0b7bff397b05d4a60fb63ff67b7d71607740974924e9a8523ae51b959a3b4e2a

Sharing

Copy URL

Twitter E-mail

General

Target

0b7bff397b05d4a60fb63ff67b7d71607740974924e9a8523ae51b959a3b4e2a
Size

460KB
MD5

8849d383fd9a66747023936ba112cafd
SHA1

73f8617a949a3a2787f9646cd6de84195118b767
SHA256

0b7bff397b05d4a60fb63ff67b7d71607740974924e9a8523ae51b959a3b4e2a
SHA512

acc1f1380d90b317c544bae7445a6a54d8700ba93e6bdb0f61aab34b84b182623c91c07f433222ed11de901f83098d1ac1092bb719ef5e85fcf7f7fa67d5f710
SSDEEP

6144:cgJ9NosN/kZg1Rk60GMc7e2KkTMZ7EIVNtCTF6ZZSn70ZP86HPozf8e+o:BrNosKZg1C9cSzLoMNtCTFUu7I8UPoX

Score

N/A

Malware Config

Signatures

Files

0b7bff397b05d4a60fb63ff67b7d71607740974924e9a8523ae51b959a3b4e2a
.exe windows x86

e96a6a299a2457ea9036f92a7f38865d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyA
GetOldestEventLogRecord
RegDeleteKeyA
ClearEventLogW

shlwapi

PathSearchAndQualifyA
PathUnquoteSpacesA
PathAddBackslashA
PathCompactPathExW
PathRemoveExtensionA
StrStrA
PathBuildRootW

kernel32

GetModuleHandleA
GetProcAddress
ReleaseSemaphore
VirtualAlloc
DeleteFileA
GetEnvironmentVariableA
GetACP
LocalHandle
SetEvent
LocalFree
GetStdHandle
FreeEnvironmentStringsA
GetComputerNameA
TlsSetValue
TlsGetValue
HeapFree
GetLastError
GetFullPathNameA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
FlushFileBuffers
WriteFile
DeleteCriticalSection
ReadFile
HeapDestroy
HeapCreate
VirtualFree
HeapAlloc
HeapReAlloc
SetHandleCount
GetFileType
SetFilePointer
GetCurrentDirectoryA
GetDriveTypeA
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
WideCharToMultiByte
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetCurrentThreadId
TlsAlloc
SetLastError
RtlUnwind
CloseHandle
CreateFileA
SetStdHandle
InterlockedDecrement
InterlockedIncrement
GetCPInfo
GetOEMCP
LoadLibraryA
SetEndOfFile
LCMapStringA
LCMapStringW

secur32

MakeSignature
FreeCredentialsHandle
AcceptSecurityContext
ApplyControlToken
DeleteSecurityContext
VerifySignature
ExportSecurityContext
DecryptMessage
CompleteAuthToken
EncryptMessage

netapi32

NetAuditRead
NetAuditClear
NetConfigGetAll
NetErrorLogWrite
NetGetAnyDCName
NetGetDCName

uxtheme

GetThemeBackgroundRegion

usp10

ScriptCacheGetHeight
ScriptCPtoX
ScriptTextOut
ScriptShape
ScriptStringFree
ScriptJustify
ScriptItemize
ScriptString_pLogAttr
ScriptStringValidate
ScriptStringGetOrder
ScriptStringCPtoX

wsnmp32

ord400

comdlg32

FindTextW
GetFileTitleW
PrintDlgW
FindTextA
ChooseFontA

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 545KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 401KB - Virtual size: 400KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e96a6a299a2457ea9036f92a7f38865d

Headers

File Characteristics

Imports

advapi32

shlwapi

kernel32

secur32

netapi32

uxtheme

usp10

wsnmp32

comdlg32

Sections

.text Size: 36KB - Virtual size: 35KB

.rdata Size: 12KB - Virtual size: 12KB

.data Size: 3KB - Virtual size: 545KB

.rsrc Size: 401KB - Virtual size: 400KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 36KB - Virtual size: 35KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 3KB - Virtual size: 545KB

.rsrc
Size: 401KB - Virtual size: 400KB

.reloc
Size: 6KB - Virtual size: 6KB