e9ec6be50981eafd643961ad90a13f1d6527a21bb47c382d2458b6ce5f0f3c07

Sharing

Copy URL Twitter E-mail

General

Target

e9ec6be50981eafd643961ad90a13f1d6527a21bb47c382d2458b6ce5f0f3c07
Size

336KB
MD5

3012a06e8131d2a40e0563bec238ec5e
SHA1

b34dbe30ad7ec7d72204e495798a67a4be721338
SHA256

e9ec6be50981eafd643961ad90a13f1d6527a21bb47c382d2458b6ce5f0f3c07
SHA512

b7e7dd07405301738566312472a8bcdfbbea1c3b1309a6db67b34460bf68ab5e5d007efb0cbe235fa6bee20066660f260ad882f831e1bcbc0cd40a69db77f7b2
SSDEEP

6144:luuncUO+KgEguWqGX8XnRZ0SYqAZbfL9RJfb3U:bnfFMguWj8XdnAfdDU

Score

1^/10

Malware Config

Signatures

Files

e9ec6be50981eafd643961ad90a13f1d6527a21bb47c382d2458b6ce5f0f3c07
.exe windows x86

76def149962ef72d9dd4d6a97c4667f4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

UnmapViewOfFile
GetProcessHeap
DeleteCriticalSection
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
HeapFree
FreeLibrary
CreateMutexW
OpenProcess
GetCommandLineW
CloseHandle
SetConsoleCtrlHandler
GetLastError
WriteConsoleW
GetVersionExW
GetCurrentProcess
GetProcAddress
GetModuleHandleW
GetTickCount
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
InterlockedIncrement
ReadProcessMemory
LoadLibraryW
MultiByteToWideChar
WideCharToMultiByte
CreateFileW
FindFirstFileW
FindClose
GetSystemDirectoryW
CreateDirectoryW
FindNextFileW
DeleteFileW
GetTempPathW
GetFileSize
ReadFile
WriteFile
Sleep
GetModuleFileNameW
GetModuleHandleExW
CreateProcessW
GetProcessId
WaitForSingleObject
GetExitCodeProcess
TerminateProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
ProcessIdToSessionId
GetCurrentProcessId
LocalFree
SetEvent
GetLocalTime
GetProcessTimes
GetSystemTimeAsFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetNativeSystemInfo
GlobalMemoryStatusEx
VirtualQuery
CreateEventW
GetCurrentThreadId
SetUnhandledExceptionFilter
IsDebuggerPresent
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
RtlUnwind
EncodePointer
LoadLibraryExW
ExitProcess
GetStdHandle
GetCommandLineA
GetACP
GetFileType
GetStringTypeW
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
CompareStringW
LCMapStringW
SetStdHandle
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx

user32

wsprintfW

advapi32

OpenProcessToken
SetEntriesInAclW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegSetValueExW
RegCreateKeyW
OpenSCManagerW
OpenServiceW
CloseServiceHandle
QueryServiceStatus
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
SetServiceStatus
CreateServiceW
ChangeServiceConfig2W
ChangeServiceConfigW
StartServiceW
ControlService
DeleteService
AllocateAndInitializeSid
GetUserNameW
ConvertSidToStringSidW
GetTokenInformation

shlwapi

PathFileExistsW
PathFindFileNameW

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory

dbghelp

MiniDumpWriteDump

winhttp

WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpCloseHandle
WinHttpSetOption
WinHttpQueryHeaders
WinHttpCrackUrl
WinHttpQueryOption
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpWriteData
WinHttpOpen
WinHttpConnect
WinHttpOpenRequest

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

psapi

GetModuleInformation
EnumProcessModules
GetProcessMemoryInfo
GetModuleFileNameExW

shell32

SHGetFolderPathW

crypt32

CertFindCertificateInStore
CertGetNameStringW
CertFreeCertificateContext
CryptMsgClose
CryptMsgGetParam
CryptQueryObject
CertCloseStore

Sections

.text
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

VERISIGN
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

76def149962ef72d9dd4d6a97c4667f4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

wtsapi32

dbghelp

winhttp

version

psapi

shell32

crypt32

Sections

.text Size: 160KB - Virtual size: 160KB

.rdata Size: 50KB - Virtual size: 50KB

.data Size: 3KB - Virtual size: 8KB

.rsrc Size: 38KB - Virtual size: 37KB

.reloc Size: 7KB - Virtual size: 7KB

VERISIGN Size: 76KB - Virtual size: 76KB

.text
Size: 160KB - Virtual size: 160KB

.rdata
Size: 50KB - Virtual size: 50KB

.data
Size: 3KB - Virtual size: 8KB

.rsrc
Size: 38KB - Virtual size: 37KB

.reloc
Size: 7KB - Virtual size: 7KB

VERISIGN
Size: 76KB - Virtual size: 76KB