7b8694994a4e3c87ba0db5e6d1aeeac1611b3080112910a35e15e29fd407e778

Sharing

Copy URL

Twitter E-mail

General

Target

7b8694994a4e3c87ba0db5e6d1aeeac1611b3080112910a35e15e29fd407e778
Size

549KB
MD5

88a3bbabf02676f7547663dca922ac87
SHA1

f3bf5bbfdac1bff6b500ea1ee99cb73b758caf5e
SHA256

7b8694994a4e3c87ba0db5e6d1aeeac1611b3080112910a35e15e29fd407e778
SHA512

3fe49f7c43932497c3ef861fcb1c6ff70afd88b264c853f2c1812d2073a919c5d59c2f32ad30a492d850b4609f6add58775fc0357eeff3aa87baa08ae37f5b76
SSDEEP

12288:Egm5o84QWvnm8kTgFs4IQc/Rta2xXZgfxP9BoTq7qW:EuBugzIQc/52X+j

Score

1^/10

Malware Config

Signatures

Files

7b8694994a4e3c87ba0db5e6d1aeeac1611b3080112910a35e15e29fd407e778
.exe windows x64

29db7b89a79fa07bc0634cfe0eba5ddf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

??3@YAXPEAX@Z
_vsnwprintf
wcsncmp
wcsrchr
_errno
__dllonexit
wcschr
strcpy_s
_onexit
memcmp
__CxxFrameHandler3
?terminate@@YAXXZ
_commode
_fmode
__C_specific_handler
_initterm
strchr
__setusermatherr
_cexit
_exit
_wcsnicmp
exit
_unlock
wcscpy_s
_lock
wcscat_s
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
memcpy_s
sprintf_s
_vsnprintf
_wcslwr
wcsstr
strncmp
strncpy_s
strtol
_set_errno
??1exception@@UEAA@XZ
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBV0@@Z
_vsnprintf_s
malloc
_callnewh
_purecall
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
?what@exception@@UEBAPEBDXZ
_CxxThrowException
memcpy
memmove
_stricmp
_wcsicmp
??1type_info@@UEAA@XZ
memset

ntdll

RtlReleaseRelativeName
NtLoadKeyEx
RtlDosPathNameToRelativeNtPathName_U
RtlStringFromGUID
RtlRandomEx
RtlFreeSid
RtlAllocateAndInitializeSid
RtlNtStatusToDosError
RtlAdjustPrivilege
RtlImageDirectoryEntryToData
RtlVerifyVersionInfo
LdrResSearchResource
ZwMapViewOfSection
ZwUnmapViewOfSection
ZwQuerySystemInformation
RtlGetNativeSystemInformation
RtlUpcaseUnicodeChar
RtlAnsiStringToUnicodeString
RtlxAnsiStringToUnicodeSize
RtlInitString
EtwEventRegister
EtwEventWrite
EtwEventUnregister
NtQueryLicenseValue
ZwCreateSection
ZwQueryInformationFile
ZwCreateFile
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
ZwQueryValueKey
RtlInitUnicodeStringEx
ZwEnumerateKey
ZwOpenKey
RtlFreeUnicodeString
RtlInitUnicodeString
RtlDosPathNameToNtPathName_U_WithStatus
ZwClose
RtlLeaveCriticalSection
RtlFreeHeap
RtlInitializeCriticalSection
RtlMultiByteToUnicodeN
RtlInitAnsiString
RtlEnterCriticalSection
RtlReAllocateHeap
RtlEqualString
RtlAllocateHeap
RtlDeleteCriticalSection
WinSqmIsOptedInEx
NtCreateEvent
VerSetConditionMask
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

oleaut32

SysFreeString
SysStringLen
SysAllocString

rpcrt4

UuidCreate

ws2_32

gethostname
WSAGetLastError
getaddrinfo
freeaddrinfo
WSACleanup
WSAStartup

kernel32

IsDebuggerPresent
DebugBreak
LocalFree
CreateMutexExW
OpenSemaphoreW
WaitForSingleObjectEx
OutputDebugStringW
FormatMessageW
ReleaseMutex
GetModuleHandleExW
ReleaseSemaphore
SetLastError
CreateSemaphoreExW
GetModuleFileNameA
GetFileAttributesW
OutputDebugStringA
MoveFileExW
ExpandEnvironmentStringsW
CreateEventW
GetTickCount64
GetExitCodeProcess
CreateProcessW
HeapAlloc
GetProcessHeap
HeapFree
SystemTimeToFileTime
SetEvent
CloseHandle
WaitForSingleObject
LoadLibraryExW
GetLastError
VerifyVersionInfoW
TerminateProcess
SetWaitableTimer
EnterCriticalSection
CreateWaitableTimerW
LeaveCriticalSection
OpenWaitableTimerW
CreateSemaphoreW
FindClose
FindNextFileW
DeleteFileW
FindFirstFileW
GetFileSizeEx
GetSystemDirectoryW
UnhandledExceptionFilter
InitializeCriticalSectionEx
DeleteCriticalSection
GetTickCount
GetSystemWindowsDirectoryW
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
GetModuleFileNameW
WriteFile
GetSystemPowerStatus
Sleep
SetPriorityClass
FreeLibrary
GetCurrentProcess
QueryProcessCycleTime
GetProcAddress
LoadLibraryA
CreateFileW
GetSystemDirectoryA
lstrcmpA
GetSystemTimeAsFileTime

shlwapi

PathFindFileNameW
StrCmpNA

advapi32

RegOpenKeyExW
EventRegister
EventUnregister
StartServiceW
QueryServiceStatusEx
CloseServiceHandle
OpenServiceW
OpenSCManagerW
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteTreeW
RegEnumValueW
RegDeleteKeyValueW
RegCloseKey
RegSetKeyValueW
RegEnumKeyExW
RegGetValueW
EventWriteTransfer
SetEntriesInAclW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegSetKeySecurity
RegQueryInfoKeyW
RegSaveKeyExW
RegDeleteKeyExW
RegLoadAppKeyW
RegLoadKeyW
RegUnLoadKeyW
SetSecurityDescriptorOwner

ole32

CoCreateInstance
CoUninitialize
CoInitializeEx

Sections

.text
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 400KB - Virtual size: 740KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

29db7b89a79fa07bc0634cfe0eba5ddf

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ntdll

oleaut32

rpcrt4

ws2_32

kernel32

shlwapi

advapi32

ole32

Sections

.text Size: 97KB - Virtual size: 97KB

.rdata Size: 44KB - Virtual size: 43KB

.data Size: 1KB - Virtual size: 3KB

.pdata Size: 3KB - Virtual size: 3KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 400KB - Virtual size: 740KB

.text
Size: 97KB - Virtual size: 97KB

.rdata
Size: 44KB - Virtual size: 43KB

.data
Size: 1KB - Virtual size: 3KB

.pdata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 400KB - Virtual size: 740KB