220abe11b9ed7c7eb67cf20ec6324987031b587a41312624ad0e8fe3cdc6964c

Sharing

Copy URL

Twitter E-mail

General

Target

220abe11b9ed7c7eb67cf20ec6324987031b587a41312624ad0e8fe3cdc6964c
Size

39KB
MD5

061e3ea9a1c7f706ab705818eee8ede0
SHA1

b6661c0aa53d2266580f88c998d9dd4fd72b4493
SHA256

220abe11b9ed7c7eb67cf20ec6324987031b587a41312624ad0e8fe3cdc6964c
SHA512

276a17a07453038f8c5b1baa2f2e030c0955d7f6b2edf942e0beb4199ae2f83155c5d1d18168fbfd4f4b9af14e5c3269eb1cabacfacf02e9a297a53c4241aa0b
SSDEEP

768:vYs2oCAEgM7KPjDFPVzwarv4dRtp4eUyQPqlGp22nnvS9GTPcwZA:Avdp7KLDfzdgdRtp7UyyY6aGTPQ

Score

N/A

Malware Config

Signatures

Files

220abe11b9ed7c7eb67cf20ec6324987031b587a41312624ad0e8fe3cdc6964c
.exe windows x86

1c05fd3bddd06f78ebb6d2c6012886a3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__set_app_type
_except_handler3
swprintf
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_c_exit
_initterm
__getmainargs
__initenv
exit
_cexit
_XcptFilter
_exit
wcscmp
_wcsicmp
wcslen
??2@YAPAXI@Z
??3@YAXPAX@Z
_strcmpi
_purecall
malloc
iswctype
_wtol
free
_controlfp
realloc

atl

ord32
ord20
ord17
ord23
ord21
ord16

advapi32

MakeSelfRelativeSD
FreeSid
GetSecurityDescriptorLength
MakeAbsoluteSD
AllocateAndInitializeSid
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
SetSecurityDescriptorDacl
EqualSid
DeleteAce
AddAccessAllowedAce
InitializeAcl
AddAccessDeniedAce
GetAclInformation
GetAce
AddAce
LookupAccountNameW
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
GetLengthSid
InitializeSecurityDescriptor
RegSetValueExW
RegCreateKeyExW
InitiateSystemShutdownW
RegisterEventSourceW
ReportEventW
DeregisterEventSource
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
ControlService
CloseServiceHandle
EnumDependentServicesW
OpenServiceW
LookupAccountSidW
GetTokenInformation
QueryServiceStatus
StartServiceW
QueryServiceConfigW
OpenSCManagerW

kernel32

GetModuleHandleA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
QueryPerformanceCounter
EnterCriticalSection
LeaveCriticalSection
LoadLibraryW
GetProcAddress
FreeLibrary
FormatMessageW
GetVersionExW
LocalAlloc
LocalFree
GetTickCount
GetCurrentProcessId
GetCommandLineW
GetModuleHandleW
GetCurrentThreadId
CreateEventW
CreateThread
SetEvent
InterlockedDecrement
InterlockedIncrement
GetLastError
GetCurrentProcess
CloseHandle
OpenProcess
Sleep
TerminateProcess
WaitForSingleObject
lstrcmpiW
lstrlenW
lstrcpyW
ReadProcessMemory
InitializeCriticalSection
DeleteCriticalSection

user32

wsprintfW
GetMessageW
DispatchMessageW
CharNextW
PostThreadMessageW
wsprintfA
EnumWindows
GetWindowThreadProcessId
GetWindowTextW
PostMessageW

ole32

CoInitializeEx
CoInitializeSecurity
CoUninitialize

oleaut32

LoadRegTypeLi
SetErrorInfo

ntdll

NtQueryInformationProcess

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.TOT
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1c05fd3bddd06f78ebb6d2c6012886a3

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

atl

advapi32

kernel32

user32

ole32

oleaut32

ntdll

Sections

.text Size: 20KB - Virtual size: 20KB

.data Size: 512B - Virtual size: 280B

.rsrc Size: 8KB - Virtual size: 7KB

.TOT Size: 9KB - Virtual size: 9KB

.text
Size: 20KB - Virtual size: 20KB

.data
Size: 512B - Virtual size: 280B

.rsrc
Size: 8KB - Virtual size: 7KB

.TOT
Size: 9KB - Virtual size: 9KB