a935c12d6be2d2238d0e94d2c568fdc435a92b1a37f24974ae01df931e753cd0

General

Target

a935c12d6be2d2238d0e94d2c568fdc435a92b1a37f24974ae01df931e753cd0
Size

35KB
MD5

4612f5d1cff7eb1077401628a960bfaa
SHA1

e83b60d2abc901928fa59dce528ca6e08220f241
SHA256

a935c12d6be2d2238d0e94d2c568fdc435a92b1a37f24974ae01df931e753cd0
SHA512

d6edf275e4cae0b89c419b838007e5c6594c691aff29a15244340d29229a8f580f39b0829e1949e706fe9564576c6622e1d8392a311ad2373da9574b6af28181
SSDEEP

768:2INUkObnOYpCq+tAF+LQD9zICZP6pdLyVZ4vg6:DUkObOY2T4zz56pdLyVZ4

Score

N/A

Malware Config

Signatures

Files

a935c12d6be2d2238d0e94d2c568fdc435a92b1a37f24974ae01df931e753cd0
.exe windows x86

5cdb8dbdd3a98f5602f7e6f39c06f1a1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlGetFullPathName_U
ZwSetValueKey
ZwQueryDirectoryFile
ZwQueryValueKey
wcsrchr
LdrFindEntryForAddress
ZwQuerySystemInformation
ZwOpenProcess
RtlDosPathNameToNtPathName_U
ZwDuplicateObject
RtlCreateUserThread
RtlExitUserThread
swprintf
ZwWaitForSingleObject
ZwDelayExecution
ZwWriteVirtualMemory
ZwSetContextThread
ZwResumeThread
RtlFreeUnicodeString
ZwCreateKey
RtlAdjustPrivilege
RtlGetCurrentPeb
ZwQueryInformationToken
ZwOpenProcessToken
ZwSetSecurityObject
ZwOpenKey
ZwSetInformationFile
RtlInitUnicodeString
ZwOpenFile
ZwClose
ZwCreateFile
LdrAccessResource
LdrFindResource_U
ZwGetContextThread
ZwWriteFile
memcpy

kernel32

GetSystemTimeAsFileTime
ExitProcess
GetTickCount

advapi32

StartServiceW
DeleteService
ControlService
OpenServiceW
CloseServiceHandle
CreateServiceW
OpenSCManagerW

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 205B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5cdb8dbdd3a98f5602f7e6f39c06f1a1

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

advapi32

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 205B

.rsrc Size: 27KB - Virtual size: 26KB

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 205B

.rsrc
Size: 27KB - Virtual size: 26KB