b9604d8e7f97697d8f24c1b73bf5ce60adc9c35114c1d0d1b064fcef984f2dfd

Sharing

Copy URL Twitter E-mail

General

Target

b9604d8e7f97697d8f24c1b73bf5ce60adc9c35114c1d0d1b064fcef984f2dfd
Size

176KB
MD5

42067cc7a7bf2fefb2e5b373ee601eb3
SHA1

90d3693ce38f1bf35746817b78005ef4e92e54de
SHA256

b9604d8e7f97697d8f24c1b73bf5ce60adc9c35114c1d0d1b064fcef984f2dfd
SHA512

27e043efd1a469f2e4d3917e8d63a548bb26de711f167a8932dce7154c136dcf627b6c1917d1a3f8c5c4913a2315aac6f0fab66144e237b43389a25209f7d5fa
SSDEEP

3072:wJH/QxwaVSwPzOwFfFx/5KQ4rYY6owAr+3Rgv20U:O/3N66wZFvKhYdb3uv20

Score

N/A

Malware Config

Signatures

Files

b9604d8e7f97697d8f24c1b73bf5ce60adc9c35114c1d0d1b064fcef984f2dfd
.exe windows x86

2f9d8cdee56cd34698edccb282ec207d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_vsnwprintf
_errno
fmod
_localtime64
atol
malloc
__doserrno
_heapmin
_heapset
signal
__p__daylight
??_Gexception@@UAEPAXI@Z
_fpieee_flt
__p__pwctype
_futime64
_finite
_findfirsti64
_cexit
__crtGetLocaleInfoW
_getmaxstdio
__set_app_type
_inp
fgets
_set_error_mode
memcpy
wcsncpy
__RTtypeid
_mbsrchr
strxfrm
log
_mbsdec
perror
_atoldbl
_wspawnle
__p__winver
_lrotr
??_7bad_cast@@6B@
_putw
wcsxfrm
ceil
gmtime
wcsncmp
_i64toa
_mbsnccnt
_wcsrev
_toupper
??_E__non_rtti_object@@UAEPAXI@Z
_wexecvp
_mbsupr
__setlc_active
_c_exit
??0__non_rtti_object@@QAE@ABV0@@Z
_wcsicmp
_mbsspnp
_mbsrev
_ltoa
__mb_cur_max
__p__commode
strncpy
__p__winmajor
??_7exception@@6B@
strftime
_mbsdup
iswalnum
strspn
_wexecve
_CxxThrowException
_beep
_i64tow
_wtol
_wfindnexti64
is_wctype
_popen
wcstombs
_close
atoi
free
_loaddll
_cabs
__fpecode
clock
_winver
_ismbbpunct
_mbctype
putchar
strtol

comsvcs

DllGetClassObject
ComSvcsExceptionFilter
CosGetCallContext
ComSvcsLogError
MTSCreateActivity
DllCanUnloadNow
MiniDumpW
CoLoadServices
GetObjectContext
SafeRef
DllRegisterServer
DllUnregisterServer

kernel32

GlobalHandle
GetCommandLineW
GetCurrentProcess
FindResourceExW
TransactNamedPipe
lstrcpynW
TerminateProcess
VirtualAlloc
VirtualFreeEx
GetConsoleAliasesA
GetConsoleCP
lstrcmpiW
GetTimeFormatA
GlobalCompact
GetEnvironmentVariableW
OpenSemaphoreA

rnr20

NSPStartup

shlwapi

StrToIntW
SHDeleteEmptyKeyW
wnsprintfA
SHOpenRegStreamA
PathStripToRootA
PathMakePrettyA
PathAppendA
StrCpyW
StrCatBuffW
AssocQueryStringByKeyW
UrlCanonicalizeW
PathStripToRootW
SHRegWriteUSValueA
SHRegDuplicateHKey
PathCommonPrefixW
PathStripPathW
SHRegGetBoolUSValueA
PathCompactPathExW
IntlStrEqWorkerW
SHRegEnumUSKeyW
SHRegOpenUSKeyA
StrCmpIW
StrSpnW
SHEnumKeyExA
PathIsLFNFileSpecA
StrChrNIW
StrStrNIW

Sections

.text
Size: 4KB - Virtual size: 882B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 160KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 316B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2f9d8cdee56cd34698edccb282ec207d

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

comsvcs

kernel32

rnr20

shlwapi

Sections

.text Size: 4KB - Virtual size: 882B

.rdata Size: 160KB - Virtual size: 157KB

.data Size: 4KB - Virtual size: 316B

.reloc Size: 4KB - Virtual size: 68B

.text
Size: 4KB - Virtual size: 882B

.rdata
Size: 160KB - Virtual size: 157KB

.data
Size: 4KB - Virtual size: 316B

.reloc
Size: 4KB - Virtual size: 68B