a5211cbdb2b625c3a9b46eea5b78ae2239c064a50d76a8a39e61dac7baa57b43

Sharing

Copy URL

Twitter E-mail

General

Target

a5211cbdb2b625c3a9b46eea5b78ae2239c064a50d76a8a39e61dac7baa57b43
Size

295KB
MD5

526c5de8e228f1d5daa8152b48de11cd
SHA1

488742e07f74714bf9392909c5c1cea16702caf5
SHA256

a5211cbdb2b625c3a9b46eea5b78ae2239c064a50d76a8a39e61dac7baa57b43
SHA512

0bcb11beff39a66c9822120fba2a35451db57b687dc5280630bf53da84254fbd6813c4d73008f5822e3fdaf76c6b8c6bb4301a98530940a49a8c42289da941b7
SSDEEP

6144:c9Ncj86i7QaMyUtZahwg5dmgFDMH5hhZOxHg7SbOr16p+Baemv+:1h7tZkwgy9ZhbOZCSbOgPv

Score

N/A

Malware Config

Signatures

Files

a5211cbdb2b625c3a9b46eea5b78ae2239c064a50d76a8a39e61dac7baa57b43
.exe windows x86

40384d367edeb90e29e67413f56c5609

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

SetForegroundWindow
FindWindowExA
FindWindowExW
GetSystemMetrics
ExitWindowsEx
CharPrevA
MessageBoxA
SendMessageA
PostMessageA
CharUpperA

ole32

CoInitializeEx
CoUninitialize
CoCreateInstance

advapi32

RegCloseKey
SetSecurityDescriptorDacl
RevertToSelf
InitializeSecurityDescriptor
RegQueryValueExA
OpenProcessToken
SetTokenInformation
RegQueryValueExW
RegOpenKeyExA
ImpersonateSelf
RegOpenKeyExW
GetUserNameA
RegDeleteValueA
GetTokenInformation
RegSetValueExA
RegQueryInfoKeyA
ImpersonateLoggedOnUser
AdjustTokenPrivileges
RegEnumKeyExA
LookupPrivilegeValueA
DuplicateTokenEx

oleaut32

SysFreeString
SysAllocStringByteLen

kernel32

GetProcessHeap
HeapAlloc
GetCurrentDirectoryA
WaitForSingleObject
GetShortPathNameA
HeapFree
ProcessIdToSessionId
lstrlenA
FormatMessageA
GetLocalTime
GetDateFormatA
SetLastError
LocalFree
FreeLibrary
EnterCriticalSection
WritePrivateProfileStringA
DeleteCriticalSection
lstrcpynA
GetCurrentThreadId
LeaveCriticalSection
LoadLibraryExA
GetWindowsDirectoryA
CopyFileA
DeleteFileA
MoveFileExA
lstrcmpiA
GetModuleHandleA
GetTempFileNameA
GetPrivateProfileStringA
CloseHandle
ReleaseMutex
GetACP
GetCommandLineW
GetComputerNameA
OpenProcess
GetCommandLineA
WideCharToMultiByte
CreateEventA
CreateProcessA
CreateMutexA
IsValidCodePage
VirtualAlloc

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

shlwapi

PathFileExistsA
PathRemoveFileSpecA

iphlpapi

GetTcpTable
GetUdpTable
GetIcmpStatistics
InternalGetIpAddrTable
UnenableRouter
InternalDeleteIpForwardEntry
GetIpStatistics
NhGetInterfaceNameFromGuid
DeleteIpNetEntry
GetIpAddrTable

rnr20

NSPStartup

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 264KB - Virtual size: 443KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

40384d367edeb90e29e67413f56c5609

Headers

File Characteristics

Imports

user32

ole32

advapi32

oleaut32

kernel32

version

shlwapi

iphlpapi

rnr20

Sections

.text Size: 26KB - Virtual size: 26KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 264KB - Virtual size: 443KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 26KB - Virtual size: 26KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 264KB - Virtual size: 443KB

.rsrc
Size: 512B - Virtual size: 4KB