a6ba7b4adce22d87fe0a1d4169700308a677ca00ca12393ad44dcc6da0d72e80

Sharing

Copy URL Twitter E-mail

General

Target

a6ba7b4adce22d87fe0a1d4169700308a677ca00ca12393ad44dcc6da0d72e80
Size

178KB
MD5

47d1fc7bfbed3a31db49e88ce1d5a338
SHA1

12a123438d0f2b2f14c2b15a891c0bf229f8ef90
SHA256

a6ba7b4adce22d87fe0a1d4169700308a677ca00ca12393ad44dcc6da0d72e80
SHA512

9cc8045f0cac2be92c268bed1ab568fcc22ccae356bfb438ede9968f642be708adb1cb9efcd9a067c866fe2bc1961f7e8a47a50ee95334186a2afcf9dce4eb81
SSDEEP

3072:VQQ9vLVq4Wty5uge/+OYHyIKtLxu7IAN+TRypAO6eXW:VQQ9vIP88w5KXu7B0TI6neX

Score

N/A

Malware Config

Signatures

Files

a6ba7b4adce22d87fe0a1d4169700308a677ca00ca12393ad44dcc6da0d72e80
.exe windows x64

4e5af20f7310751895f9b31dff069993

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

setupapi

SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList

ntdll

strncpy
memmove
memchr
memcpy
memcmp
RtlLookupFunctionEntry
RtlPcToFileHeader
RtlUnwindEx
NtTerminateProcess
RtlUnhandledExceptionFilter
RtlVirtualUnwind
memset
RtlCaptureContext

kernel32

GetACP
LocalFree
GetLastError
LocalAlloc
GetLocaleInfoA
GetOEMCP
GetVersionExA
HeapFree
HeapAlloc
GetProcessHeap
IsBadReadPtr
IsBadWritePtr
IsBadCodePtr
HeapReAlloc
ReadFile
SetStdHandle
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
LCMapStringA
LCMapStringW
LoadLibraryA
LeaveCriticalSection
GetStringTypeW
GetStringTypeA
CloseHandle
SetFilePointer
FlushFileBuffers
SetUnhandledExceptionFilter
DeleteCriticalSection
EnterCriticalSection
Sleep
InitializeCriticalSection
MultiByteToWideChar
GetCommandLineA
GetStartupInfoA
RaiseException
GetCPInfo
TlsAlloc
SetLastError
GetCurrentThreadId
TlsFree
TlsSetValue
TlsGetValue
GetProcAddress
GetModuleHandleA
ExitProcess
HeapSize
WriteFile
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapSetInformation
HeapCreate

user32

LoadIconA
wsprintfA

advapi32

RegQueryValueExA
RegEnumValueA
RegEnumKeyExA
AllocateAndInitializeSid
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
FreeSid
RegSetValueExA
RegOpenKeyExA
RegQueryInfoKeyA
RegEnumKeyA
RegCloseKey
RegDeleteKeyA
RegCreateKeyExA

Sections

.text
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 29KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

thchiai
Size: 30KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

mnyzmap
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4e5af20f7310751895f9b31dff069993

Headers

DLL Characteristics

File Characteristics

Imports

setupapi

ntdll

kernel32

user32

advapi32

Sections

.text Size: 76KB - Virtual size: 75KB

.rdata Size: 27KB - Virtual size: 26KB

.data Size: 7KB - Virtual size: 16KB

.pdata Size: 7KB - Virtual size: 7KB

.rsrc Size: 29KB - Virtual size: 30KB

thchiai Size: 30KB - Virtual size: 32KB

mnyzmap Size: - Virtual size: 4KB

.text
Size: 76KB - Virtual size: 75KB

.rdata
Size: 27KB - Virtual size: 26KB

.data
Size: 7KB - Virtual size: 16KB

.pdata
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 29KB - Virtual size: 30KB

thchiai
Size: 30KB - Virtual size: 32KB

mnyzmap
Size: - Virtual size: 4KB