a4ae544e35ad9a5ee6bdcc0b9f5310b8a7b306b3de927b9fb48e96c3cd09fb37

Sharing

Copy URL Twitter E-mail

General

Target

a4ae544e35ad9a5ee6bdcc0b9f5310b8a7b306b3de927b9fb48e96c3cd09fb37
Size

41KB
MD5

5c2adb384b9f5aaad9eafdab41202def
SHA1

560225b29f7f31fc2aea7cc4cf723f62087aa45c
SHA256

a4ae544e35ad9a5ee6bdcc0b9f5310b8a7b306b3de927b9fb48e96c3cd09fb37
SHA512

b88bd8ac0b5d8b8968f3faa4f905601ec4ed2e8b518ab688e84c9439c48ff64eacccc727ca46a49a3cbbd6aab3ac1617e568a124eddb07de872f540bd06780ab
SSDEEP

768:XTpbiWD6zNlciv3NaZDdN1r9SI6p/ZyjyZxyMmLVs2Fw4mJvolagT1kXy2c+VQL:XTAWDqNlT+dDggIxyMmLK2Fwvv2agTmG

Score

N/A

Malware Config

Signatures

Files

a4ae544e35ad9a5ee6bdcc0b9f5310b8a7b306b3de927b9fb48e96c3cd09fb37
.exe windows x86

7d12646b6b97b9b3ee68fde699a84166

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

RpcStringBindingParseW
NdrOleAllocate
RpcRevertToSelf
RpcServerInqBindings
RpcStringFreeA
RpcBindingSetAuthInfoExW
RpcBindingFree
CStdStubBuffer_CountRefs
CStdStubBuffer_AddRef
RpcEpResolveBinding
RpcStringBindingComposeW
IUnknown_Release_Proxy
NdrDllGetClassObject
RpcServerUseProtseqEpW
NdrServerCall2
CStdStubBuffer_DebugServerQueryInterface
RpcImpersonateClient
IUnknown_QueryInterface_Proxy

gdi32

GetColorSpace

shell32

SHFileOperationW
SHBrowseForFolderA
DragQueryFileA
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
SHGetPathFromIDListA
SHChangeNotify
ShellExecuteExW
ShellExecuteA
SHBindToParent
SHGetFolderPathW
SHGetMalloc
SHGetSpecialFolderPathW
CommandLineToArgvW
DragQueryFileW
SHGetDesktopFolder
ShellExecuteW
SHGetSpecialFolderLocation

shlwapi

PathFindFileNameW
PathRemoveBlanksW
PathSkipRootW
StrStrIA
StrCmpIW
StrCpyNW
StrCmpNIA
StrCpyW
StrToIntExW
StrCatBuffW
PathRemoveFileSpecA
StrCatW
wnsprintfA
UrlUnescapeW
StrCmpNW
StrChrIW
SHDeleteKeyW
SHRegGetBoolUSValueW
PathAddBackslashW
UrlCanonicalizeW
PathRemoveExtensionW
PathRemoveBackslashW
SHDeleteValueA
PathCreateFromUrlW
PathFindExtensionW
PathFileExistsW
PathIsURLW
SHDeleteValueW
PathAppendW

msvcrt

_access
_rotr
rand
__p__osver
__p__iob
srand

ntdll

RtlCreateAcl
NtQueryValueKey
RtlFreeHeap
RtlCopySid
RtlSetEnvironmentVariable
RtlUpcaseUnicodeStringToOemString
RtlCreateTimer
NtAllocateVirtualMemory
RtlCopyLuid
wcsncpy
RtlSubAuthorityCountSid
RtlRegisterWait
NtTerminateThread
NtDelayExecution
NtReadFile
NtAllocateLocallyUniqueId
RtlFreeAnsiString
qsort
DbgPrint
NtRequestWaitReplyPort
RtlReAllocateHeap
_chkstk
NtOpenProcessToken
RtlNtStatusToDosError
NtWaitForSingleObject
wcsstr
_strnicmp
RtlWriteRegistryValue
RtlUnwind
_wcsicmp
RtlUnicodeStringToAnsiString
RtlSetOwnerSecurityDescriptor
NtQueryInformationFile
NtAdjustPrivilegesToken
RtlFreeUnicodeString
RtlAdjustPrivilege
RtlQueryInformationAcl
RtlAcquireResourceShared
RtlDestroyHeap
NtSetValueKey
RtlGetVersion
RtlxUnicodeStringToAnsiSize
RtlValidSid
RtlPrefixUnicodeString
NtOpenThread
NtQueryDirectoryFile
wcscat
RtlAllocateHeap
RtlGetOwnerSecurityDescriptor
NtOpenProcess
RtlCreateSecurityDescriptor
RtlIntegerToUnicodeString
RtlCreateEnvironment
_vsnprintf
RtlRaiseStatus
RtlEqualUnicodeString
RtlQueryEnvironmentVariable_U
RtlUpcaseUnicodeString
RtlOpenCurrentUser
RtlGUIDFromString
wcsncmp
RtlInitializeCriticalSectionAndSpinCount
RtlImageNtHeader
RtlLookupElementGenericTable
NtCancelIoFile
NtOpenSymbolicLinkObject
strrchr
RtlSizeHeap

version

VerQueryValueA
GetFileVersionInfoW
GetFileVersionInfoSizeA
VerFindFileW
GetFileVersionInfoA
GetFileVersionInfoSizeW
VerLanguageNameA
VerQueryValueW

advapi32

RegOpenKeyW
SetServiceStatus
CryptDestroyKey
MakeSelfRelativeSD
GetTraceEnableLevel
LockServiceDatabase
RegSetValueExW
OpenProcessToken
ConvertSidToStringSidW
InitializeSecurityDescriptor
RegQueryInfoKeyW
RegOpenKeyA
ConvertStringSidToSidW
RegEnumKeyW
CryptGenRandom
SetSecurityDescriptorDacl
UnregisterTraceGuids
RegEnumKeyA
SetEntriesInAclW
RegConnectRegistryW
RegEnumKeyExW
LsaFreeMemory
GetSidSubAuthorityCount
RegQueryValueA
ImpersonateLoggedOnUser
AllocateAndInitializeSid
DeleteService
RegDeleteKeyW
FreeSid
GetSecurityDescriptorOwner
AdjustTokenPrivileges
ConvertStringSecurityDescriptorToSecurityDescriptorW

user32

EnumChildWindows
InvalidateRect
IsZoomed
GetWindowPlacement
GetSystemMetrics
GetForegroundWindow
GetMessageA
IsMenu
IsChild
GetDC
GetClassNameA
OffsetRect
CreateWindowExW
SystemParametersInfoA
CharNextW
LoadStringW
DialogBoxParamW
CharUpperA
GetFocus
MapWindowPoints
wsprintfA
ClientToScreen
KillTimer
GetDlgItem
GetActiveWindow
RegisterClipboardFormatW
CreateDialogParamW

kernel32

OpenEventW
GetModuleHandleW
GetStringTypeA
SetLastError
GetModuleFileNameW
GetCommandLineA
InterlockedExchange
GetComputerNameW
GetProcAddress
lstrcmpA
HeapCreate
FormatMessageA
TlsGetValue
WaitForMultipleObjects
GetSystemDirectoryA
GetCurrentProcess
ExitProcess
TlsFree
GlobalAlloc
SetErrorMode
lstrlenW
GetCommandLineW
IsDebuggerPresent
SetUnhandledExceptionFilter
GetStartupInfoA
WaitForSingleObject
lstrcmpW
GetConsoleMode
CompareStringW
SetFileAttributesA
GetModuleHandleA
OpenMutexA
SetFilePointer
GetTickCount
FindClose
LocalAlloc
GetExitCodeProcess
GetUserDefaultLCID
lstrcpynA
CompareStringA
LCMapStringA
FileTimeToLocalFileTime
HeapReAlloc
IsBadReadPtr
GetFileAttributesA
MulDiv
CreateThread
CreateProcessA
InitializeCriticalSectionAndSpinCount
UnhandledExceptionFilter
MultiByteToWideChar
GetCurrentThread
HeapDestroy
CreateFileMappingA
ReleaseSemaphore
GetModuleFileNameA
CreateMutexW
LoadLibraryExA
HeapAlloc
CreateFileW
GetProcessHeap
VirtualAlloc

Sections

.code
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEKD
Size: 1024B - Virtual size: 996B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RT_CODE
Size: 1KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7d12646b6b97b9b3ee68fde699a84166

Headers

File Characteristics

Imports

rpcrt4

gdi32

shell32

shlwapi

msvcrt

ntdll

version

advapi32

user32

kernel32

Sections

.code Size: 53KB - Virtual size: 53KB

PAGEKD Size: 1024B - Virtual size: 996B

RT_CODE Size: 1KB - Virtual size: 47KB

.rsrc Size: 4KB - Virtual size: 4KB

.code
Size: 53KB - Virtual size: 53KB

PAGEKD
Size: 1024B - Virtual size: 996B

RT_CODE
Size: 1KB - Virtual size: 47KB

.rsrc
Size: 4KB - Virtual size: 4KB