
LockServiceDatabase
QueryServiceStatus
RegDeleteKeyW
SetSecurityInfo
LookupAccountSidW
AllocateAndInitializeSid
IsValidAcl
OpenServiceW
SetEntriesInAclW
FreeInheritedFromArray
OpenSCManagerW
RegGetKeySecurity
RegEnumKeyExW
RegCloseKey
ChangeServiceConfigW
GetInheritanceSourceW
AddAce
GetSecurityDescriptorControl
RegCreateKeyExW
RegQueryValueExW
GetAclInformation
CreateServiceW
QueryServiceConfigW
QueryServiceLockStatusW
SetSecurityDescriptorDacl
RegSaveKeyW
RegSetValueExW
RegEnumValueW

newdev

UpdateDriverForPlugAndPlayDevicesW

oleacc

LresultFromObject
AccessibleObjectFromPoint

shell32

SHGetFolderPathW

kernel32

IsValidCodePage
ReadFile
HeapFree
InitializeCriticalSection
UnhandledExceptionFilter
LCMapStringA
GetOEMCP
WriteFile
SetFilePointer
GetConsoleOutputCP
SetEndOfFile
HeapSize
FreeLibrary
HeapCreate
VirtualFree
GetTickCount
VirtualAlloc
CompareStringA
SetEnvironmentVariableA
QueryPerformanceCounter
RtlUnwind
GetCurrentProcess
GetACP
GetCurrentProcessId
EnumResourceTypesA
GetDateFormatA
GetCPInfo
GetLocaleInfoA
TerminateProcess
SetUnhandledExceptionFilter
LoadLibraryA
RaiseException
HeapReAlloc
MultiByteToWideChar
GetStringTypeW
EnterCriticalSection
CreateNamedPipeA
LeaveCriticalSection
HeapDestroy
SetStdHandle
IsDebuggerPresent
LCMapStringW
GetTimeFormatA
WriteConsoleA
CompareStringW
GetTimeZoneInformation
GetSystemTimeAsFileTime
GetStringTypeA

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 407KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 113KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2852e82d7d2794a4d22d789428c81503

Headers

File Characteristics

Imports

mprapi

advapi32

newdev

oleacc

shell32

kernel32

Sections

.text Size: 44KB - Virtual size: 43KB

.rdata Size: 3KB - Virtual size: 407KB

.data Size: 113KB - Virtual size: 113KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 44KB - Virtual size: 43KB

.rdata
Size: 3KB - Virtual size: 407KB

.data
Size: 113KB - Virtual size: 113KB

.rsrc
Size: 512B - Virtual size: 4KB