e3f31eabaa0b3bebe0c5152fc6097a8fbf1c6fd9e57d06fe8e9bd8860e8f07a6

Sharing

Copy URL Twitter E-mail

General

Target

e3f31eabaa0b3bebe0c5152fc6097a8fbf1c6fd9e57d06fe8e9bd8860e8f07a6
Size

3.6MB
MD5

9b6f294824032606cf709cfdd12ca825
SHA1

98b72985528e8ed897f9624e86280a5cdbd32fb5
SHA256

e3f31eabaa0b3bebe0c5152fc6097a8fbf1c6fd9e57d06fe8e9bd8860e8f07a6
SHA512

c24cec0b0dc79fa83f152205dbc221fe7976f450a526c0eda207c95cf7796828ba29e060f8d385a9732597a9a779df2087092cd204054f021974a31ffd4d77c7
SSDEEP

98304:8l+0tt98raX0IxcQm2T1HApHWy8bQDNGJId:/OEIS2TKxWnhId

Score

1^/10

Malware Config

Signatures

Files

e3f31eabaa0b3bebe0c5152fc6097a8fbf1c6fd9e57d06fe8e9bd8860e8f07a6
.exe windows x86

dce15200e62940927d3b8001b7966543

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadFile
VirtualQuery
CreateProcessW
GetExitCodeProcess
lstrcmpiW
GetTempFileNameW
VerifyVersionInfoW
CopyFileW
VerSetConditionMask
LocalFree
SetFilePointer
FindResourceW
LoadResource
FindResourceExW
DeleteFileW
LockResource
FormatMessageW
Sleep
WaitForSingleObject
GetTempPathW
RemoveDirectoryW
SizeofResource
CreateDirectoryW
RaiseException
DecodePointer
EncodePointer
WriteConsoleW
CloseHandle
CreateFileW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
HeapReAlloc
HeapSize
GetProcessHeap
LCMapStringW
GetStringTypeW
GetFileType
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
OutputDebugStringW
HeapAlloc
HeapFree
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
WriteFile
GetStdHandle
LoadLibraryExW
GetProcAddress
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetLastError
RtlUnwind
TerminateProcess
GetCurrentProcess
GetModuleHandleW
GetLocalTime
OutputDebugStringA
GetPrivateProfileIntW
GetPrivateProfileStringW
ReleaseMutex
lstrcmpW
lstrlenW
GetFileAttributesExW
CreateMutexW
InitializeCriticalSection
TryEnterCriticalSection
GetTickCount
lstrcpynW
MoveFileExW
GetEnvironmentVariableW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
HeapDestroy
QueryPerformanceCounter

ole32

CoInitializeEx
CoUninitialize

shell32

ShellExecuteExW
SHGetFolderPathW
ord680

user32

EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
wsprintfW
CharLowerW
wvsprintfW
CharLowerBuffW
MessageBoxW

shlwapi

PathQuoteSpacesW
PathCanonicalizeW
PathAppendW
PathRemoveFileSpecW
PathRemoveExtensionW
SHQueryValueExW
PathIsRelativeW
PathStripPathW

advapi32

SetSecurityDescriptorDacl
TraceEvent
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
MakeAbsoluteSD
InitializeSecurityDescriptor
GetAclInformation
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
SetNamedSecurityInfoW
InitializeAcl
AddAce
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
IsValidSid
CopySid
GetLengthSid
GetSecurityDescriptorLength
MakeSelfRelativeSD
GetSecurityDescriptorControl
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
RegQueryValueExW

Sections

.text
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 332B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dce15200e62940927d3b8001b7966543

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ole32

shell32

user32

shlwapi

advapi32

Sections

.text Size: 136KB - Virtual size: 135KB

.rdata Size: 59KB - Virtual size: 58KB

.data Size: 3KB - Virtual size: 9KB

.gfids Size: 512B - Virtual size: 332B

.rsrc Size: 1.2MB - Virtual size: 1.2MB

.reloc Size: 9KB - Virtual size: 8KB

.text
Size: 136KB - Virtual size: 135KB

.rdata
Size: 59KB - Virtual size: 58KB

.data
Size: 3KB - Virtual size: 9KB

.gfids
Size: 512B - Virtual size: 332B

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

.reloc
Size: 9KB - Virtual size: 8KB