ef57f8d8a632b8cf2b89021e2a7be68e[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

ef57f8d8a632b8cf2b89021e2a7be68e.exe
Size

185KB
MD5

ef57f8d8a632b8cf2b89021e2a7be68e
SHA1

06fbf5fb5ae8e307e2016a4c4720e87f53179b56
SHA256

504eeed5061605b464f6dd44aa72d78efaed7d8ec0704d6db6595c977b7dd68a
SHA512

5b8446440628b10e38ced3ff2ad7f6fe81fe30b0f42687cf9b7e853986279a1bfec29ac6fe19b6159062a38227762da6b5cd1c5985101d07fa255980fc77474a
SSDEEP

3072:Lm1ReRExqa3HodDUMTW3FCh3tnigcQnbMbAvmppijpV:kReREl34DhqoJigcpbUpV

Score

1^/10

Malware Config

Signatures

Files

ef57f8d8a632b8cf2b89021e2a7be68e.exe
.exe windows x64

f37a61d96b690f7b944e7449374d4371

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

WaitForMultipleObjects
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
LoadLibraryW
GetProcAddress
InitializeCriticalSectionAndSpinCount
CreateProcessW
FindFirstFileW
FindNextFileW
FindClose
GetDiskFreeSpaceExW
GetDriveTypeW
GetModuleHandleA
SetFileAttributesW
GetCurrentProcessId
SetFilePointer
LocalAlloc
GlobalSize
GetLocalTime
GlobalLock
ExitProcess
LocalReAlloc
GlobalUnlock
DeleteFileW
GetSystemInfo
GetComputerNameW
IsWow64Process
TerminateProcess
K32GetProcessMemoryInfo
GetPriorityClass
GetModuleHandleW
LocalFree
GetStartupInfoW
CreatePipe
PeekNamedPipe
DisconnectNamedPipe
TerminateThread
WideCharToMultiByte
lstrcmpiW
GetModuleHandleExW
EncodePointer
RtlUnwindEx
RaiseException
OutputDebugStringW
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
ResetEvent
EnterCriticalSection
GlobalFree
MoveFileW
K32EnumProcessModules
Process32FirstW
lstrcpyA
GlobalAlloc
lstrcatW
Process32NextW
GetTickCount64
CreateToolhelp32Snapshot
GetLogicalDriveStringsW
OpenProcess
lstrcatA
GetSystemDirectoryW
K32GetProcessImageFileNameW
GetCurrentThreadId
CreateFileW
lstrlenA
QueryDosDeviceA
K32GetProcessImageFileNameA
WriteFile
lstrlenW
GetCurrentProcess
GetVolumeInformationW
VirtualFree
QueryDosDeviceW
lstrcmpiA
lstrcpyW
FreeLibrary
GetFileSize
MoveFileExW
GetWindowsDirectoryW
GetLogicalDriveStringsA
VirtualProtect
CloseHandle
ReadFile
SetEvent
GetLastError
Sleep
CreateEventW
WaitForSingleObject
CancelIo
VirtualAlloc
GlobalMemoryStatusEx

user32

SetWindowLongPtrW
CreateWindowExW
CallNextHookEx
GetAsyncKeyState
OpenClipboard
GetKeyState
CloseClipboard
ExitWindowsEx
GetWindowTextA
GetRawInputData
GetForegroundWindow
UnhookWindowsHookEx
DefWindowProcW
GetMessageW
DispatchMessageW
GetCursorPos
wsprintfW
SystemParametersInfoW
OpenInputDesktop
GetDesktopWindow
LoadCursorW
GetCursorInfo
DestroyCursor
GetSystemMetrics
SendMessageW
GetWindowThreadProcessId
CloseDesktop
wsprintfA
GetThreadDesktop
SetThreadDesktop
SetRect
IntersectRect
CopyRect
GetMonitorInfoW
OffsetRect
UnionRect
EqualRect
ReleaseDC
GetDC
mouse_event
BlockInput
keybd_event
MapVirtualKeyW
SetWindowsHookExW
GetUserObjectInformationW
TranslateMessage
GetClipboardData
RegisterRawInputDevices

gdi32

CreateCompatibleBitmap
SelectObject
CreateDIBSection
CreateCompatibleDC
GetDIBits
DeleteObject
GetDeviceCaps
DeleteDC
BitBlt

advapi32

OpenSCManagerW
OpenProcessToken
StartServiceW
RegOpenKeyExW
OpenServiceW
LookupAccountSidW
RegQueryValueExW
GetTokenInformation
CloseServiceHandle
RegCloseKey
AdjustTokenPrivileges
LookupPrivilegeValueW
DeleteService
RegEnumValueW
RegEnumKeyExW
EnumServicesStatusW
QueryServiceConfig2W
ChangeServiceConfigW
QueryServiceConfigW
ControlService
LockServiceDatabase
UnlockServiceDatabase
QueryServiceStatus

shell32

ShellExecuteW
SHFileOperationW

ole32

CoInitializeEx
CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

VariantClear
VariantInit

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW
WTSEnumerateSessionsW

ws2_32

WSACleanup
gethostname
inet_ntoa
WSAStartup
WSAEventSelect
send
socket
select
WSAWaitForMultipleEvents
recv
closesocket
WSAEnumNetworkEvents
htons
WSACreateEvent
setsockopt
getaddrinfo
WSAGetLastError
WSASend
connect
gethostbyname

iphlpapi

GetExtendedUdpTable
GetExtendedTcpTable

winmm

timeGetTime

gdiplus

GdipCloneImage
GdiplusShutdown
GdipFree
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipCreateBitmapFromScan0
GdipDrawImageI
GdiplusStartup
GdipDisposeImage
GdipAlloc

msvcrt

_msize
_XcptFilter
__set_app_type
_acmdln
_fmode
?_set_new_mode@@YAHH@Z
_commode
?terminate@@YAXXZ
realloc
_initterm
_callnewh
_errno
wcsncmp
strncmp
_beginthreadex
malloc
free
abort
__DestructExceptionObject
_amsg_exit
memmove
memset
memcpy
_CxxThrowException
__C_specific_handler
wcsstr
__getmainargs
__CxxFrameHandler
_ismbblead
ceil

Sections

.text
Size: 138KB - Virtual size: 138KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 776KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f37a61d96b690f7b944e7449374d4371

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

wtsapi32

ws2_32

iphlpapi

winmm

gdiplus

msvcrt

Sections

.text Size: 138KB - Virtual size: 138KB

.rdata Size: 36KB - Virtual size: 36KB

.data Size: 3KB - Virtual size: 776KB

.pdata Size: 5KB - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 512B - Virtual size: 360B

.text
Size: 138KB - Virtual size: 138KB

.rdata
Size: 36KB - Virtual size: 36KB

.data
Size: 3KB - Virtual size: 776KB

.pdata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 360B