c6815f102ee27fc2bc37b03f51549e779e4659ecdc3232ed266c56a1b61f5f92

Sharing

Copy URL Twitter E-mail

General

Target

c6815f102ee27fc2bc37b03f51549e779e4659ecdc3232ed266c56a1b61f5f92
Size

598KB
MD5

1a797191205a0ae81bce95e3b403f069
SHA1

c602f1f583667dd3b56c7a6c9e23073b5082f874
SHA256

c6815f102ee27fc2bc37b03f51549e779e4659ecdc3232ed266c56a1b61f5f92
SHA512

f04e6d4f9705779c818103fcd2282f6bc0684bc9fa32c1daa6337e0e3a8db7b6085fe7f340a010d8e6610ad81aa7f602ad5451f9ae007cb454bfde5f9d1a51ee
SSDEEP

12288:nS8tyzcg29Cf98Qg3ayNcMaxwn7mIEb7A3jjj8PqaIyL6M:/tOyQg3a9M9SIJ3jjsBE

Score

N/A

Malware Config

Signatures

Files

c6815f102ee27fc2bc37b03f51549e779e4659ecdc3232ed266c56a1b61f5f92
.exe windows x86

98b7774bbda083d59cabb3cd2f6355a8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleW
VirtualAlloc
GetPrivateProfileIntA
PrivMoveFileIdentityW
GetModuleHandleA
GetFileSizeEx
GetCurrentThread
SetConsoleInputExeNameA
GetCurrentProcessId
VerSetConditionMask
EnumDateFormatsExW
GetStringTypeA
SetFileApisToOEM
FindFirstVolumeMountPointW
GetStringTypeW
SuspendThread
GetCurrentThreadId
GetCommState
GetVolumeNameForVolumeMountPointW
GetEnvironmentStringsW
HeapLock
EnumResourceLanguagesA
GetCurrentProcess
FillConsoleOutputCharacterW
LeaveCriticalSection

rpcrt4

RpcServerRegisterAuthInfoW
RpcServerInqBindings
MesBufferHandleReset
CStdStubBuffer_Disconnect
RpcStringBindingParseW
NDRCContextBinding
RpcRevertToSelf
RpcBindingSetOption
RpcServerListen
MesDecodeBufferHandleCreate
RpcNetworkIsProtseqValidW

uxtheme

GetThemeAppProperties
GetThemeTextExtent
IsThemeActive
GetThemeString
CloseThemeData
DrawThemeParentBackground
DrawThemeIcon
GetThemeSysFont
EnableThemeDialogTexture
GetThemeFont
IsThemeBackgroundPartiallyTransparent
OpenThemeData
DrawThemeBackground

winsta

WinStationNameFromLogonIdW
ServerLicensingOpenW
WinStationFreeGAPMemory
WinStationReset
WinStationOpenServerW
WinStationEnumerateW
ServerLicensingGetAvailablePolicyIds
WinStationFreeMemory

advapi32

InitializeSecurityDescriptor
RegDeleteKeyW
RegDeleteKeyA
GetTraceEnableFlags
AddUsersToEncryptedFile
LsaRemoveAccountRights
GetSidSubAuthorityCount
LsaSetSystemAccessAccount
RegCreateKeyW
GetSidLengthRequired
RegReplaceKeyA
RegCreateKeyExW
MapGenericMask
RegEnumValueW
OpenEventLogW
GetSidSubAuthority
RevertToSelf
ConvertSidToStringSidA

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 156KB - Virtual size: 207KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 118KB - Virtual size: 223KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 112KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 131KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 69KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 142B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

98b7774bbda083d59cabb3cd2f6355a8

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

rpcrt4

uxtheme

winsta

advapi32

Sections

.text Size: 9KB - Virtual size: 9KB

.rdata Size: 156KB - Virtual size: 207KB

.data Size: 118KB - Virtual size: 223KB

.pdata Size: 112KB - Virtual size: 163KB

.idata Size: 131KB - Virtual size: 173KB

.data1 Size: 69KB - Virtual size: 148KB

.reloc Size: 512B - Virtual size: 142B

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 156KB - Virtual size: 207KB

.data
Size: 118KB - Virtual size: 223KB

.pdata
Size: 112KB - Virtual size: 163KB

.idata
Size: 131KB - Virtual size: 173KB

.data1
Size: 69KB - Virtual size: 148KB

.reloc
Size: 512B - Virtual size: 142B