4cb2f444cbb31948ef392617e4082343a322e543f7d9ab5193ca2013e1f8b8cc

Sharing

Copy URL Twitter E-mail

General

Target

4cb2f444cbb31948ef392617e4082343a322e543f7d9ab5193ca2013e1f8b8cc
Size

3.2MB
MD5

e53961508c02c2aa280b54db68bdc13d
SHA1

1dfbca2e04d4ce8a68baf0ae751920649ce419af
SHA256

4cb2f444cbb31948ef392617e4082343a322e543f7d9ab5193ca2013e1f8b8cc
SHA512

1e79dd13e193da5010395e6761975c6b162736c8741ad5b8b9824cf80ea1200e5ef7e35eb4bd27de7802ac4d0fa340f4d865a719c70405593b9466a58fd3cfba
SSDEEP

49152:MdiBeagRjzQM2cZQSQbe8WyOcRWpCP7UVG9k2cfkrqlnHwwfK5iJuyV1K5cojcxu:NY0x5NMKSL1vKRkhhKEAzh9SJc+g8q

Score

N/A

Malware Config

Signatures

Files

4cb2f444cbb31948ef392617e4082343a322e543f7d9ab5193ca2013e1f8b8cc
.exe windows x86

522613916868e4512bdf9a470d3400f6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

TraceMessage
RegCloseKey
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
SetServiceStatus
RegOpenKeyExW
RegQueryValueExW
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
FreeSid
RegDeleteKeyW
RegCreateKeyExW
CheckTokenMembership
AllocateAndInitializeSid
ConvertStringSidToSidW
RegEnumKeyW
RegQueryInfoKeyW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegSetKeySecurity
RegDeleteValueW
RegSetValueExW
CryptGenRandom
CryptAcquireContextW
CryptReleaseContext
DeregisterEventSource
ReportEventW
RegisterEventSourceW
EqualSid
OpenProcessToken
ConvertSidToStringSidW
LookupAccountNameW
RegEnumKeyExW
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptDestroyKey
CryptEncrypt
CryptDecrypt
CryptImportKey
CryptSignHashA
CryptVerifySignatureA
CryptExportKey
CryptGenKey
RegisterTraceGuidsA
GetTokenInformation

kernel32

Sleep
InitializeCriticalSectionAndSpinCount
WaitForSingleObject
GetCurrentThreadId
DeleteTimerQueueEx
ReleaseSemaphore
LoadLibraryW
SetThreadPriority
GetThreadPriority
DuplicateHandle
GetCurrentProcess
GetCurrentThread
OpenThread
GetTickCount
ReleaseMutex
CreateSemaphoreW
IsWow64Process
OpenMutexW
CreateMutexW
ExpandEnvironmentStringsW
GetTimeFormatW
GetDateFormatW
FileTimeToSystemTime
SetFileAttributesW
GetFileAttributesW
ChangeTimerQueueTimer
CreateDirectoryW
WriteFile
CreateFileW
GetFileSizeEx
QueueUserWorkItem
ReadFile
GetFileSize
MultiByteToWideChar
OpenProcess
GetCurrentProcessId
GetSystemInfo
CompareFileTime
SystemTimeToFileTime
GetSystemTimeAsFileTime
DeleteTimerQueue
WaitForMultipleObjects
GetDevicePowerState
CreateSemaphoreA
InterlockedExchangeAdd
GetPrivateProfileStringW
GetPrivateProfileSectionW
GetFullPathNameW
InitializeCriticalSection
SetLastError
VirtualProtect
VirtualFree
VirtualAlloc
GetLocalTime
MoveFileExW
CopyFileW
FlushFileBuffers
DeleteFileW
SetFilePointer
CreateFileMappingW
MapViewOfFile
GetModuleHandleW
UnmapViewOfFile
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetComputerNameW
DeviceIoControl
GetLocaleInfoW
GetSystemDirectoryW
LCMapStringW
WideCharToMultiByte
GetVersionExA
GetVersion
VirtualQuery
UnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
InterlockedExchange
UnregisterWaitEx
SetEvent
GetModuleHandleExW
GetProcAddress
CreateTimerQueue
CreateTimerQueueTimer
CreateEventW
RegisterWaitForSingleObject
RaiseException
InterlockedDecrement
GetVersionExW
InterlockedIncrement
GetLastError
HeapSetInformation
DeleteTimerQueueTimer
LeaveCriticalSection
LocalFree
EnterCriticalSection
LocalAlloc
DeleteCriticalSection
FreeLibrary
CloseHandle
DecodePointer
EncodePointer
InterlockedCompareExchange
HeapFree
GetProcessHeap
HeapAlloc
lstrlenW

msvcrt

rand
srand
time
memset
_vscwprintf
_beginthreadex
_vsnwprintf
_itow
_wtoi
_ui64tow
_wtof
free
malloc
_controlfp
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
wcsncmp
_wcsnicmp
wcschr
memmove
swscanf
_wcsicmp
_purecall
sscanf
memcpy

rpcrt4

NdrServerCall2
RpcServerRegisterIfEx
RpcServerUseProtseqEpW
RpcServerListen
RpcServerUnregisterIf
RpcMgmtStopServerListening
I_RpcBindingInqLocalClientPID
RpcServerInqCallAttributesW
RpcRaiseException
RpcStringFreeW
RpcRevertToSelfEx
RpcImpersonateClient
UuidCreate
UuidFromStringW
UuidToStringW
I_RpcMapWin32Status

ntdll

NtQueryInformationThread
NtSetInformationThread
RtlUnwind
RtlFreeHeap
RtlAllocateHeap
RtlInitUnicodeString
RtlEnterCriticalSection
RtlLeaveCriticalSection
RtlCopyUnicodeString
RtlCompareUnicodeString

ole32

CoInitializeSecurity
CoUninitialize
CoInitializeEx

Exports

Exports

?SPRevision@@3PADA
?SPVersion@@3PADA

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 258KB - Virtual size: 257KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 192KB - Virtual size: 1.3MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

522613916868e4512bdf9a470d3400f6

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

rpcrt4

ntdll

ole32

Exports

Exports

Sections

.text Size: 2.7MB - Virtual size: 2.7MB

.data Size: 258KB - Virtual size: 257KB

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 88KB - Virtual size: 88KB

.vmp0 Size: 192KB - Virtual size: 1.3MB

.text
Size: 2.7MB - Virtual size: 2.7MB

.data
Size: 258KB - Virtual size: 257KB

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 88KB - Virtual size: 88KB

.vmp0
Size: 192KB - Virtual size: 1.3MB