aef521b434a806377db3b4b1dc53d15a9ba74b0cfad61d7b6cd1c5f367c1debb

Sharing

Copy URL

Twitter E-mail

General

Target

aef521b434a806377db3b4b1dc53d15a9ba74b0cfad61d7b6cd1c5f367c1debb
Size

445KB
MD5

a0724f073ab8c57c6b6844991b456709
SHA1

0416b3521b9f78d88061cda92b6e830376c98189
SHA256

aef521b434a806377db3b4b1dc53d15a9ba74b0cfad61d7b6cd1c5f367c1debb
SHA512

76b057174bfaa4cbb5c62e80c8302623ebe3705be6c4b1c6b072754378235953a19d1a997faf3598b17eb0ece30a2d10e517cddc8def925442dfd0acfa8ff113
SSDEEP

12288:OnDkF1xi/8dwZs/mUxk2C/iLiCGbRCCGbRCCD:BYsre2C/IT

Score

N/A

Malware Config

Signatures

Files

aef521b434a806377db3b4b1dc53d15a9ba74b0cfad61d7b6cd1c5f367c1debb
.exe windows x86

20f011b3c331debaf579bb83bd45c7f3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

QueryDosDeviceW
GetSystemDirectoryW
CreateProcessW
OpenEventW
GetExitCodeThread
SetEndOfFile
GetEnvironmentVariableW
lstrcatW
SetEnvironmentVariableW
LoadLibraryW
SetUnhandledExceptionFilter
lstrcpynA
SetErrorMode
GetCommandLineW
GetCurrentThreadId
TerminateThread
GetExitCodeProcess
GetCurrentProcessId
CreateToolhelp32Snapshot
Process32FirstW
ProcessIdToSessionId
OpenProcess
Process32NextW
WaitForSingleObject
TerminateProcess
ReadProcessMemory
CreateEventW
LoadLibraryExW
InterlockedIncrement
LeaveCriticalSection
EnterCriticalSection
FreeLibrary
HeapAlloc
GetCurrentThread
GetCurrentProcess
CloseHandle
MultiByteToWideChar
SetEvent
GetModuleFileNameW
lstrcpyW
lstrcpynW
lstrcmpiW
GetModuleHandleW
GetProcAddress
GetProcessHeap
HeapFree
GetComputerNameW
lstrlenW
LocalFree
GetVersionExW
InterlockedDecrement
GetLastError
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
WaitForMultipleObjects
RaiseException
FindFirstFileA
FindNextFileA
GetComputerNameExW
ExpandEnvironmentStringsW
OpenFileMappingW
lstrcpyA
CreateFileMappingW
CreateMutexW
CreateSemaphoreW
IsBadReadPtr
lstrlenA
GetFileInformationByHandle
GetLocalTime
SystemTimeToFileTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
SetFileAttributesW
MapViewOfFile
UnmapViewOfFile
InterlockedExchangeAdd
ReleaseSemaphore
ReleaseMutex
GlobalAlloc
GlobalReAlloc
GlobalFree
SetThreadPriority
DuplicateHandle
ResetEvent
FindFirstFileW
GetFileTime
FindNextFileW
FindClose
GetSystemTime
GlobalSize
GlobalLock
GlobalUnlock
CreateDirectoryW
GetFileAttributesExW
GetTempPathW
GetTempFileNameW
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
HeapDestroy
HeapReAlloc
HeapSize
RtlUnwind
UnhandledExceptionFilter
IsDebuggerPresent
ExitThread
CreateThread
GetStartupInfoW
HeapCreate
VirtualFree
FatalAppExitA
VirtualAlloc
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCPInfo
GetOEMCP
IsValidCodePage
Sleep
LCMapStringA
WideCharToMultiByte
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
SetConsoleCtrlHandler
LoadLibraryA
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoW
GetTimeZoneInformation
CreateFileA
FlushFileBuffers
CompareStringA
CompareStringW
SetEnvironmentVariableA
CreateFileW
DeleteFileW
ReadFile
GetFileSize

user32

PostThreadMessageW
DispatchMessageW
MsgWaitForMultipleObjects
wsprintfW
CharLowerBuffW
GetDesktopWindow
TranslateMessage
IsWindow
GetWindowThreadProcessId
GetParent
UnregisterClassA
CharNextW
PeekMessageW

advapi32

CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerExW
DuplicateTokenEx
SetTokenInformation
LookupPrivilegeValueW
AdjustTokenPrivileges
CreateProcessAsUserW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
CreateServiceW
RegGetKeySecurity
RegOpenKeyW
RegSetKeySecurity
RegQueryValueExW
OpenThreadToken
OpenProcessToken
SetServiceStatus
StartServiceW
ControlService
DeleteService
OpenSCManagerW
OpenServiceW
CloseServiceHandle
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
SetSecurityDescriptorDacl
LookupAccountNameW
ConvertSidToStringSidW
GetTokenInformation
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
IsValidSid
GetLengthSid
CopySid
RegOpenKeyExW
RegCloseKey
CryptEncrypt
CryptDecrypt
CryptDestroyKey
CryptDeriveKey
LookupAccountSidW
CryptAcquireContextW

ole32

CreateStreamOnHGlobal
GetHGlobalFromStream
StringFromCLSID
CoRegisterPSClsid
CoRegisterClassObject
CoUninitialize
CoInitializeEx
CoInitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
CoRevokeClassObject
CoInitializeSecurity

oleaut32

SetErrorInfo
GetErrorInfo
VarI4FromStr
SafeArrayCreateVector
SystemTimeToVariantTime
SafeArrayDestroy
SafeArrayCreate
SysStringByteLen
SysAllocStringByteLen
SafeArrayGetElement
SafeArrayPutElement
VariantChangeType
VariantClear
VariantInit
VarBstrCmp
VarBstrCat
SafeArrayRedim
VarUI4FromStr
VarBstrFromI4
SysAllocString
SysAllocStringLen
SysFreeString
SysStringLen
SafeArrayAccessData
SafeArrayUnaccessData
CreateErrorInfo

shlwapi

PathAppendA
PathFindFileNameA
PathIsDirectoryA
PathRemoveFileSpecA
PathSkipRootW
SHCreateStreamOnFileW
PathMatchSpecA
PathRemoveFileSpecW
PathFileExistsW
PathStripPathW
PathAppendW
PathMatchSpecW
PathFindFileNameW
PathIsDirectoryW
PathSkipRootA

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

psapi

GetModuleFileNameExW
EnumProcessModules
GetModuleBaseNameW

wtsapi32

WTSQuerySessionInformationW
WTSCloseServer
WTSFreeMemory
WTSOpenServerW

netapi32

NetWkstaUserEnum
NetApiBufferFree

rpcrt4

RpcStringFreeW
UuidCreate
UuidToStringW

Sections

.text
Size: 344KB - Virtual size: 341KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

20f011b3c331debaf579bb83bd45c7f3

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

userenv

psapi

wtsapi32

netapi32

rpcrt4

Sections

.text Size: 344KB - Virtual size: 341KB

.rdata Size: 60KB - Virtual size: 57KB

.data Size: 12KB - Virtual size: 20KB

.rsrc Size: 4KB - Virtual size: 1KB

.text
Size: 344KB - Virtual size: 341KB

.rdata
Size: 60KB - Virtual size: 57KB

.data
Size: 12KB - Virtual size: 20KB

.rsrc
Size: 4KB - Virtual size: 1KB