cdf0d935e32f01e75ac49161182144d5e6004df639f03b7e9392c1577c948761

Sharing

Copy URL

Twitter E-mail

General

Target

cdf0d935e32f01e75ac49161182144d5e6004df639f03b7e9392c1577c948761
Size

275KB
MD5

b43cd8d19a556953c4e20b3591fb7f36
SHA1

1af2c9c77b62754debebd3df6d000d92cfb1132f
SHA256

cdf0d935e32f01e75ac49161182144d5e6004df639f03b7e9392c1577c948761
SHA512

166d4cb69198f0b1cbb6512ec5867ad1ab518ac4504e695140d66900735ef394ee1a69dbcd07692a898fb15183642ade5e4e6d77a6253abdb17d5eca8b71a39c
SSDEEP

6144:L2J9n/ekxcnYvkGc9plVQYsvkk2EOqpJjSsTS:L2JUcX8LvVQY8kk2EO+d

Score

N/A

Malware Config

Signatures

Files

cdf0d935e32f01e75ac49161182144d5e6004df639f03b7e9392c1577c948761
.exe windows x86

2c59df6083165220959cf80ab831c667

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

wsprintfA
CharPrevExA
CharUpperBuffW
CharNextExA

advapi32

AddAccessDeniedAce
SetThreadToken
AddAccessAllowedAce
DeregisterEventSource
ReportEventW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegisterTraceGuidsA
RegCreateKeyExW
FreeSid
RegQueryValueExW
InitializeSecurityDescriptor
GetLengthSid
OpenSCManagerW
OpenServiceW
SetSecurityDescriptorDacl
RegisterServiceCtrlHandlerExW
GetTraceEnableFlags
DuplicateToken
LookupAccountSidA
GetTraceEnableLevel
InitializeAcl
RegSetValueExW
ConvertStringSecurityDescriptorToSecurityDescriptorA
UnregisterTraceGuids
GetTokenInformation
DuplicateTokenEx
RegisterEventSourceW
StartServiceCtrlDispatcherW
GetTraceLoggerHandle
TraceMessage
RegOpenKeyExW
RegCloseKey
CloseServiceHandle
AllocateAndInitializeSid
SetServiceStatus

rpcrt4

RpcServerUseProtseqEpA
NdrServerCall2
RpcMgmtStopServerListening
RpcServerListen
RpcServerUnregisterIf
RpcServerRegisterAuthInfoA
RpcServerRegisterIf

kernel32

CreateMutexW
UnregisterWaitEx
VirtualAlloc
HeapFree
GetVolumeInformationW
QueryPerformanceFrequency
LCMapStringA
CreateSemaphoreW
HeapDestroy
RaiseException
GetConsoleOutputCP
GlobalFree
ReleaseSemaphore
SetHandleCount
FreeEnvironmentStringsA
CreateEventW
ResetEvent
SystemTimeToFileTime
HeapAlloc
QueueUserWorkItem
GetVolumePathNamesForVolumeNameW
DeleteTimerQueueTimer
CreateFileMappingA
GetProcessHeap
UnlockFile
GetCurrentThreadId
CreateMutexA
RegisterWaitForSingleObject
CreateFileMappingW
UnhandledExceptionFilter
TlsFree
IsValidLocale
GetOEMCP
WideCharToMultiByte
MapViewOfFile
GetUserDefaultLCID
DeleteCriticalSection
GetTempFileNameW
CreateEventA
HeapReAlloc
OpenMutexA
IsValidCodePage
GetCommandLineA
GetPriorityClass
SetEndOfFile
CreateFileW
OpenProcess
CreateTimerQueueTimer
TlsAlloc
GetSystemTime
FreeEnvironmentStringsW
UnregisterWait
TlsGetValue
GetConsoleCP
EnumSystemLocalesA
CreateIoCompletionPort
MoveFileW
UnmapViewOfFile
DeleteTimerQueueEx
GetFileType
GetThreadPriority
GetShortPathNameA
ExpandEnvironmentStringsW
GetDriveTypeW
LoadLibraryExA
GetStdHandle
FlushFileBuffers
GetFileSizeEx
SetThreadPriority
GetSystemTimeAsFileTime
CreateProcessW
CreateFileA
FreeLibrary
GlobalMemoryStatusEx
DeleteFileW
LCMapStringW
GetComputerNameW
WriteConsoleA
GetConsoleMode
SetFilePointer
EnterCriticalSection
CloseHandle
ReleaseMutex
LeaveCriticalSection
IsDebuggerPresent
GetFileSize
HeapSize
VirtualFree
LocalFree
WaitForMultipleObjects
CompareStringW
CopyFileW
LockFileEx
GetModuleHandleA
CreateTimerQueue
GlobalAlloc
RtlUnwind
GetComputerNameA
SetFilePointerEx
CreateDirectoryW
WaitForSingleObject
GetACP
SetLastError
CreateThread
SetStdHandle
TlsSetValue
OpenEventA
GetLocalTime
WriteConsoleW
SetUnhandledExceptionFilter
GetQueuedCompletionStatus
GetSystemInfo
WriteFile
SetPriorityClass
PostQueuedCompletionStatus
SetErrorMode
ReadFile
CompareStringA
GetStartupInfoW
VirtualAllocEx

rtm

RtmCloseEnumerationHandle
RtmGetFirstRoute
RtmGetListEnumRoutes
RtmReleaseNextHopInfo
MgmGetMfe
RtmUpdateAndUnlockRoute
InsertIntoTable
RtmReleaseDests
RtmReadInstanceConfig
DumpTable
MgmReleaseInterfaceOwnership
MgmGetNextMfe
RtmReleaseRoutes

qedit

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 240KB - Virtual size: 558KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2c59df6083165220959cf80ab831c667

Headers

File Characteristics

Imports

user32

advapi32

rpcrt4

kernel32

rtm

qedit

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 240KB - Virtual size: 558KB

.rsrc Size: 4KB - Virtual size: 16KB

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 240KB - Virtual size: 558KB

.rsrc
Size: 4KB - Virtual size: 16KB