0aafecb19baafb83968a3e9f5ded76d6dd431c696befc1b965c8c9a40c127464

Sharing

Copy URL

Twitter E-mail

General

Target

0aafecb19baafb83968a3e9f5ded76d6dd431c696befc1b965c8c9a40c127464
Size

42KB
MD5

d43c0be9954f53a39f0c6a3cde3de752
SHA1

c18f5f4457c205fd526a3a77df87489fb63f72a6
SHA256

0aafecb19baafb83968a3e9f5ded76d6dd431c696befc1b965c8c9a40c127464
SHA512

90b65c5fca1a3b90718f15348173a05a96184a69e9cea968ed09bc65eee90266911f74ae2b21f81b6ce659e2db5fca13c4f63588fa272a3576e3ca06fb77533d
SSDEEP

768:fCzVe0JZ0/A/yAMNn7zq+WRJbW8QBcJmtxo/pMBqqLmfwN:flA/S3WRY8YcgupMB1N

Score

N/A

Malware Config

Signatures

Files

0aafecb19baafb83968a3e9f5ded76d6dd431c696befc1b965c8c9a40c127464
.exe windows x86

a57cb9b08c10a8f5fb9070482bcecf64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
GetCommandLineW
FormatMessageA
FormatMessageW
LocalFree
GetLastError
CreateEventA
CloseHandle
SetLastError
LocalAlloc
SetEndOfFile
CreateFileW
SetFilePointer
CreateProcessW
SetHandleInformation
CreatePipe
GetExitCodeProcess
GetStdHandle
ExitThread
ReadFile
BackupWrite
WriteFile
DeviceIoControl
GetFileInformationByHandle
CompareFileTime
BackupRead
GetExitCodeThread
DuplicateHandle
WaitForSingleObjectEx
ResetEvent
ReadFileEx
Sleep
GetSystemInfo
SetEvent
SetConsoleCtrlHandler
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetCurrentProcess
WaitForSingleObject
GetConsoleScreenBufferInfo

user32

MessageBoxA
CharToOemA

msvcrt

_beginthreadex
fflush
malloc
memmove
wcscmp
wcslen
_wcsnicmp
fputs
wcstok
free
??2@YAPAXI@Z
strncat
_iob
fputws
fprintf
exit
??3@YAXPAX@Z
wcstoul
_snprintf
_wcsicmp

shell32

CommandLineToArgvW

advapi32

AdjustTokenPrivileges
OpenProcessToken
RegCloseKey
RegEnumValueW
RegOpenKeyW
LookupPrivilegeValueW

ntdll

RtlInitUnicodeString
NtSetInformationFile
RtlAppendUnicodeStringToString
RtlFreeOemString
RtlUnicodeStringToOemString
NtQueryInformationFile
NtQueryDirectoryFile
RtlAppendUnicodeToString
NtSaveKey
NtCreateKey
NtCreateFile
RtlInitAnsiString
RtlAnsiStringToUnicodeString
NtClose
RtlCreateUnicodeString
RtlDosPathNameToNtPathName_U
RtlFreeUnicodeString
NtOpenFile
RtlNtStatusToDosError
RtlCopyUnicodeString

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a57cb9b08c10a8f5fb9070482bcecf64

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

msvcrt

shell32

advapi32

ntdll

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 15KB - Virtual size: 14KB

.data Size: 512B - Virtual size: 360B

.rsrc Size: 1024B - Virtual size: 904B

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 15KB - Virtual size: 14KB

.data
Size: 512B - Virtual size: 360B

.rsrc
Size: 1024B - Virtual size: 904B