982cf80e866b211794668be8631d1f85fc7fe64b4580eb3e5da08beb34cef6c0

Sharing

Copy URL

Twitter E-mail

General

Target

982cf80e866b211794668be8631d1f85fc7fe64b4580eb3e5da08beb34cef6c0
Size

250KB
MD5

7cb91334cf5198d71a868df87439e785
SHA1

34bda5bc84205e9a7c4006f7340ab419d5b3eb80
SHA256

982cf80e866b211794668be8631d1f85fc7fe64b4580eb3e5da08beb34cef6c0
SHA512

bfe8ba9208b9998d2b96214da4b48462b45193db68f1cbbbb75d39b385299ea3ec631d27092a712f5dd7d2e238f902c3f480eea02b36c9bf5a58ae24c292be21
SSDEEP

6144:Cz5PmA1SjbjS17e2ZYHLM3aXFUX9NzasPkT5tCautg7lQPfOCJll7CAvUThwbP:CzZmA1Sj3S17lYHgWw9Zahp7lQHOwll7

Score

N/A

Malware Config

Signatures

Files

982cf80e866b211794668be8631d1f85fc7fe64b4580eb3e5da08beb34cef6c0
.exe windows x86

9082cfbe3285fa189caced4da749be68

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathUnExpandEnvStringsA
PathUnExpandEnvStringsW

kernel32

GetSystemDirectoryA
HeapAlloc
HeapFree
PulseEvent
OpenProcess
UnhandledExceptionFilter
DeleteCriticalSection
CreateSemaphoreW
CreateEventA
GetWindowsDirectoryA
SleepEx
GetModuleHandleW
CloseHandle
ReleaseSemaphore
CreateSemaphoreA
GlobalMemoryStatus
OpenMutexA
GetSystemTimeAsFileTime
GlobalMemoryStatusEx
HeapSize
VirtualProtect
GetModuleHandleA
WideCharToMultiByte
OpenEventA
lstrcpyA
HeapValidate
VirtualUnlock
lstrcpyW
SetUnhandledExceptionFilter
GetTempFileNameA
VirtualFree
ExpandEnvironmentStringsW
HeapReAlloc
GetTempPathA
ResetEvent
WaitForSingleObjectEx
ExpandEnvironmentStringsA
HeapDestroy
GetProcessHeap
VirtualAlloc
SetErrorMode
OpenSemaphoreA
FreeLibrary
ReleaseMutex
VirtualLock
CreateMutexA
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
QueryPerformanceFrequency
IsDebuggerPresent
GetSystemInfo
WaitForSingleObject
OutputDebugStringA
GetCurrentDirectoryA

user32

CharLowerW
CharUpperA
wsprintfA
CharLowerA
GetSystemMetrics
CharToOemBuffA
CharUpperW
OemToCharBuffA
ExitWindowsEx

advapi32

GetUserNameA
SetSecurityDescriptorSacl
SetThreadToken
GetTokenInformation
EqualSid
AddAccessAllowedAce
GetLengthSid
OpenProcessToken
InitializeSecurityDescriptor
DuplicateToken
OpenThreadToken
SetSecurityDescriptorDacl
LookupPrivilegeValueA
DuplicateTokenEx
ImpersonateLoggedOnUser
LookupAccountSidA
FreeSid
AllocateAndInitializeSid
RevertToSelf
AdjustTokenPrivileges
CopySid
InitializeAcl

cmutil

CmMalloc
CmStrCatAllocW
CmStrtokA
CmStrchrA

wmpshell

DllRegisterServer
DllGetClassObject

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.NCbBpu
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.NrDcN
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.HrzCl
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ZrRQ
Size: 512B - Virtual size: 175B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 211KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.dRocl
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.sqNp
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.OTjC
Size: 1024B - Virtual size: 569B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9082cfbe3285fa189caced4da749be68

Headers

File Characteristics

Imports

shlwapi

kernel32

user32

advapi32

cmutil

wmpshell

Sections

.text Size: 19KB - Virtual size: 19KB

.NCbBpu Size: 1KB - Virtual size: 1KB

.NrDcN Size: 2KB - Virtual size: 2KB

.HrzCl Size: 1KB - Virtual size: 1KB

.rdata Size: 3KB - Virtual size: 2KB

.ZrRQ Size: 512B - Virtual size: 175B

.data Size: 211KB - Virtual size: 1.3MB

.dRocl Size: 2KB - Virtual size: 1KB

.rsrc Size: 3KB - Virtual size: 3KB

.sqNp Size: 2KB - Virtual size: 2KB

.OTjC Size: 1024B - Virtual size: 569B

.text
Size: 19KB - Virtual size: 19KB

.NCbBpu
Size: 1KB - Virtual size: 1KB

.NrDcN
Size: 2KB - Virtual size: 2KB

.HrzCl
Size: 1KB - Virtual size: 1KB

.rdata
Size: 3KB - Virtual size: 2KB

.ZrRQ
Size: 512B - Virtual size: 175B

.data
Size: 211KB - Virtual size: 1.3MB

.dRocl
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 3KB - Virtual size: 3KB

.sqNp
Size: 2KB - Virtual size: 2KB

.OTjC
Size: 1024B - Virtual size: 569B