d72240b8fd25c963000344380f79b488bebd37d2ee0191928d5baba93788f9ab

Sharing

Copy URL

Twitter E-mail

General

Target

d72240b8fd25c963000344380f79b488bebd37d2ee0191928d5baba93788f9ab
Size

176KB
MD5

5e029d2dc63ac1482febb66ad51da755
SHA1

1ee222855b2b67c91cc72591ab3588740945cd50
SHA256

d72240b8fd25c963000344380f79b488bebd37d2ee0191928d5baba93788f9ab
SHA512

7ddfb4d5878231d0bb70736ab4a1e3e6d24a9bc7c0f9267fd978fa9057ee7d6625a92d201253f669af7017606338fc4cb0acbcff1871e4d96bd225fe4541d50f
SSDEEP

3072:SMSHT8FgBYp4Fdi4qJEooYMi7pEt93wkft3i/yqhBLAoV6:fi8FgBf3TiMi7u3i6SO

Score

N/A

Malware Config

Signatures

Files

d72240b8fd25c963000344380f79b488bebd37d2ee0191928d5baba93788f9ab
.exe windows x86

5c829f411cf5a41b6027b521807ee5be

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteFileA
lstrcmpA
FindNextFileA
FindFirstFileA
CreateDirectoryA
GetWindowsDirectoryA
lstrcatA
GetVolumeInformationA
SetErrorMode
GetLogicalDriveStringsA
LockResource
LoadResource
SizeofResource
FindResourceA
GetModuleHandleA
FreeLibrary
GetProcAddress
FindClose
GetCurrentProcess
Module32Next
Module32First
CreateToolhelp32Snapshot
Process32Next
Process32First
Sleep
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
OpenProcess
AllocConsole
CreateThread
LCMapStringA
SetEnvironmentVariableA
CompareStringW
CreateFileA
GetFileSize
ReadFile
CloseHandle
BeginUpdateResourceA
UpdateResourceA
GetLastError
EndUpdateResourceA
GetModuleFileNameA
GetSystemDirectoryA
CopyFileA
lstrlenA
lstrcpyA
LoadLibraryA
CompareStringA
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
GetOEMCP
GetACP
GetCPInfo
HeapAlloc
GetTimeZoneInformation
GetSystemTime
GetLocalTime
RtlUnwind
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
WriteFile
SetFilePointer
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
VirtualFree
HeapFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
TerminateProcess
GetFileAttributesA
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetStdHandle
SetEndOfFile
FlushFileBuffers
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
LCMapStringW

user32

ShowWindow
FindWindowA

advapi32

OpenSCManagerA
CreateServiceA
OpenServiceA
StartServiceA
CloseServiceHandle
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyA
RegSetValueExA
RegCloseKey

shell32

ShellExecuteA

urlmon

URLDownloadToFileA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5c829f411cf5a41b6027b521807ee5be

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

urlmon

version

Sections

.text Size: 40KB - Virtual size: 36KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 9KB

.rsrc Size: 120KB - Virtual size: 120KB

.text
Size: 40KB - Virtual size: 36KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 9KB

.rsrc
Size: 120KB - Virtual size: 120KB