c1f5e25f8cb74b6f940ee7eca5ee26b9594ee9eddb79b7c6badd651aab86f8e6

Sharing

Copy URL Twitter E-mail

General

Target

c1f5e25f8cb74b6f940ee7eca5ee26b9594ee9eddb79b7c6badd651aab86f8e6
Size

170KB
MD5

1bac8f515d1af731fad18d70b7eea5c0
SHA1

64b2e44ae895e924de0ee256d74a85130f120aad
SHA256

c1f5e25f8cb74b6f940ee7eca5ee26b9594ee9eddb79b7c6badd651aab86f8e6
SHA512

3495491bea4df16dc4196483438cd256ecf8664805172e188a2d9feece9a00fa922eeb7f68181cf9a47580ef6ef9b0888e525beba365ac27561399a031879c35
SSDEEP

3072:5ggEsQxOrv3X0b9dq9HbwP7psd40dEKdFV2axdlXJ9mY6C:DwOb3I9dFP7Y4BUFQAJnP

Score

N/A

Malware Config

Signatures

Files

c1f5e25f8cb74b6f940ee7eca5ee26b9594ee9eddb79b7c6badd651aab86f8e6
.exe windows x86

6fd2cfca5ec6de2dd7742ed57953bb59

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

netapi32

NetWkstaGetInfo
DsGetDcNameW
DsRoleGetPrimaryDomainInformation
NetApiBufferFree

user32

wsprintfA
CharNextW
LoadStringW
wsprintfW

ole32

OleRun
CLSIDFromProgID
CoTaskMemFree
CoSetProxyBlanket
CoCreateInstance
CoTaskMemRealloc
CLSIDFromString
CoGetDefaultContext

rtutils

TraceRegisterExW
TraceDeregisterW
TracePutsExA
TraceVprintfExA

kernel32

FreeLibrary
UnhandledExceptionFilter
LoadLibraryExW
lstrcatW
GetLastError
GetComputerNameExW
lstrcpynW
LeaveCriticalSection
MultiByteToWideChar
lstrlenW
Sleep
VirtualQuery
DisableThreadLibraryCalls
lstrcpyW
FormatMessageA
GetCurrentProcess
FindResourceW
QueryPerformanceCounter
TerminateProcess
DeleteCriticalSection
SizeofResource
SetLastError
lstrcmpW
GetCurrentProcessId
HeapDestroy
lstrlenA
GetComputerNameW
GetTempPathA
SleepEx
LoadResource
VirtualAlloc
GetModuleFileNameW
GetVersionExW
InterlockedIncrement
lstrcmpiW
GetCurrentThreadId
InitializeCriticalSection
GetTickCount
LocalFree
CreateThread
InterlockedExchange
GetSystemTimeAsFileTime
EnterCriticalSection
SetUnhandledExceptionFilter
QueueUserAPC

advapi32

RegQueryInfoKeyW
RegCreateKeyExW
RegDeleteValueW
OpenSCManagerW
RegQueryValueExW
StartServiceW
ControlService
CloseServiceHandle
RegConnectRegistryW
RegEnumKeyExW
RegOpenKeyExW
RegCloseKey
RegSetValueExW
OpenServiceW
QueryServiceStatus
RegDeleteKeyW

avifil32

EditStreamSetInfoA

Sections

.text
Size: 512B - Virtual size: 408B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 848KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6fd2cfca5ec6de2dd7742ed57953bb59

Headers

DLL Characteristics

File Characteristics

Imports

netapi32

user32

ole32

rtutils

kernel32

advapi32

avifil32

Sections

.text Size: 512B - Virtual size: 408B

.rdata Size: 15KB - Virtual size: 15KB

.rsrc Size: 148KB - Virtual size: 148KB

.data Size: 2KB - Virtual size: 848KB

.idata Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 28B

.text
Size: 512B - Virtual size: 408B

.rdata
Size: 15KB - Virtual size: 15KB

.rsrc
Size: 148KB - Virtual size: 148KB

.data
Size: 2KB - Virtual size: 848KB

.idata
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 28B