ba06673d3ab1b8c2bc7f2671f40db600c6f4e78d711c594288df38e708b4ff05

Sharing

Copy URL Twitter E-mail

General

Target

ba06673d3ab1b8c2bc7f2671f40db600c6f4e78d711c594288df38e708b4ff05
Size

199KB
MD5

3cfb8bc51015370f70e294e4e29f5f36
SHA1

077dd88a476e82f23b39d6a5ec31d15707ba8b03
SHA256

ba06673d3ab1b8c2bc7f2671f40db600c6f4e78d711c594288df38e708b4ff05
SHA512

546b96497a0e19d4aa107ab5fdbdb45f91f41129d96229543842409d7fbd47941cfa8894a989f0118a0fb04dc5c51ba45db1ef2f07223cc322e017be31c3e408
SSDEEP

3072:u7zHWhDdnaOTmnYW4WUqovPtfFv61pjZqFfiT+5AcGhzGNrvxkRGvDEGI:u7zHw4O6nBhUqkFfFSG/yzIrvxVrNI

Score

N/A

Malware Config

Signatures

Files

ba06673d3ab1b8c2bc7f2671f40db600c6f4e78d711c594288df38e708b4ff05
.exe windows x86

1f4312937f830f23a9d4c2c2f97bd3bb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_acmdln
_exit
_mbscmp
_mbsstr
__set_app_type
strstr
__p__commode
_access
_controlfp
_mbsicmp
_mbsupr
?terminate@@YAXXZ
_amsg_exit
memcpy
_cexit
__getmainargs
memmove
strtok
__setusermatherr
malloc
memset
__p__fmode
_ismbblead
_adjust_fdiv
exit
_getcwd
strchr
_initterm
_mbsinc
_XcptFilter
_mbschr

kernel32

lstrcpynA
WaitForSingleObject
CreateFileA
GetOEMCP
GetProcAddress
InterlockedExchange
GetCommandLineW
GetExitCodeProcess
SizeofResource
lstrcatA
GetWindowsDirectoryA
GetCurrentProcessId
FindClose
CreateDirectoryA
FindNextFileA
Sleep
lstrlenA
GetStartupInfoA
SetFilePointer
GetVersion
FindFirstFileA
GetCurrentProcess
GetSystemDirectoryA
QueryPerformanceCounter
InterlockedCompareExchange
DeleteFileA
GetCommandLineA
FreeLibrary
SetFileAttributesA
GetTickCount
CreateFileMappingA
GlobalAlloc
GetCurrentThreadId
GetSystemTimeAsFileTime
GetModuleHandleA
UnhandledExceptionFilter
lstrcpyA
CloseHandle
LoadLibraryA
SetUnhandledExceptionFilter
UnmapViewOfFile
GetFileType
GetShortPathNameA
RemoveDirectoryA
SetEndOfFile
MoveFileExA
MapViewOfFile
GetVersionExA
GetACP
TerminateProcess
GetLastError
GlobalFree
GetFileSize
CreateProcessA
VirtualProtect
GetPrivateProfileStringA

user32

wsprintfA
ExitWindowsEx
MessageBoxA
FindWindowA
SendMessageA
LoadStringA
LoadIconA

advapi32

OpenServiceA
RegOpenKeyExA
ControlService
EqualSid
RegEnumKeyExA
DeleteService
AllocateAndInitializeSid
CloseServiceHandle
GetTokenInformation
RegSetValueExA
FreeSid
RegQueryValueExA
OpenSCManagerA
RegDeleteValueA
OpenProcessToken
RegCloseKey
AdjustTokenPrivileges
LookupPrivilegeValueA
RegDeleteKeyA

setupapi

SetupDiGetClassDevsA
SetupDiCallClassInstaller
SetupDiOpenDevRegKey
SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInfo
SetupDiDeleteDeviceInfo

ntdll

RtlUnwind

Sections

.text
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 126KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1f4312937f830f23a9d4c2c2f97bd3bb

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

advapi32

setupapi

ntdll

Sections

.text Size: 65KB - Virtual size: 64KB

.rdata Size: 3KB - Virtual size: 11KB

.data Size: 126KB - Virtual size: 1.1MB

.rsrc Size: 4KB - Virtual size: 3KB

.text
Size: 65KB - Virtual size: 64KB

.rdata
Size: 3KB - Virtual size: 11KB

.data
Size: 126KB - Virtual size: 1.1MB

.rsrc
Size: 4KB - Virtual size: 3KB