4139f67642ee424529563c3688d54097492de307e977c52fb272c63530c238f4

Sharing

Copy URL Twitter E-mail

General

Target

4139f67642ee424529563c3688d54097492de307e977c52fb272c63530c238f4
Size

362KB
MD5

c96b681ae7d5427f7ad86b6521d1c8db
SHA1

5bcb4ddd25ab787ad5cb169b2d09e81e23558f19
SHA256

4139f67642ee424529563c3688d54097492de307e977c52fb272c63530c238f4
SHA512

43dd3a149e46b171033b9389cf33c06d1327ad066e454898c0599f3ef0dcfc8db356d30d6e6d991458f7af531989f4e12700d7deffb25e0f4a325319a2ee68eb
SSDEEP

6144:XKgUdIvgqa1XWGa9Dt2OprjbVpvSbfBH2Inr5lplQk:cIvNahrsDtljJpvSbfBH2IF7Gk

Score

1^/10

Malware Config

Signatures

Files

4139f67642ee424529563c3688d54097492de307e977c52fb272c63530c238f4
.exe windows x86

401c40a648a6d68632296f0ccc93e449

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
CloseServiceHandle
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
RegDeleteKeyW
RegEnumKeyExW
RegSetKeySecurity
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclW
BuildTrusteeWithSidW
GetSecurityDescriptorDacl
CreateWellKnownSid
RegGetKeySecurity
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
StartServiceW
ChangeServiceConfig2W
QueryServiceStatus
ControlService
ChangeServiceConfigW
GetSecurityInfo
GetExplicitEntriesFromAclW
SetSecurityInfo
RegUnLoadKeyW
RegLoadKeyW
CreateServiceW

kernel32

MultiByteToWideChar
ReadFile
GetFileSizeEx
GetModuleHandleW
GetVersionExW
GetSystemDefaultUILanguage
CreateMutexW
CompareStringW
CompareStringA
GetTickCount
MulDiv
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
FlushFileBuffers
WriteFile
GetLocalTime
SetFilePointer
InitializeCriticalSectionAndSpinCount
GetProcAddress
FreeLibrary
LoadLibraryW
FindResourceExW
SearchPathW
GetUserDefaultUILanguage
UnmapViewOfFile
LocalAlloc
MapViewOfFile
LoadLibraryExW
ExpandEnvironmentStringsW
GetFileAttributesW
SetFileAttributesW
DeleteFileW
MoveFileExW
SetEndOfFile
CreateFileA
GetLocaleInfoW
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
LoadLibraryA
IsValidCodePage
FindResourceW
LoadResource
LockResource
SizeofResource
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetConsoleMode
GetConsoleCP
GetOEMCP
GetACP
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
VirtualFree
HeapCreate
GetCurrentThreadId
TlsFree
GetFileType
SetHandleCount
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStdHandle
TlsSetValue
TlsAlloc
TlsGetValue
LocalFree
SetLastError
GetModuleFileNameW
CopyFileW
CreateProcessW
GetExitCodeProcess
CreateFileW
CloseHandle
GetCurrentProcess
lstrlenW
GetLastError
CreateFileMappingW
RaiseException
InitializeCriticalSection
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
Sleep
GetStartupInfoW
RtlUnwind
OutputDebugStringA
ExitThread
CreateThread
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
LCMapStringA
LCMapStringW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetModuleHandleA
ExitProcess
GetStartupInfoA

gdi32

GetDeviceCaps
CreateFontIndirectW
DeleteObject

user32

CharToOemW
SystemParametersInfoW
GetDC
ReleaseDC
LoadImageW
GetWindowLongW
SetWindowLongW
SetTimer
GetDlgItem
ShowWindow
EnableWindow
KillTimer
SendDlgItemMessageW
GetParent
PostMessageW
MsgWaitForMultipleObjects
PeekMessageW
TranslateMessage
DispatchMessageW
LoadStringW
MessageBoxW
ExitWindowsEx
UnregisterClassA

comctl32

InitCommonControlsEx
CreatePropertySheetPageW
PropertySheetW

shell32

SHGetFolderPathW
ShellExecuteW
SHGetFolderPathA
SHFileOperationW

shlwapi

SHGetValueW
PathAppendA
PathRemoveBackslashW
PathAddBackslashW
PathIsRootW
ord388
ord154
SHCopyKeyW
PathFileExistsW
SHDeleteValueW
SHDeleteKeyW
PathRemoveFileSpecW
StrCmpNIW
PathAppendW
StrCmpIW
ord158

setupapi

SetupGetStringFieldW
SetupGetLineCountW
SetupCloseInfFile
SetupOpenInfFileW
SetupGetLineTextW
SetupFindNextLine
SetupFindFirstLineW

msi

ord141
ord190

Sections

.text
Size: 179KB - Virtual size: 179KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 164KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

401c40a648a6d68632296f0ccc93e449

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

comctl32

shell32

shlwapi

setupapi

msi

Sections

.text Size: 179KB - Virtual size: 179KB

.data Size: 5KB - Virtual size: 42KB

.rsrc Size: 164KB - Virtual size: 168KB

.reloc Size: 12KB - Virtual size: 12KB

.text
Size: 179KB - Virtual size: 179KB

.data
Size: 5KB - Virtual size: 42KB

.rsrc
Size: 164KB - Virtual size: 168KB

.reloc
Size: 12KB - Virtual size: 12KB