4173862c3aee5b06ff55b2383b5a2ba9e385499aa2fa196b182d53b4cc31de5a

Sharing

Copy URL Twitter E-mail

General

Target

4173862c3aee5b06ff55b2383b5a2ba9e385499aa2fa196b182d53b4cc31de5a
Size

18KB
MD5

828ace7ac58a51c24f262e3e4ec0fbc9
SHA1

064cb283c519f01f6a41ade48028249b1f6b1098
SHA256

4173862c3aee5b06ff55b2383b5a2ba9e385499aa2fa196b182d53b4cc31de5a
SHA512

c1e0fb7dbe93053f6ae742837cd7568719ceb0a7b2042ae5c036fe274219f6549edc2955753c9fe4cd2b6585a301171389cb07e5f49162ac1dfc49d889382d2a
SSDEEP

192:X3f94PU6IGxmBKJK4YsYf56MORe7GWo6RfdUjFiylp:HcH4BWk5fD7How6

Score

N/A

Malware Config

Signatures

Files

4173862c3aee5b06ff55b2383b5a2ba9e385499aa2fa196b182d53b4cc31de5a
.exe windows x86

4d08d30184be04f94a79528109e37768

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LockFileEx
LeaveCriticalSection
SetUnhandledExceptionFilter
DeleteCriticalSection
GetSystemTime
FreeLibrary
GetFileSize
SetEvent
SetLastError
ReadFile
OpenEventA
FindFirstFileA
Sleep
QueryPerformanceCounter
BackupWrite
TerminateProcess
HeapFree
SetThreadAffinityMask
GetCommandLineA
SetEvent
ExpandEnvironmentStringsA
DeviceIoControl
SetFilePointer
DosDateTimeToFileTime
WriteFile
GetSystemDirectoryA
SetErrorMode
SetFileAttributesA
MoveFileA
CloseHandle
SetFileTime
VirtualQuery
CreateEventA
HeapValidate
GetCurrentProcessId
HeapAlloc
WideCharToMultiByte
GetExitCodeProcess
GetCurrentDirectoryA
lstrcpynA
LocalFileTimeToFileTime
ExitProcess
CreateFileA
EnterCriticalSection
DeleteFileA
CreateProcessA
SystemTimeToFileTime
GetFileAttributesA
GetTickCount
GetCurrentThreadId
SetEndOfFile
FindClose
GetProcAddress
CreateThread
GetProcessHeap
QueryDosDeviceA
GetVersionExA
FindNextFileA
GetSystemTimeAsFileTime
GetProcessVersion
GetDriveTypeA
CopyFileA
RemoveDirectoryA
MoveFileExA
GetDiskFreeSpaceA

advapi32

CryptGenRandom
GetLengthSid
CryptReleaseContext
InitiateSystemShutdownA
SetSecurityDescriptorDacl
CryptAcquireContextA
OpenProcessToken
AddAccessAllowedAce
AllocateAndInitializeSid
InitializeAcl
InitializeSecurityDescriptor
GetTokenInformation

user32

SendDlgItemMessageA
LoadStringA
EndDialog
DialogBoxParamA
MessageBoxA
ShowWindow
SendMessageA
SetParent

ntdll

NtShutdownSystem
NtClose
NtAdjustPrivilegesToken
NtOpenProcessToken

shell32

SHGetPathFromIDListA
SHBrowseForFolderA

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.khvq
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 132KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4d08d30184be04f94a79528109e37768

Headers

File Characteristics

Imports

kernel32

advapi32

user32

ntdll

shell32

Sections

.text Size: 8KB - Virtual size: 8KB

.data Size: 6KB - Virtual size: 9KB

.khvq Size: 4KB - Virtual size: 3KB

.edata Size: 132KB - Virtual size: 147KB

.text
Size: 8KB - Virtual size: 8KB

.data
Size: 6KB - Virtual size: 9KB

.khvq
Size: 4KB - Virtual size: 3KB

.edata
Size: 132KB - Virtual size: 147KB