0f0c37ff5305e4c585ce277d2d787d174d224c1bc6b5630a0abbcefecf3ed218

Sharing

Copy URL Twitter E-mail

General

Target

0f0c37ff5305e4c585ce277d2d787d174d224c1bc6b5630a0abbcefecf3ed218
Size

652KB
MD5

955ba95ff271ae9ea081e4b2768f54e1
SHA1

016711a9909f32f41eb36f8ed524ce567e9efa06
SHA256

0f0c37ff5305e4c585ce277d2d787d174d224c1bc6b5630a0abbcefecf3ed218
SHA512

4f013c95e398e0e916289e5d33e8c8d87343b6ce5619e7cc4dae2c404953fa03e2a82dd3eff09ba3cad5209b931d50cdd22b30c592051186854146d7ed4dc1d2
SSDEEP

12288:0wznxd7iNuMfEP8P2guROzmAgIWIQUXatb7U5gfzRe8vMDnOV:0yd7ioMMP8c3IWIQHb7U5gfzReE

Score

1^/10

Malware Config

Signatures

Files

0f0c37ff5305e4c585ce277d2d787d174d224c1bc6b5630a0abbcefecf3ed218
.exe windows x86

42346982db95ff4bc64f19a09fa59a11

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

SetTokenInformation
DuplicateTokenEx
OpenProcessToken
CopySid
GetLengthSid
GetTokenInformation
InitializeSecurityDescriptor
GetSecurityDescriptorDacl
GetAce
AddAce
InitializeAcl
GetAclInformation
SetSecurityDescriptorDacl
EqualSid
AddAccessAllowedAce
DeleteAce
CreateProcessAsUserW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
FreeSid
AllocateAndInitializeSid
InitiateSystemShutdownW
AccessCheck
MapGenericMask
GetFileSecurityW
RevertToSelf
ImpersonateSelf
OpenThreadToken
GetUserNameW
RegCreateKeyExW
GetExplicitEntriesFromAclW
GetSecurityDescriptorControl
GetNamedSecurityInfoW
SetSecurityDescriptorControl
SetSecurityDescriptorOwner
DuplicateToken
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
GetSecurityInfo

user32

KillTimer
MessageBoxW
PeekMessageA
LoadStringA
GetDesktopWindow
SetTimer
PostQuitMessage
GetUserObjectSecurity
SetUserObjectSecurity
CloseDesktop
CloseWindowStation
OpenDesktopW
SetProcessWindowStation
OpenWindowStationW
MessageBoxA
LoadStringW
ExitWindowsEx
OpenInputDesktop
GetUserObjectInformationW
GetProcessWindowStation

ole32

CoQueryProxyBlanket
CoTaskMemFree
CoInitialize
CoUninitialize
CoCreateInstance
CoSetProxyBlanket

oleaut32

SysFreeString
VariantClear
SysAllocString
VariantInit

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

shell32

SHGetFolderPathW

wtsapi32

WTSEnumerateSessionsA
WTSFreeMemory

kernel32

BackupWrite
CreateEventW
CompareStringA
HeapSize
SetEnvironmentVariableA
CompareStringW
GetStringTypeW
GetStringTypeA
GetConsoleOutputCP
WriteConsoleA
LCMapStringA
GetCurrentDirectoryA
RtlUnwind
LCMapStringW
IsValidCodePage
GetOEMCP
GetCPInfo
IsDebuggerPresent
HeapCreate
TlsFree
GetStartupInfoA
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetProcessHeap
PeekNamedPipe
ExitProcess
UnhandledExceptionFilter
MoveFileW
FileTimeToLocalFileTime
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
SetStdHandle
HeapReAlloc
CreateThread
HeapAlloc
GetDateFormatA
GetTimeFormatA
HeapFree
GetStartupInfoW
ExitThread
GetLocaleInfoA
InterlockedDecrement
InterlockedIncrement
InterlockedCompareExchange
InitializeCriticalSection
GetACP
GetDriveTypeA
WriteConsoleW
GetSystemTimeAsFileTime
MultiByteToWideChar
WideCharToMultiByte
GetOverlappedResult
OutputDebugStringA
CloseHandle
GetCurrentProcess
GetLastError
GetModuleHandleA
GetVersionExA
FreeLibrary
GetProcAddress
LoadLibraryA
SetEvent
CreateEventA
Sleep
WaitForMultipleObjectsEx
SetConsoleCtrlHandler
OpenProcess
GetExitCodeThread
WaitForSingleObject
GetCommandLineW
FileTimeToSystemTime
TerminateProcess
SetLastError
GetExitCodeProcess
LoadLibraryW
CreateProcessW
DuplicateHandle
GetTickCount
GetVersionExW
GetModuleHandleW
VirtualAlloc
GetSystemInfo
VirtualFree
EnterCriticalSection
LeaveCriticalSection
GetCurrentProcessId
GetCurrentThreadId
CreateFileW
TlsSetValue
TlsGetValue
RaiseException
SetUnhandledExceptionFilter
TlsAlloc
IsBadReadPtr
VirtualQuery
GetCurrentThread
MoveFileExW
FindFirstFileW
FindNextFileW
FindClose
GetFileInformationByHandle
GetFileAttributesW
DeleteFileW
CreateDirectoryW
RemoveDirectoryW
GetFileType
GetFileAttributesExW
SetEndOfFile
SetFilePointer
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetFileSize
CreateFileA
GetWindowsDirectoryA
GetDriveTypeW
WriteFile
ReadFile
FlushFileBuffers
GetVolumeInformationW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetModuleFileNameW
GetFullPathNameW
GetLogicalDriveStringsW
GetComputerNameExW
LoadLibraryExW
CopyFileW
SetFileAttributesW
GetDiskFreeSpaceW
GetTempPathW
SetEnvironmentVariableW
LocalFree
FormatMessageW
OutputDebugStringW
GetFileAttributesA
lstrcmpiA
QueryPerformanceCounter
QueryPerformanceFrequency
GetStdHandle
OpenThread

Sections

.text
Size: 380KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 42KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.ropf
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

42346982db95ff4bc64f19a09fa59a11

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

user32

ole32

oleaut32

version

shell32

wtsapi32

kernel32

Sections

.text Size: 380KB - Virtual size: 380KB

.rdata Size: 116KB - Virtual size: 115KB

.data Size: 42KB - Virtual size: 121KB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 29KB - Virtual size: 29KB

.ropf Size: 74KB - Virtual size: 74KB

.text
Size: 380KB - Virtual size: 380KB

.rdata
Size: 116KB - Virtual size: 115KB

.data
Size: 42KB - Virtual size: 121KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 29KB - Virtual size: 29KB

.ropf
Size: 74KB - Virtual size: 74KB