f19cce1ed9aef5243056432263ecd75551430626f0b0d83cb86ec8935f72bce3

Sharing

Copy URL Twitter E-mail

General

Target

f19cce1ed9aef5243056432263ecd75551430626f0b0d83cb86ec8935f72bce3
Size

51KB
MD5

e32e4664a17f8862e7040c54013082b8
SHA1

ae60780daa95db6e1ada6d934f858fde0ec00861
SHA256

f19cce1ed9aef5243056432263ecd75551430626f0b0d83cb86ec8935f72bce3
SHA512

424e90c81efc575767df6975fafd1e58ad3347de90812306447729a9a1e7a914fe798481ca7603aef5e5f69e7a00bf8aea2a2ede6e638637560ad733a00031c6
SSDEEP

768:rhYoak6EcUIdOf6Ksri0hIoZqP+aZA7Nqrc5lW+A/MBZJV/OpmiVgIFYr3xVqp3X:rhYorkUIdCWi0H8ZslrWppjVyZqgo

Score

N/A

Malware Config

Signatures

Files

f19cce1ed9aef5243056432263ecd75551430626f0b0d83cb86ec8935f72bce3
.exe windows x86

6afba15952d3623b07097fd9fd9e5b5e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__setusermatherr
_initterm
__getmainargs
__initenv
exit
_adjust_fdiv
_XcptFilter
_exit
_c_exit
_stricmp
_wcsnicmp
wcscat
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_cexit
wcsrchr
wcslen
wcscpy

advapi32

SetServiceStatus
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
AllocateAndInitializeSid
FreeSid
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
GetLengthSid
InitializeAcl
AddAccessAllowedAce
AddAccessDeniedAce
GetAce
SetSecurityDescriptorDacl
GetSecurityDescriptorLength
MakeSelfRelativeSD
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW

kernel32

LeaveCriticalSection
EnterCriticalSection
SetLastError
OpenProcess
InterlockedIncrement
GetLastError
InterlockedDecrement
GetProcAddress
GetSystemDirectoryW
GetModuleHandleW
GetModuleHandleA
InitializeCriticalSection
SetEvent
RaiseException
LocalAlloc
FreeLibrary
InterlockedExchange
LocalFree
LoadLibraryA
ExitThread
CloseHandle
WaitForSingleObject
CreateEventW
CreateThread
ExitProcess
Sleep
OpenEventW

gdi32

GdiInitSpool
bMakePathNameW
GdiGetSpoolMessage

rpcrt4

RpcRevertToSelf
NdrServerCall2
RpcServerUseProtseqEpA
RpcServerRegisterIf2
I_RpcSsDontSerializeContext
RpcMgmtSetServerStackSize
RpcServerListen
RpcImpersonateClient

ntdll

RtlValidRelativeSecurityDescriptor

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6afba15952d3623b07097fd9fd9e5b5e

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

advapi32

kernel32

gdi32

rpcrt4

ntdll

Sections

.text Size: 40KB - Virtual size: 40KB

.data Size: 5KB - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 8KB

.text
Size: 40KB - Virtual size: 40KB

.data
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 8KB