d979889ca49cd059d0ad12ba1ab214122c5668cc4c9e0f39bf57205e7535785e

Sharing

Copy URL Twitter E-mail

General

Target

d979889ca49cd059d0ad12ba1ab214122c5668cc4c9e0f39bf57205e7535785e
Size

305KB
MD5

33283f2be7b81198d98b20be4fc8e55c
SHA1

392ff5490b0457371aebc1776d0f4cefe7116d1c
SHA256

d979889ca49cd059d0ad12ba1ab214122c5668cc4c9e0f39bf57205e7535785e
SHA512

05de680c842f4069143bef80ecc86878964940157797317c7b1e6e094e60c5ba954b32f315bacb2bc289ca864aa1394e55192d4806635131e8f99aa5d891b44b
SSDEEP

6144:9hm5P6zAsKMSCHQGBAl5V9wdulopfNj0TkjL6YnBPKSgB9:zm5P8AsuN5VEpfh36UKz

Score

N/A

Malware Config

Signatures

Files

d979889ca49cd059d0ad12ba1ab214122c5668cc4c9e0f39bf57205e7535785e
.exe windows x86

fe0360e0e30d448729161ed5b53b3105

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
CloseHandle
GetProcessHeap
DisableThreadLibraryCalls
lstrcmpiW
lstrlenW
lstrcpyW
LocalFree
GetCurrentThread
IsBadStringPtrW
DeviceIoControl
InterlockedIncrement
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
OpenProcess
GetCurrentProcess
DuplicateHandle
CreateFileW
VirtualProtect
GetCommandLineA
MultiByteToWideChar
LCMapStringA
GetSystemTimeAsFileTime
GetSystemInfo
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
HeapSize
GetCPInfo
GetOEMCP
GetACP
HeapAlloc
HeapFree
RtlUnwind
GetModuleHandleA
GetStartupInfoA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
InterlockedExchange
VirtualQuery
ExitProcess
GetProcAddress
TerminateProcess
WriteFile
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetFileType
LoadLibraryA

user32

wsprintfW
BroadcastSystemMessageW
RegisterWindowMessageW

advapi32

SetServiceStatus
RegDeleteValueW
RegSetValueExW
GetKernelObjectSecurity
DeregisterEventSource
ReportEventW
RegisterEventSourceW
RegCreateKeyW
ConvertSidToStringSidW
CopySid
GetLengthSid
GetTokenInformation
OpenThreadToken
RegCloseKey
RegOpenKeyExW
EqualSid
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteKeyW
RegCreateKeyExW
RevertToSelf
ImpersonateLoggedOnUser
RegQueryValueExW
FreeSid
GetSecurityDescriptorLength

ole32

CLSIDFromString

rpcrt4

RpcImpersonateClient
RpcRevertToSelf
RpcServerInqBindings
RpcStringFreeW
RpcBindingToStringBindingW
RpcStringBindingParseW
RpcServerUseProtseqIfW
RpcServerRegisterIfEx
RpcBindingVectorFree

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 256KB - Virtual size: 509KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fe0360e0e30d448729161ed5b53b3105

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

rpcrt4

Sections

.text Size: 39KB - Virtual size: 39KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 256KB - Virtual size: 509KB

.rsrc Size: 2KB - Virtual size: 1KB

.text
Size: 39KB - Virtual size: 39KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 256KB - Virtual size: 509KB

.rsrc
Size: 2KB - Virtual size: 1KB