511aa634e4335f32f7073fb3c317141c84fcf27fb7133fc647c2fa95fdad3488

Sharing

Copy URL Twitter E-mail

General

Target

511aa634e4335f32f7073fb3c317141c84fcf27fb7133fc647c2fa95fdad3488
Size

237KB
MD5

eb6082a41168c7265bb85ce1c0737d19
SHA1

c689874235fe79abeee011d47d1672881be4c073
SHA256

511aa634e4335f32f7073fb3c317141c84fcf27fb7133fc647c2fa95fdad3488
SHA512

f11dff3844fdf4eec2390046c1ae88720aa1ac6d0639d94895c1466b2b84c1137ada306a5d8ed17fbd23e99b51275f61c1dbaa91f8a0ecf03e4b8ffd422c5e9e
SSDEEP

6144:U18DSjifwi+0qCf8eF/p/uwONct43j92U9l5h:NRLb9pGHNu4B2U9l

Score

N/A

Malware Config

Signatures

Files

511aa634e4335f32f7073fb3c317141c84fcf27fb7133fc647c2fa95fdad3488
.exe windows x64

a79c1f224f30cbb9624db2a924cd99af

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mfc140u

ord4794
ord4800
ord4806
ord4788
ord4843
ord4776
ord1755
ord1734
ord1748
ord1722
ord1700
ord11940
ord11944
ord13513
ord3173
ord8926
ord10691
ord6729
ord11855
ord8656
ord14209
ord11625
ord3718
ord11771
ord8830
ord11415
ord11414
ord5451
ord9979
ord9975
ord9977
ord9978
ord9976
ord14360
ord2697
ord7913
ord3209
ord3212
ord13397
ord6000
ord3071
ord3307
ord3308
ord10163
ord11085
ord10704
ord8731
ord11813
ord6862
ord7241
ord469
ord1106
ord10665
ord8903
ord9942
ord5557
ord3728
ord4549
ord12341
ord12100
ord13023
ord2767
ord7395
ord2511
ord8093
ord13697
ord13468
ord2779
ord5408
ord5981
ord8772
ord3735
ord10713
ord10956
ord8888
ord12466
ord5376
ord12256
ord10941
ord9175
ord2662
ord12642
ord11775
ord3997
ord3947
ord14132
ord5196
ord5188
ord10122
ord10411
ord10827
ord10828
ord9054
ord11432
ord9670
ord7173
ord9840
ord7389
ord979
ord1446
ord11805
ord2303
ord3989
ord8917
ord2628
ord6630
ord8947
ord11902
ord11770
ord2698
ord13401
ord6002
ord8003
ord10965
ord10968
ord9200
ord9215
ord9205
ord9677
ord9682
ord9217
ord10807
ord10199
ord8614
ord8604
ord11435
ord10835
ord9739
ord6917
ord7252
ord547
ord1167
ord11789
ord8904
ord3811
ord5722
ord13351
ord8928
ord2510
ord4353
ord11863
ord3714
ord11763
ord7912
ord3081
ord8097
ord4872
ord4873
ord5917
ord12144
ord1768
ord7432
ord13360
ord5727
ord13358
ord5726
ord11121
ord5744
ord8521
ord9043
ord11492
ord11484
ord5189
ord3723
ord4443
ord11184
ord10093
ord3098
ord11486
ord8017
ord2048
ord10530
ord12219
ord5442
ord5441
ord14337
ord14165
ord11340
ord6767
ord10824
ord11338
ord11339
ord6768
ord5268
ord13653
ord1774
ord13652
ord11460
ord4726
ord770
ord1298
ord8313
ord11825
ord9265
ord4349
ord7037
ord2155
ord457
ord1094
ord528
ord1149
ord746
ord1284
ord7236
ord8990
ord3171
ord3124
ord8172
ord8441
ord4086
ord6361
ord3803
ord2187
ord2479
ord12448
ord4725
ord2176
ord4957
ord13269
ord5046
ord5047
ord11224
ord7785
ord13301
ord8969
ord7637
ord13199
ord7928
ord2222
ord6920
ord632
ord14129
ord2593
ord13759
ord13761
ord11857
ord878
ord1369
ord12706
ord4030
ord11061
ord3745
ord6247
ord2475
ord3089
ord4724
ord2749
ord8088
ord6466
ord12814
ord5845
ord11402
ord4817
ord4766
ord4751
ord4809
ord4856
ord4779
ord4831
ord4846
ord4791
ord4797
ord4803
ord4785
ord4840
ord4770
ord1752
ord1725
ord1747
ord1721
ord1699
ord8938
ord11890
ord14198
ord5143
ord7885
ord8016
ord7946
ord8036
ord2669
ord2649
ord5259
ord4245
ord3892
ord4633
ord13942
ord2061
ord12163
ord3218
ord8686
ord8631
ord13827
ord6077
ord8148
ord12674
ord8505
ord3043
ord14063
ord10778
ord3245
ord11020
ord1751
ord3985
ord2044
ord4918
ord4923
ord3045
ord6057
ord12891
ord11830
ord3877
ord2619
ord8497
ord13944
ord7857
ord13143
ord10851
ord8693
ord8647
ord3137
ord3263
ord2565
ord2090
ord10819
ord2978
ord8982
ord8688
ord10124
ord8653
ord12357
ord13150
ord3876
ord4367
ord10953
ord13927
ord3259
ord12506
ord8086
ord8174
ord12987
ord7773
ord7774
ord7802
ord12332
ord12297
ord6229
ord8388
ord8381
ord3484
ord789
ord8391
ord8392
ord8396
ord3702
ord12551
ord5630
ord5590
ord12991
ord4814
ord2647
ord12555
ord7631
ord14017
ord11904
ord8535
ord11056
ord10053
ord11579
ord8778
ord4853
ord2603
ord4040
ord4053
ord2215
ord1709
ord4782
ord9197
ord9202
ord9212
ord8554
ord4559
ord2071
ord4128
ord3237
ord9073
ord4229
ord8714
ord1961
ord13803
ord2606
ord8629
ord12649
ord8123
ord13884
ord6289
ord12798
ord4755
ord4745
ord1711
ord7886
ord8038
ord7921
ord6852
ord4988
ord5254
ord2640
ord4254
ord3908
ord8685
ord8630
ord13828
ord8136
ord12661
ord14062
ord11444
ord11010
ord2581
ord3971
ord3903
ord7855
ord8691
ord8648
ord13983
ord10818
ord2976
ord11173
ord9357
ord8645
ord3874
ord4365
ord13925
ord3074
ord3073
ord3247
ord7618
ord2632
ord13881
ord5256
ord2496
ord3533
ord3909
ord3894
ord14095
ord12942
ord8255
ord3044
ord13932
ord4041
ord2075
ord11417
ord13912
ord12997
ord2699
ord2721
ord11286
ord12820
ord11824
ord3029
ord8727
ord8842
ord8790
ord4455
ord8753
ord8328
ord2344
ord2365
ord9442
ord8690
ord11403
ord12627
ord12508
ord2915
ord6724
ord7910
ord7933
ord12883
ord4862
ord13522
ord11672
ord3293
ord3329
ord13657
ord3090
ord7255
ord2109
ord550
ord1169
ord622
ord1218
ord742
ord1280
ord767
ord1297
ord5549
ord8997
ord551
ord4268
ord8251
ord13767
ord4232

kernel32

GetLastError
OutputDebugStringW
LocalFree
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetProcAddress
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
CloseHandle
DeleteCriticalSection

user32

UpdateWindow
EnableWindow
ClientToScreen
GetParent
SetRectEmpty
LoadMenuW
GetSubMenu
SendMessageW
ScreenToClient
GetClientRect
InvalidateRect
GetWindowRect
InflateRect
GetSysColor
LoadBitmapW
IsChild
GetFocus
LoadImageW
GetSystemMetrics
RedrawWindow
IsIconic

gdi32

GetStockObject
CreateFontIndirectW
DeleteObject
GetObjectW

comctl32

InitCommonControlsEx
ImageList_AddMasked

oleaut32

SysAllocString
VariantClear

vcruntime140

__std_terminate
_purecall
memset
__C_specific_handler
__CxxFrameHandler3
__telemetry_main_invoke_trigger
__telemetry_main_return_trigger
__vcrt_InitializeCriticalSectionEx
_CxxThrowException

api-ms-win-crt-string-l1-1-0

wcscpy_s

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode

api-ms-win-crt-runtime-l1-1-0

_initterm_e
exit
_initterm
_get_wide_winmain_command_line
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_initialize_wide_environment
_exit
_initialize_onexit_table
_register_onexit_function
_crt_atexit
terminate
_set_app_type
_seh_filter_exe
_configure_wide_argv

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a79c1f224f30cbb9624db2a924cd99af

Headers

DLL Characteristics

File Characteristics

Imports

mfc140u

kernel32

user32

gdi32

comctl32

oleaut32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 42KB - Virtual size: 41KB

.rdata Size: 59KB - Virtual size: 58KB

.data Size: 2KB - Virtual size: 4KB

.pdata Size: 3KB - Virtual size: 2KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 123KB - Virtual size: 122KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 42KB - Virtual size: 41KB

.rdata
Size: 59KB - Virtual size: 58KB

.data
Size: 2KB - Virtual size: 4KB

.pdata
Size: 3KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 123KB - Virtual size: 122KB

.reloc
Size: 6KB - Virtual size: 5KB