dc41bc4f4661cb086c4cee1dd73f6d392b61997e8488ab867c6573f09443c4ba

Sharing

Copy URL Twitter E-mail

General

Target

dc41bc4f4661cb086c4cee1dd73f6d392b61997e8488ab867c6573f09443c4ba
Size

86KB
MD5

a5867cb52d3785a1d1634c748e5ef0e8
SHA1

ef7bbfab8e7b297377289686c62f898db3a016db
SHA256

dc41bc4f4661cb086c4cee1dd73f6d392b61997e8488ab867c6573f09443c4ba
SHA512

c5bcdd58511101a5ada4393e9b7ccccdd636b927254d6b7cd9507c168260c6802d5070686892d4331126ccfbdc2567292a3470a082200de724cad5df3c681223
SSDEEP

1536:smpVzzFOsfGifVEOR5VbL5u8UkX6ko94iveMds5GU4SyW32F:soSUVbLBXEeMds5GU4S/i

Score

N/A

Malware Config

Signatures

Files

dc41bc4f4661cb086c4cee1dd73f6d392b61997e8488ab867c6573f09443c4ba
.exe windows x86

9381602a7ee2992ca4ff75c7b9905139

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentThread
GetCurrentProcess
FreeLibrary
LoadLibraryW
GetProcAddress
CloseHandle
WaitForSingleObject
ReleaseMutex
CreateMutexW
CreateDirectoryW
lstrlenW
Sleep
GetFileAttributesExW
GetLastError
GetModuleFileNameW
CreateFileA
ReadFile
GetProcessHeap
SetEndOfFile
GetStringTypeW
GetStringTypeA
LCMapStringW
HeapAlloc
HeapFree
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
RtlUnwind
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapSize
RaiseException
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
LoadLibraryA
SetStdHandle
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
MultiByteToWideChar
CreateFileW
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetFilePointer
LCMapStringA

user32

CharUpperW
CharNextW

advapi32

QueryServiceStatus
GetAce
AddAce
GetAclInformation
InitializeAcl
AddAccessAllowedAce
GetTokenInformation
OpenThreadToken
OpenProcessToken
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
IsValidSid
GetLengthSid
CopySid
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
StartServiceCtrlDispatcherW
RegSetValueExW
RegQueryValueExW
OpenSCManagerW
QueryServiceConfigW
OpenServiceW
ChangeServiceConfig2W
CreateServiceW
DeleteService
LockServiceDatabase
ControlService
StartServiceW
ChangeServiceConfigW
CloseServiceHandle
UnlockServiceDatabase
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW

shell32

SHGetSpecialFolderPathW

ole32

CoInitializeEx
CoInitializeSecurity
CoUninitialize

shlwapi

StrCatW
StrStrIW
StrRChrW

Sections

.text
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9381602a7ee2992ca4ff75c7b9905139

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

shlwapi

Sections

.text Size: 53KB - Virtual size: 53KB

.rdata Size: 18KB - Virtual size: 17KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 4KB - Virtual size: 4KB

.text
Size: 53KB - Virtual size: 53KB

.rdata
Size: 18KB - Virtual size: 17KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 4KB - Virtual size: 4KB