85eb8303f0dd3fdcd123a7aa8fec3ef60d25e6c1aff64ff18aae42e9575c5ebb

Sharing

Copy URL Twitter E-mail

General

Target

85eb8303f0dd3fdcd123a7aa8fec3ef60d25e6c1aff64ff18aae42e9575c5ebb
Size

160KB
MD5

47c925c166cec84b6ce0c06fc3707e71
SHA1

c9268edff3014140ec0b25a78ad229ec99a42d72
SHA256

85eb8303f0dd3fdcd123a7aa8fec3ef60d25e6c1aff64ff18aae42e9575c5ebb
SHA512

3863e90a1313f71770906d46d0e3616b5863458a3e25c216ed097bb347d9073d1459573da37fcf13af58a921a623b9018472553e22f3302d05bff8012cb2767d
SSDEEP

3072:vUBdIZzdITHh2ZNIiRHvAo0V82xUDB8H6VjG7d3QMI8Szqd8:vUBdY0eaY2aU7t+1z

Score

N/A

Malware Config

Signatures

Files

85eb8303f0dd3fdcd123a7aa8fec3ef60d25e6c1aff64ff18aae42e9575c5ebb
.exe windows x86

75df42c054760785156cf360b6e7dee5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InitializeCriticalSectionEx
lstrlenW
RaiseException
VerifyVersionInfoW
GetLastError
GetProcAddress
HeapSize
DecodePointer
lstrcatW
DeleteCriticalSection
CloseHandle
DeleteFileW
LocalFree
SetFileAttributesW
lstrcpyW
SetUnhandledExceptionFilter
GetCurrentThreadId
GetCurrentProcessId
ConnectNamedPipe
CreateNamedPipeW
MultiByteToWideChar
FlushFileBuffers
WTSGetActiveConsoleSessionId
GetShortPathNameW
LCMapStringW
CreateThread
WaitForSingleObject
SetEvent
TerminateThread
CreateEventW
SetStdHandle
SetFilePointerEx
GetConsoleMode
GetConsoleCP
LoadLibraryExW
GetStringTypeW
FreeEnvironmentStringsW
lstrcmpW
CreateFileW
GetModuleFileNameW
ReadFile
WriteFile
GetProcessHeap
HeapFree
GetCurrentProcess
MoveFileExW
VerSetConditionMask
HeapAlloc
HeapReAlloc
GetFileSize
DisconnectNamedPipe
GetEnvironmentStringsW
QueryPerformanceCounter
GetModuleFileNameA
GetFileType
GetStdHandle
GetModuleHandleW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
Sleep
InitializeCriticalSectionAndSpinCount
UnhandledExceptionFilter
WideCharToMultiByte
GetModuleHandleExW
ExitProcess
SetLastError
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
RtlUnwind
GetCommandLineA
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
lstrcpyA
FindFirstFileW
WaitNamedPipeW
FindClose
SetNamedPipeHandleState
FindNextFileW
IsDebuggerPresent
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
WriteConsoleW

user32

ReleaseDC
GetDesktopWindow
GetDC

gdi32

EnumFontFamiliesW

advapi32

CreateProcessAsUserW
RegisterServiceCtrlHandlerW
SetServiceStatus
StartServiceCtrlDispatcherW
DuplicateTokenEx
RegCloseKey
RegOpenKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegQueryValueExW

shell32

ord75

ole32

CoInitialize
CoUninitialize
CLSIDFromString

shlwapi

PathFindFileNameW
StrChrW
PathFileExistsW
PathAppendW

wtsapi32

WTSQueryUserToken

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

Sections

.text
Size: 111KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

75df42c054760785156cf360b6e7dee5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

wtsapi32

userenv

Sections

.text Size: 111KB - Virtual size: 110KB

.rdata Size: 34KB - Virtual size: 34KB

.data Size: 5KB - Virtual size: 12KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 111KB - Virtual size: 110KB

.rdata
Size: 34KB - Virtual size: 34KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 7KB - Virtual size: 6KB