a2150e9a1d0769fa9de50fd2c7ca66b16cb7d8504d20e78e3577bc87f2e0f747

Sharing

Copy URL Twitter E-mail

General

Target

a2150e9a1d0769fa9de50fd2c7ca66b16cb7d8504d20e78e3577bc87f2e0f747
Size

325KB
MD5

10d77004c67664e03b58a8a5d8cef730
SHA1

2d3e1375d272342c85878c7f53723c8962771030
SHA256

a2150e9a1d0769fa9de50fd2c7ca66b16cb7d8504d20e78e3577bc87f2e0f747
SHA512

c0b44011b997a63d5f9191093eab4c4bc1b263666808bca7becca1c376a9ca1118496a64ccacf1a3794422e25213d6fd375436f7342942c2f91de51fef936f0e
SSDEEP

6144:1hP1HfV2gYRymyFEeGSjZfp0hjXuE7Cla6bl7cOhCVncpLqTcVljra4+lvDqZg:bPlXZFEJcE7KBt1hE0LAcrfsq

Score

N/A

Malware Config

Signatures

Files

a2150e9a1d0769fa9de50fd2c7ca66b16cb7d8504d20e78e3577bc87f2e0f747
.exe windows x86

546147d30b4fcdda21b312392c3e7045

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

userenv

RsopFileAccessCheck

gdi32

TranslateCharsetInfo
GetStockObject
SetViewportExtEx
SelectObject
SelectPalette
CreatePen
CreateFontW
LineTo
GetNearestColor
GetMapMode

dnsapi

DnsReplaceRecordSetW

mswsock

AcceptEx
GetAcceptExSockaddrs

ntdll

_wcsicmp
RtlUnicodeStringToAnsiString
RtlUnwind
NtQueryVirtualMemory
_chkstk
memmove
RtlUnicodeToMultiByteSize
RtlIsNameLegalDOS8Dot3
_vsnwprintf
NtAllocateVirtualMemory
wcslen
RtlInitUnicodeStringEx

kernel32

DeleteFileW
GlobalUnlock
lstrcmpW
InitializeCriticalSectionAndSpinCount
LocalReAlloc
GetModuleFileNameW
GetProcessVersion
LoadResource
lstrlenW
GetCurrentProcessId
LocalFree
SetUnhandledExceptionFilter
CloseHandle
LoadLibraryW
lstrlenA
GetVersionExA
LoadLibraryA
MultiByteToWideChar
FormatMessageW
FindResourceExW
GetACP
TerminateProcess
FreeLibraryAndExitThread
EnterCriticalSection
GetProcAddress
TlsFree
WideCharToMultiByte
SetLastError
QueryPerformanceCounter
TlsAlloc
FindResourceA
GetSystemDefaultUILanguage
lstrcpyA
GetLastError
GlobalReAlloc
CreateThread
lstrcpynW
GetModuleHandleW
FreeLibrary
ResetEvent
GetLocaleInfoW
InterlockedIncrement
FindNextFileW
SetErrorMode
GetFullPathNameW
LocalAlloc
lstrcpyW
CreateFileW
DelayLoadFailureHook
GetSystemTimeAsFileTime
GlobalLock
MulDiv
GetTickCount
GetCurrentDirectoryW
FreeResource
DeleteCriticalSection
GetUserDefaultLCID
FindClose
InterlockedCompareExchange
LocalSize
GetCurrentProcess
FindFirstFileW
GetTempFileNameW
TlsGetValue
GetCurrentThreadId
GetDriveTypeW
LeaveCriticalSection
InterlockedExchange
GetModuleHandleA
CreateEventW
GetFileAttributesW
UnhandledExceptionFilter
TlsSetValue
DisableThreadLibraryCalls
GlobalAlloc
lstrcmpiW
GetProfileStringW
GlobalFree
WaitForSingleObject
SetCurrentDirectoryW
FindResourceW
InterlockedDecrement
LockResource
SizeofResource
ExpandEnvironmentStringsW
GetShortPathNameW
SetEvent
GetVolumeInformationW

rpcrt4

I_RpcExceptionFilter
RpcBindingSetAuthInfoExW
RpcBindingFromStringBindingW
RpcEpResolveBinding
NdrClientCall2
RpcBindingFree
RpcStringBindingComposeW
RpcStringFreeW

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 196KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

546147d30b4fcdda21b312392c3e7045

Headers

DLL Characteristics

File Characteristics

Imports

userenv

gdi32

dnsapi

mswsock

ntdll

kernel32

rpcrt4

Sections

.text Size: 7KB - Virtual size: 7KB

.data Size: 3KB - Virtual size: 1.4MB

.rdata Size: 196KB - Virtual size: 196KB

.rsrc Size: 116KB - Virtual size: 115KB

.tls Size: 512B - Virtual size: 4KB

.text
Size: 7KB - Virtual size: 7KB

.data
Size: 3KB - Virtual size: 1.4MB

.rdata
Size: 196KB - Virtual size: 196KB

.rsrc
Size: 116KB - Virtual size: 115KB

.tls
Size: 512B - Virtual size: 4KB