a255f69af22efd181c8e1f3bc1e7e0f7cabc5c1826e3353c4a29f185d016c674

Sharing

Copy URL Twitter E-mail

General

Target

a255f69af22efd181c8e1f3bc1e7e0f7cabc5c1826e3353c4a29f185d016c674
Size

292KB
MD5

017af732c756a7e4e4d91f05d70b10db
SHA1

3ac38b506664f9ae9dc5614362444ab51d30a209
SHA256

a255f69af22efd181c8e1f3bc1e7e0f7cabc5c1826e3353c4a29f185d016c674
SHA512

d5406dcf36794917d0a2bbd1ff27897a23abb387916354745a0975e291588294e6440aa215c583615858ed899438b059e1bfae3c0d1095a664a920766df0d2b0
SSDEEP

6144:xCFba0e9qOqWto1H5aZQKOyD5jFHLIttlOl7BsN3cLEBb4UVywDW53r63:xFQWtKZ5KDVBL0alyTBWYm323

Score

N/A

Malware Config

Signatures

Files

a255f69af22efd181c8e1f3bc1e7e0f7cabc5c1826e3353c4a29f185d016c674
.exe windows x86

cafd93b749ba332d9353a5d5683dff21

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleW
OutputDebugStringA
TryEnterCriticalSection
GetLocaleInfoA
GetLastError
LoadResource
SwitchToThread
LoadLibraryA
LoadLibraryExW
GetComputerNameExW
LocalFree
InterlockedIncrement
SizeofResource
lstrlenW
VirtualQuery
InterlockedExchange
RaiseException
LeaveCriticalSection
SetUnhandledExceptionFilter
GetTickCount
GetSystemInfo
MultiByteToWideChar
InterlockedDecrement
FreeLibrary
FindResourceW
VirtualAlloc
InitializeCriticalSection
GetVersionExA
DeleteCriticalSection
GetModuleHandleA
GetModuleFileNameW
GetCurrentProcessId
lstrcmpiW
LocalAlloc
lstrlenA
GetCurrentProcess
QueryPerformanceCounter
LockResource
WideCharToMultiByte
GetProcAddress
ExpandEnvironmentStringsW
GetVersion

ntdll

RtlAllocateHeap
RtlFreeHeap
RtlImageNtHeader

msvcrt

free
__RTDynamicCast
??0exception@@QAE@ABV0@@Z
__crtLCMapStringW
?what@exception@@UBEPBDXZ
realloc
isdigit
wcstol
_callnewh
??1type_info@@UAE@XZ
fclose
_resetstkoflw
malloc
fputwc
ungetwc
__crtGetStringTypeW
abort
fflush
isspace
tolower
?terminate@@YAXXZ
fgetwc
___lc_handle_func
_strtoi64
??1bad_cast@@UAE@XZ
strcspn
memset
__pctype_func
wcsrchr
__crtLCMapStringA
islower
_Strftime
_CxxThrowException
memchr
_XcptFilter
fsetpos
_lock
_unlock
fgetc
_errno
ungetc
_wfsopen
_initterm
_wcsicmp
memcpy
___mb_cur_max_func
___lc_codepage_func
isupper
localeconv
__dllonexit
??0bad_cast@@QAE@ABV0@@Z
isalnum
calloc
_Getdays
__crtCompareStringW
_strtoui64
_purecall
??0exception@@QAE@ABQBD@Z
wcschr
_Gettnames
setvbuf
fseek
_Getmonths
setlocale
fwrite
??0exception@@QAE@XZ
_wtoi
_amsg_exit
__mb_cur_max
??1exception@@UAE@XZ
fgetpos
_wcsnicmp
_wtol
_onexit
__crtCompareStringA

rtutils

TraceVprintfExA
TraceRegisterExW
TraceDeregisterW

advapi32

RegCreateKeyExW
OpenServiceA
RegEnumKeyExW
OpenSCManagerA
QueryServiceStatusEx
RegQueryValueExW
RegOpenKeyExW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegSetValueExW
CloseServiceHandle
RegConnectRegistryW
RegQueryInfoKeyW

rpcrt4

UuidCreate

ole32

CoCreateInstanceEx
StringFromGUID2
CoCreateInstance
CoTaskMemAlloc
OleRun
CoTaskMemFree
CoTaskMemRealloc

user32

CharNextW
UnregisterClassA

Sections

.text
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cafd93b749ba332d9353a5d5683dff21

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ntdll

msvcrt

rtutils

advapi32

rpcrt4

ole32

user32

Sections

.text Size: 115KB - Virtual size: 115KB

.rdata Size: 140KB - Virtual size: 139KB

.data Size: 32KB - Virtual size: 32KB

.rsrc Size: 2KB - Virtual size: 1KB

.text
Size: 115KB - Virtual size: 115KB

.rdata
Size: 140KB - Virtual size: 139KB

.data
Size: 32KB - Virtual size: 32KB

.rsrc
Size: 2KB - Virtual size: 1KB