4064359b83138024ea3df2897a2aeb964d64ee7bd05766c41aca8af4fa3c7684

Sharing

Copy URL

Twitter E-mail

General

Target

4064359b83138024ea3df2897a2aeb964d64ee7bd05766c41aca8af4fa3c7684
Size

732KB
MD5

cf1a4cb2ba775427fd7b561cf0b0e047
SHA1

d0f0a40ad99e7f3e94494b0629479056b5815d87
SHA256

4064359b83138024ea3df2897a2aeb964d64ee7bd05766c41aca8af4fa3c7684
SHA512

25c53c67d018232a2184910db5be2625b3bed17b3e8c964529d44b02183f8316188c55a9c0c828a1b364ad832154b8cc85fd626c32aaa68942f64e3513c92be6
SSDEEP

12288:gnOByNSugkV6VqrRr0GB/PMGBpjZBMoL7kZiL7k7V91vu:KrRr0GB3FptBMNZiLoZu

Score

1^/10

Malware Config

Signatures

Files

4064359b83138024ea3df2897a2aeb964d64ee7bd05766c41aca8af4fa3c7684
.exe windows x86

6bae80f85016f6bdbc15b43ed703f5b3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateProcessW
LoadLibraryExW
VerSetConditionMask
WaitForSingleObject
GetSystemDefaultLCID
InitializeCriticalSection
LeaveCriticalSection
TerminateProcess
ReadFile
CreateFileW
VerifyVersionInfoW
GetLastError
EnterCriticalSection
DeviceIoControl
lstrcmpiW
GetCurrentThreadId
CloseHandle
GetCurrentProcessId
GetSystemTime
CreateThread
CreateMutexW
GetTickCount
OpenMutexW
ReleaseMutex
DeleteFileW
GetLocalTime
GetEnvironmentVariableW
CreateDirectoryW
GetVersionExW
GetWindowsDirectoryW
DeleteFileA
CopyFileA
GetWindowsDirectoryA
SystemTimeToFileTime
CreateEventW
SetEvent
HeapLock
OpenThread
HeapUnlock
GetFileSizeEx
OutputDebugStringW
DeleteCriticalSection
LockResource
GlobalFree
GetProcAddress
lstrlenW
MultiByteToWideChar
GetModuleFileNameW
lstrcpynW
SizeofResource
Sleep
WideCharToMultiByte
GetSystemDirectoryW
GlobalAlloc
GetModuleHandleW
GetCurrentProcess
SetUnhandledExceptionFilter
LoadResource
FreeLibrary
FindResourceW
SetFilePointerEx
LocalFileTimeToFileTime
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
SetStdHandle
CreateFileA
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetModuleHandleA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
lstrlenA
QueryPerformanceCounter
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
GetDateFormatA
GetTimeFormatA
SetFilePointer
GetStartupInfoA
GetFileType
SetHandleCount
GetModuleFileNameA
GetStdHandle
WriteFile
VirtualFree
HeapCreate
IsValidCodePage
GetOEMCP
GetACP
FindResourceExW
HeapWalk
ExitProcess
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
RaiseException
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
UnhandledExceptionFilter
IsDebuggerPresent
VirtualAlloc
GetSystemTimeAsFileTime
GetCPInfo
ExitThread
GetStartupInfoW
RtlUnwind
LCMapStringA
LCMapStringW
GetStringTypeW

user32

RegisterWindowMessageW
SendMessageW
FindWindowW
PostMessageW

advapi32

RegEnumKeyExW
RegOpenKeyExW
RegDeleteValueW
RegEnumValueW
ReadEventLogA
LsaClose
LsaFreeMemory
LsaSetInformationPolicy
LsaQueryInformationPolicy
LsaOpenPolicy
CloseEventLog
ReadEventLogW
QueryServiceStatus
RegQueryValueExW
RegCreateKeyExW
OpenServiceW
OpenEventLogW
OpenSCManagerW
CloseServiceHandle
RegCloseKey
RegQueryValueExA

shell32

SHGetSpecialFolderPathW
SHGetSpecialFolderPathA

ole32

CoUninitialize
CoInitializeEx
CoCreateInstance

oleaut32

SysStringLen
SysFreeString
SysAllocStringLen
VarBstrCmp
SysAllocString

shlwapi

PathRemoveFileSpecW
SHDeleteValueW
PathFileExistsW
PathAppendW
SHSetValueW
PathCombineW
SHGetValueW
PathQuoteSpacesW
PathAppendA
PathFileExistsA

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

dbghelp

MiniDumpWriteDump
MakeSureDirectoryPathExists

Sections

.text
Size: 374KB - Virtual size: 373KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

lnplw
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

hrnbh
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

jmssn
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pxetv
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

wtnnd
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

eaqgk
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

txtxq
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

tvvqx
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

vlikf
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

gacfm
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

oxxct
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sqnuc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

kfwoik
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

tgtjpl
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

iiwewl
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pxoxem
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

mwqsln
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

gdhmsn
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

jdjkbo
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

gkwhhp
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

hdccop
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

friuvq
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

xtqqer
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sngkkr
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

qxhkrs
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

iiwqbt
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

acjaju
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

rsetqu
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

vjkpxv
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ewtlfw
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

acvgmw
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

uquetx
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

npsxca
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

bqehkb
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

idrlrb
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

rsehac
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

mkkdhd
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

opucod
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

fwobve
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

tekuef
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

obtslf
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

bjppsg
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

reosbh
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

gmgrii
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

mngtqi
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

crimbj
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

gmgrl
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6bae80f85016f6bdbc15b43ed703f5b3

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

version

dbghelp

Sections

.text Size: 374KB - Virtual size: 373KB

.rdata Size: 54KB - Virtual size: 54KB

.data Size: 9KB - Virtual size: 20KB

.rsrc Size: 46KB - Virtual size: 46KB

.reloc Size: 22KB - Virtual size: 21KB

lnplw Size: 4KB - Virtual size: 4KB

hrnbh Size: 4KB - Virtual size: 4KB

jmssn Size: 4KB - Virtual size: 4KB

pxetv Size: 4KB - Virtual size: 4KB

wtnnd Size: 4KB - Virtual size: 4KB

eaqgk Size: 4KB - Virtual size: 4KB

txtxq Size: 4KB - Virtual size: 4KB

tvvqx Size: 4KB - Virtual size: 4KB

vlikf Size: 4KB - Virtual size: 4KB

gacfm Size: 4KB - Virtual size: 4KB

oxxct Size: 4KB - Virtual size: 4KB

sqnuc Size: 4KB - Virtual size: 4KB

kfwoik Size: 4KB - Virtual size: 4KB

tgtjpl Size: 4KB - Virtual size: 4KB

iiwewl Size: 4KB - Virtual size: 4KB

pxoxem Size: 4KB - Virtual size: 4KB

mwqsln Size: 4KB - Virtual size: 4KB

gdhmsn Size: 4KB - Virtual size: 4KB

jdjkbo Size: 4KB - Virtual size: 4KB

gkwhhp Size: 4KB - Virtual size: 4KB

hdccop Size: 4KB - Virtual size: 4KB

friuvq Size: 4KB - Virtual size: 4KB

xtqqer Size: 4KB - Virtual size: 4KB

sngkkr Size: 4KB - Virtual size: 4KB

qxhkrs Size: 4KB - Virtual size: 4KB

iiwqbt Size: 4KB - Virtual size: 4KB

acjaju Size: 4KB - Virtual size: 4KB

rsetqu Size: 4KB - Virtual size: 4KB

vjkpxv Size: 4KB - Virtual size: 4KB

ewtlfw Size: 4KB - Virtual size: 4KB

acvgmw Size: 4KB - Virtual size: 4KB

uquetx Size: 4KB - Virtual size: 4KB

npsxca Size: 4KB - Virtual size: 4KB

bqehkb Size: 4KB - Virtual size: 4KB

idrlrb Size: 4KB - Virtual size: 4KB

rsehac Size: 4KB - Virtual size: 4KB

mkkdhd Size: 4KB - Virtual size: 4KB

opucod Size: 4KB - Virtual size: 4KB

fwobve Size: 4KB - Virtual size: 4KB

tekuef Size: 4KB - Virtual size: 4KB

obtslf Size: 4KB - Virtual size: 4KB

bjppsg Size: 4KB - Virtual size: 4KB

reosbh Size: 4KB - Virtual size: 4KB

gmgrii Size: 4KB - Virtual size: 4KB

mngtqi Size: 4KB - Virtual size: 4KB

crimbj Size: 4KB - Virtual size: 4KB

gmgrl Size: 4KB - Virtual size: 4KB

.text
Size: 374KB - Virtual size: 373KB

.rdata
Size: 54KB - Virtual size: 54KB

.data
Size: 9KB - Virtual size: 20KB

.rsrc
Size: 46KB - Virtual size: 46KB

.reloc
Size: 22KB - Virtual size: 21KB

lnplw
Size: 4KB - Virtual size: 4KB

hrnbh
Size: 4KB - Virtual size: 4KB

jmssn
Size: 4KB - Virtual size: 4KB

pxetv
Size: 4KB - Virtual size: 4KB

wtnnd
Size: 4KB - Virtual size: 4KB

eaqgk
Size: 4KB - Virtual size: 4KB

txtxq
Size: 4KB - Virtual size: 4KB

tvvqx
Size: 4KB - Virtual size: 4KB

vlikf
Size: 4KB - Virtual size: 4KB

gacfm
Size: 4KB - Virtual size: 4KB

oxxct
Size: 4KB - Virtual size: 4KB

sqnuc
Size: 4KB - Virtual size: 4KB

kfwoik
Size: 4KB - Virtual size: 4KB

tgtjpl
Size: 4KB - Virtual size: 4KB

iiwewl
Size: 4KB - Virtual size: 4KB

pxoxem
Size: 4KB - Virtual size: 4KB

mwqsln
Size: 4KB - Virtual size: 4KB

gdhmsn
Size: 4KB - Virtual size: 4KB

jdjkbo
Size: 4KB - Virtual size: 4KB

gkwhhp
Size: 4KB - Virtual size: 4KB

hdccop
Size: 4KB - Virtual size: 4KB

friuvq
Size: 4KB - Virtual size: 4KB

xtqqer
Size: 4KB - Virtual size: 4KB

sngkkr
Size: 4KB - Virtual size: 4KB

qxhkrs
Size: 4KB - Virtual size: 4KB

iiwqbt
Size: 4KB - Virtual size: 4KB

acjaju
Size: 4KB - Virtual size: 4KB

rsetqu
Size: 4KB - Virtual size: 4KB

vjkpxv
Size: 4KB - Virtual size: 4KB

ewtlfw
Size: 4KB - Virtual size: 4KB

acvgmw
Size: 4KB - Virtual size: 4KB

uquetx
Size: 4KB - Virtual size: 4KB

npsxca
Size: 4KB - Virtual size: 4KB

bqehkb
Size: 4KB - Virtual size: 4KB

idrlrb
Size: 4KB - Virtual size: 4KB

rsehac
Size: 4KB - Virtual size: 4KB

mkkdhd
Size: 4KB - Virtual size: 4KB

opucod
Size: 4KB - Virtual size: 4KB

fwobve
Size: 4KB - Virtual size: 4KB

tekuef
Size: 4KB - Virtual size: 4KB

obtslf
Size: 4KB - Virtual size: 4KB

bjppsg
Size: 4KB - Virtual size: 4KB

reosbh
Size: 4KB - Virtual size: 4KB

gmgrii
Size: 4KB - Virtual size: 4KB

mngtqi
Size: 4KB - Virtual size: 4KB

crimbj
Size: 4KB - Virtual size: 4KB

gmgrl
Size: 4KB - Virtual size: 4KB