29b6d5fefc1a3cf3b430943681a2fad079274287aa182d834233186f52a16005

Sharing

Copy URL Twitter E-mail

General

Target

29b6d5fefc1a3cf3b430943681a2fad079274287aa182d834233186f52a16005
Size

115KB
MD5

357517dc803390c5d74a4c3d3dd85880
SHA1

171abb0b69e0b3ae854ce9853ba646e476c7370e
SHA256

29b6d5fefc1a3cf3b430943681a2fad079274287aa182d834233186f52a16005
SHA512

08c7ff641678e46354deffc15569ba8217f927c5deb9901b836a848ce4ab971bac8661a089d425c304a2002ce6d0f4decc47489be919dc9e897e5f8905882340
SSDEEP

1536:kPCXR3JFAhl5ErRCFgN3eGJQ48Fph/CPTKt3zS6bXy3wy9O:k6lAzuG8PJQ4DT0u6Ogy

Score

N/A

Malware Config

Signatures

Files

29b6d5fefc1a3cf3b430943681a2fad079274287aa182d834233186f52a16005
.exe windows x86

c1d533ebefb2bfc5721aac00fcd9664a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP

Imports

msvcrt

wcscmp
swprintf
memmove
wcstok
_wsplitpath
sprintf
strrchr
_c_exit
_exit
_XcptFilter
_cexit
wcstol
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
wcslen
_wcsicmp
exit
_wtoi64
wcscpy
wcschr
wcscat
wcsncpy

advapi32

RegEnumKeyExW
RegDeleteKeyW
RegSetValueExW
OpenProcessToken
GetTokenInformation
AdjustTokenPrivileges
RegOpenKeyExW
RegQueryValueExW
RegEnumValueW
RegCloseKey
RegCreateKeyExW
RegDeleteValueW

kernel32

GetTickCount
QueryPerformanceCounter
GetFileSize
ReadFile
CreateFileA
DosDateTimeToFileTime
LocalFileTimeToFileTime
TerminateProcess
SetFileAttributesA
_lcreat
_llseek
GetCurrentThreadId
_lwrite
_lread
_lopen
GetVersionExW
MoveFileExW
VerifyVersionInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetModuleHandleA
GetStartupInfoA
_lclose
GetSystemTimeAsFileTime
MultiByteToWideChar
RemoveDirectoryW
GetSystemDirectoryW
CreateDirectoryW
SetFileTime
VerSetConditionMask
GetWindowsDirectoryW
GetProcAddress
lstrcpyW
GetLocaleInfoW
GetLastError
CreateMutexW
GetCurrentProcessId
GetPrivateProfileStringW
GetVolumeInformationW
GetModuleFileNameW
CloseHandle
FreeLibrary
LocalFree
GetPrivateProfileIntW
GetSystemDefaultUILanguage
SetFileAttributesW
GetFileAttributesW
DeleteFileW
WaitForSingleObject
CreateProcessW
lstrcatW
WriteFile
CreateFileW
SetFilePointer
FormatMessageW
lstrlenW
LocalAlloc
GetCurrentProcess
ExitProcess
DeviceIoControl
LoadLibraryW
GetModuleHandleW
GetSystemInfo
lstrcmpW
GetUserDefaultUILanguage
GetDiskFreeSpaceExW
OutputDebugStringW
GetSystemDefaultLangID
GlobalFree
GetCommandLineW
FindClose
FindNextFileW
FindFirstFileW
lstrcmpiW
CopyFileW
WideCharToMultiByte

user32

LoadCursorW
wsprintfW
MessageBoxW
LoadStringW
SetForegroundWindow
ShowWindow
IsIconic
IsWindow
FindWindowW
SendMessageW
GetDlgItem
EndDialog
GetSystemMetrics
GetClientRect
SetWindowTextW
CreateDialogParamW
ExitWindowsEx
PostMessageW
SetWindowLongW
GetSysColor
DestroyWindow
EnableWindow
CheckDlgButton
IsDlgButtonChecked
SetCursor
SetDlgItemTextA
IsWindowVisible
GetDesktopWindow
CharLowerW
WinHelpW
LoadIconW
SetFocus
DialogBoxParamW
MessageBoxA
LoadStringA
DispatchMessageW
TranslateMessage
PeekMessageW

comctl32

ord17

setupapi

SetupCloseInfFile
SetupFindFirstLineW
SetupOpenInfFileW
SetupFindNextLine
SetupGetStringFieldW
SetupGetIntField

shlwapi

StrCatW
StrStrIW
StrRChrIW
PathCombineW
PathAppendW
PathFileExistsW

shell32

ord680
CommandLineToArgvW
ShellExecuteExW

lz32

LZClose
LZCopy
LZOpenFileW
GetExpandedNameW

Sections

.text
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

lkeohar
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c1d533ebefb2bfc5721aac00fcd9664a

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

advapi32

kernel32

user32

comctl32

setupapi

shlwapi

shell32

lz32

Sections

.text Size: 42KB - Virtual size: 42KB

.data Size: 512B - Virtual size: 27KB

.rsrc Size: 72KB - Virtual size: 73KB

lkeohar Size: - Virtual size: 4KB

.text
Size: 42KB - Virtual size: 42KB

.data
Size: 512B - Virtual size: 27KB

.rsrc
Size: 72KB - Virtual size: 73KB

lkeohar
Size: - Virtual size: 4KB