ac7817d1b6518b46202d0cdcd83df3694a049940aa2e98a6f20bea412ffca053

Sharing

Copy URL

Twitter E-mail

General

Target

ac7817d1b6518b46202d0cdcd83df3694a049940aa2e98a6f20bea412ffca053
Size

170KB
MD5

9e265e545ca9fde14ff1807b683e5766
SHA1

2cda602da1676a3afda4de33fc02a1a8d3d65e83
SHA256

ac7817d1b6518b46202d0cdcd83df3694a049940aa2e98a6f20bea412ffca053
SHA512

2c7cd161427ff32fa0b94f505192bda0d3786580dd67362ef5bbeeef5c721a9e179d6b589f31d99a3ed05d328f2ae6de8102bf01c4e18921c2377ac79c673661
SSDEEP

3072:1CuWBWxDUBWa6FKlSfCNifa4tajHGr6GmYiJf6RHChDw6WdjR1o6WLDfs77TnZXp:17WBWxgBWNFK4TajmrCYu6lChZW9R1oh

Score

N/A

Malware Config

Signatures

Files

ac7817d1b6518b46202d0cdcd83df3694a049940aa2e98a6f20bea412ffca053
.exe windows x86

260f32635d0031845155cae7c1522e66

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

LdrFindEntryForAddress
ZwDuplicateObject
ZwGetContextThread
ZwWaitForSingleObject
ZwDelayExecution
ZwSetInformationFile
RtlExitUserThread
ZwWriteVirtualMemory
ZwQueryInformationProcess
ZwResumeThread
RtlIpv4StringToAddressA
RtlFormatCurrentUserKeyPath
ZwCreateKey
ZwQueryValueKey
ZwAllocateLocallyUniqueId
RtlRandom
ZwSetValueKey
RtlNtStatusToDosError
memset
RtlComputeCrc32
RtlTimeToTimeFields
RtlFreeUnicodeString
RtlDosPathNameToNtPathName_U
ZwWriteFile
ZwCreateFile
wcscpy
wcscat
wcslen
RtlPrefixUnicodeString
RtlGetCurrentPeb
DbgPrint
sprintf
RtlInitUnicodeString
swprintf
ZwOpenFile
ZwClose
strcpy
strlen
strchr
strtoul
memcmp
RtlRemoveVectoredExceptionHandler
LdrUnloadDll
LdrLoadDll
ZwMapViewOfSection
ZwCreateSection
RtlAddVectoredExceptionHandler
RtlImageNtHeader
ZwSetContextThread
RtlGetFrame
RtlPopFrame
RtlPushFrame
memcpy
strcmp
ZwCreateEvent
ZwQueryInformationToken
ZwOpenProcessToken
ZwQueryVolumeInformationFile
RtlAdjustPrivilege
ZwTerminateThread
ZwOpenEvent
_allshr

kernel32

GetSystemTimeAsFileTime
GetVersion
GetSystemDefaultLangID
BindIoCompletionCallback
GetLastError
Sleep
CreateTimerQueueTimer
GetModuleHandleW
CreateProcessW
GetTickCount
ExitProcess
LocalFree
DeleteTimerQueueTimer
LocalAlloc

advapi32

MD5Final
MD5Update
MD5Init

shell32

ShellExecuteExW

cabinet

ord22
ord20
ord23

ws2_32

WSACleanup
WSAStartup
WSASocketW
WSAGetLastError
closesocket
bind
WSAIoctl
WSARecv
WSASend
setsockopt
WSASendTo
WSARecvFrom

crypt32

CryptVerifyMessageSignature

Sections

.text
Size: 163KB - Virtual size: 163KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

260f32635d0031845155cae7c1522e66

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

advapi32

shell32

cabinet

ws2_32

crypt32

Sections

.text Size: 163KB - Virtual size: 163KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 228B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 163KB - Virtual size: 163KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 228B

.reloc
Size: 1KB - Virtual size: 1KB