f73ae637e2fabc59414bde71d114a8c941e8d8e73f0ba1bd956c07e5c5cf67dc

Sharing

Copy URL

Twitter E-mail

General

Target

f73ae637e2fabc59414bde71d114a8c941e8d8e73f0ba1bd956c07e5c5cf67dc
Size

566KB
MD5

333d723e005c7e9ffbf87fe5e99ce323
SHA1

b647e74bc200214950fe79a44963d229663f2104
SHA256

f73ae637e2fabc59414bde71d114a8c941e8d8e73f0ba1bd956c07e5c5cf67dc
SHA512

8f11dd868cbad6a1d9eb780289e8b56cbbe11cf3854e465e8e18632b56a7a184ada7cec79e6d78486e682c91f45849cdd97b53ee1d70350a0f7a108aa893fe4e
SSDEEP

6144:DqJiPjw6mMS8YkTIbaH1MHxMrUxKHu/i5uzq46uOh4kcSfWBvgba3V30ytVJfecn:UgMHxMlu//zFXOh4kDYIWEOxUL0uH6N

Score

1^/10

Malware Config

Signatures

Files

f73ae637e2fabc59414bde71d114a8c941e8d8e73f0ba1bd956c07e5c5cf67dc
.exe windows x64

2a49d1af9482b46ff85239aac157270c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

AllocateAndInitializeSid
CheckTokenMembership
FreeSid
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
GetSecurityDescriptorControl
MakeSelfRelativeSD
GetSecurityDescriptorLength
RegOpenKeyExW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegLoadKeyW
RegQueryValueExW
RegCloseKey
ConvertSidToStringSidW
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
RegFlushKey
InitiateShutdownW
LookupAccountNameW
GetLengthSid
CopySid
IsValidSid
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
SetSecurityDescriptorDacl
AddAce
InitializeAcl
GetAclInformation
InitializeSecurityDescriptor
MakeAbsoluteSD
SetSecurityDescriptorOwner
SetSecurityDescriptorControl
OpenSCManagerW
EnumServicesStatusW
CloseServiceHandle
OpenServiceW
QueryServiceConfigW
EventRegister
EventUnregister
EventWrite

kernel32

GetExitCodeProcess
IsWow64Process
GetCurrentProcess
GetNativeSystemInfo
ReleaseMutex
GetWindowsDirectoryW
GetFileAttributesW
GetUILanguageInfo
GetVersionExW
GetProductInfo
EnumUILanguagesW
DeviceIoControl
GetDiskFreeSpaceW
GetDiskFreeSpaceExW
LocalAlloc
LocalFree
WaitForSingleObject
Sleep
CreateEventW
SetEvent
MultiByteToWideChar
CreateThread
GetFileMUIPath
GetSystemPowerStatus
GetSystemTime
SystemTimeToFileTime
CreateDirectoryW
GetFileSizeEx
FindFirstFileW
FindNextFileW
FindClose
GetModuleFileNameW
GetSystemWindowsDirectoryW
GetModuleHandleW
GetFullPathNameW
FormatMessageW
lstrlenW
GetFileSize
ReadFile
HeapAlloc
GetProcessHeap
HeapReAlloc
HeapFree
GlobalFree
WideCharToMultiByte
SetFilePointer
SetEndOfFile
WriteFile
OutputDebugStringA
SearchPathW
GetEnvironmentVariableW
HeapSize
HeapDestroy
CreateProcessW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetProcAddress
CreateFileW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetVersionExA
SetUnhandledExceptionFilter
RaiseException
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
MoveFileExW
CompareFileTime
SetFileTime
DeleteFileW
CloseHandle
CreateMutexW
FreeLibrary
GetLastError
LoadLibraryW
SetLastError
GetFileAttributesExW

user32

MessageBoxW
UnregisterClassA

msvcrt

?terminate@@YAXXZ
__CxxFrameHandler3
iswspace
vsprintf_s
_vscprintf
_wtoi
iswdigit
wcstoul
_CxxThrowException
_vsnwprintf
_vsnprintf
wcsstr
_wtol
isdigit
_wcsnicmp
_purecall
wcschr
_wcslwr_s
towupper
wcscspn
_resetstkoflw
wcsrchr
vswprintf_s
_vscwprintf
??_V@YAXPEAX@Z
??_U@YAPEAX_K@Z
??2@YAPEAX_K@Z
malloc
memset
__C_specific_handler
_wcsicmp
memmove_s
free
memcpy_s
??3@YAXPEAX@Z
_onexit
__wgetmainargs
_XcptFilter
_exit
_cexit
exit
wcsncmp
_lock
__dllonexit
_unlock
??1type_info@@UEAA@XZ
__set_app_type
_fmode
_commode
__setusermatherr
_amsg_exit
_initterm
calloc
memcpy

shell32

SHFileOperationW
SHCreateItemFromParsingName
CommandLineToArgvW

ole32

CoSetProxyBlanket
StringFromGUID2
CoGetMalloc
CoUninitialize
CoInitializeSecurity
CoInitializeEx
CoCreateInstance

oleaut32

VariantChangeType
VariantInit
VariantClear
SysAllocStringLen
SysFreeString

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlNumberOfClearBits
RtlInitializeBitMap
RtlSetBits
RtlAreBitsSet
RtlAreBitsClear

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory

shlwapi

PathFileExistsW
PathCombineW
SHCreateStreamOnFileW
PathIsURLW
PathRemoveFileSpecW
PathFindFileNameW

xmllite

CreateXmlReader

crypt32

CertFreeCertificateContext
CertAddCertificateContextToStore
CertCreateCertificateContext
CertCloseStore
CertOpenStore

userenv

UnloadUserProfile

sqmapi

SqmSetAppId
SqmSetEnabled
SqmGetSession
SqmIsWindowsOptedIn
SqmEndSession
SqmWaitForUploadComplete
SqmAddToStreamV
SqmSet
SqmReadSharedMachineId
SqmCreateNewId
SqmWriteSharedMachineId
SqmSetMachineId
SqmSetBits
SqmSetString
SqmStartUpload

winbrand

BrandingFormatString

wer

WerpSetCallBack
WerReportSetParameter
WerReportSetUIOption
WerReportSubmit
WerReportCloseHandle
WerReportCreate

wintrust

CryptCATAdminCalcHashFromFileHandle
WinVerifyTrust
CryptCATCatalogInfoFromContext
CryptCATAdminReleaseCatalogContext
CryptCATAdminEnumCatalogFromHash
CryptCATAdminReleaseContext
CryptCATAdminAcquireContext

Sections

.text
Size: 546KB - Virtual size: 546KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2a49d1af9482b46ff85239aac157270c

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

msvcrt

shell32

ole32

oleaut32

version

ntdll

wtsapi32

shlwapi

xmllite

crypt32

userenv

sqmapi

winbrand

wer

wintrust

Sections

.text Size: 546KB - Virtual size: 546KB

.data Size: 3KB - Virtual size: 5KB

.pdata Size: 11KB - Virtual size: 11KB

.rsrc Size: 1KB - Virtual size: 4KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 546KB - Virtual size: 546KB

.data
Size: 3KB - Virtual size: 5KB

.pdata
Size: 11KB - Virtual size: 11KB

.rsrc
Size: 1KB - Virtual size: 4KB

.reloc
Size: 2KB - Virtual size: 1KB