c4b69c58143a792ab0b2fbd804e9dc701f0ff40369fcce36dd382e80922aa1b2

Sharing

Copy URL Twitter E-mail

General

Target

c4b69c58143a792ab0b2fbd804e9dc701f0ff40369fcce36dd382e80922aa1b2
Size

269KB
MD5

5d8c0b3aecc18472dd1e820523b24550
SHA1

0def529d21ac74f1581a3b9d340cbb80164c29d4
SHA256

c4b69c58143a792ab0b2fbd804e9dc701f0ff40369fcce36dd382e80922aa1b2
SHA512

91bbb4314ef836246571d598f9a21983399e0cdfad3e58d915e24d5d12321444872b18559ac7f4420cd9e5dac9498d8838ae26397943015d6de651e195070d04
SSDEEP

6144:F4FrZoontRQNXHn0Hws8XPQ8M8QtMb7z3HS+jT7Bv:FE1tRQNXHn0HwsyIhnkr7jfF

Score

N/A

Malware Config

Signatures

Files

c4b69c58143a792ab0b2fbd804e9dc701f0ff40369fcce36dd382e80922aa1b2
.dll windows x86

ac83d849bd2257b6a88e9832139b7f29

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

NtQueryInformationProcess
NtQueryObject
RtlUnwind
RtlZeroMemory

psapi

EnumProcessModules
GetProcessImageFileNameA
GetModuleFileNameExA

kernel32

DeleteFileA
DeleteTimerQueueTimer
DuplicateHandle
ExitProcess
ExitThread
FindClose
FindFirstFileA
FindNextFileA
FindResourceA
FlushFileBuffers
FormatMessageA
FreeLibrary
GetComputerNameA
GetCurrentProcess
GetCurrentProcessId
GetDateFormatA
GetEnvironmentStringsA
GetEnvironmentVariableA
GetExitCodeProcess
GetExitCodeThread
GetFileTime
GetLastError
GetLocalTime
GetModuleFileNameA
GetProcAddress
GetProcessHeap
GetSystemDirectoryA
CloseHandle
GetTempPathA
GetTickCount
GetTimeFormatA
GetVersionExA
GlobalLock
GlobalUnlock
HeapAlloc
HeapFree
LoadLibraryA
CopyFileA
LoadResource
LocalFree
LockResource
MultiByteToWideChar
OpenEventA
OpenMutexA
Process32First
Process32Next
ProcessIdToSessionId
QueryDosDeviceA
CreateDirectoryA
ReadFile
ReadProcessMemory
CreateFileA
SetFilePointer
SetFileTime
SizeofResource
Sleep
SystemTimeToFileTime
TerminateProcess
TerminateThread
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteFile
CreateMutexA
CreateProcessA
CreateThread
CreateTimerQueueTimer
CreateToolhelp32Snapshot

user32

GetWindowTextA
GetWindowThreadProcessId
GetClipboardSequenceNumber
GetForegroundWindow
GetMessageA
OpenInputDesktop
SetThreadDesktop
CloseDesktop
PeekMessageA
OpenWindowStationA
CloseWindowStation
SetProcessWindowStation
TranslateMessage
GetUserObjectInformationA
DispatchMessageA
GetKeyboardLayout
RegisterClassExA
PostMessageA
GetRawInputData
RegisterRawInputDevices
PostQuitMessage
CreateWindowExA
DestroyWindow
DefWindowProcA

advapi32

LookupAccountSidA
LookupPrivilegeValueA
ChangeServiceConfigA
CloseServiceHandle
CreateServiceA
DeleteService
OpenSCManagerA
OpenServiceA
StartServiceA
LsaClose
LsaOpenPolicy
LsaQueryInformationPolicy
OpenProcessToken
GetTokenInformation
AdjustTokenPrivileges
RegDeleteValueA
RegEnumValueA
RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetKeySecurity
RegSetValueExA
InitiateSystemShutdownA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl

crtdll

_fdopen
_iob
_itoa
_makepath
_open_osfhandle
_sleep
_snprintf
_splitpath
_strdup
_stricmp
_strlwr
_strnicmp
atoi
fclose
feof
fopen
fputc
fread
free
_cexit
localeconv
malloc
memcmp
memcpy
memmove
memset
pow
raise
rand
realloc
setbuf
strcat
strchr
strcmp
strncpy
strpbrk
strrchr
strstr
strtol
wcslen
wcsncpy
wctomb

Exports

Exports

CTF
CTFInit
CTFInits
CTFInitw
CTFStart
CTFTo
DS
Extract
LibMain

Sections

.text
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 84B - Virtual size: 84B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE

.edata
Size: 248B - Virtual size: 248B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ac83d849bd2257b6a88e9832139b7f29

Headers

File Characteristics

Imports

ntdll

psapi

kernel32

user32

advapi32

crtdll

Exports

Exports

Sections

.text Size: 72KB - Virtual size: 72KB

.bss Size: - Virtual size: 5KB

.rdata Size: 84B - Virtual size: 84B

.data Size: 15KB - Virtual size: 15KB

.idata Size: 5KB - Virtual size: 5KB

.rsrc Size: 27KB - Virtual size: 27KB

.reloc Size: 3KB - Virtual size: 3KB

.edata Size: 248B - Virtual size: 248B

.text
Size: 72KB - Virtual size: 72KB

.bss
Size: - Virtual size: 5KB

.rdata
Size: 84B - Virtual size: 84B

.data
Size: 15KB - Virtual size: 15KB

.idata
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 27KB - Virtual size: 27KB

.reloc
Size: 3KB - Virtual size: 3KB

.edata
Size: 248B - Virtual size: 248B