d897fd9430c88c45a30c9f6bf0ea20b8

Sharing

Copy URL

Twitter E-mail

General

Target

d897fd9430c88c45a30c9f6bf0ea20b8
Size

517KB
MD5

d897fd9430c88c45a30c9f6bf0ea20b8
SHA1

7b7888dc69a68e546b2125a288f5075790520183
SHA256

c4141acea0caa5022d8345c601134575b00912861c5664c6d47732dc3a6905a9
SHA512

74050e83a408a46b4658005195ade871ea96587eda34917bfb13dfab591895e274706177678cd9e2e684778aa330a64fb011cde05d08df41cf403fee65ddbc32
SSDEEP

12288:w1NAEagJiIIcPdf8vvl+nqnjM/Ggg9oL14gbzHTp6xucG9:wR18vv0nsjig9oL14gXV6xZ+

Score

1^/10

Malware Config

Signatures

Files

d897fd9430c88c45a30c9f6bf0ea20b8
.exe windows:5 windows x86 arch:x86

948979b925746faec30abb0dacfe498e

Code Sign

67:e8:a3:67:23:14:db:ec:1e:91:d8:41:b1:2b:4b:e9:c7:bc:50:c0
Signer

Actual PE Digest

67:e8:a3:67:23:14:db:ec:1e:91:d8:41:b1:2b:4b:e9:c7:bc:50:c0

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

SHDeleteKeyA
SHStrDupW
SHDeleteKeyW

shell32

SHGetFolderPathA
ShellExecuteA
SHGetMalloc
SHGetSpecialFolderPathA

kernel32

Sleep
GetTickCount
LocalFree
InterlockedDecrement
GetVersionExA
GetCurrentProcess
SetFileAttributesA
SetLastError
MoveFileExA
CopyFileA
FindClose
FindNextFileA
FindFirstFileA
OpenProcess
GetFullPathNameW
GlobalUnlock
GlobalAlloc
GlobalLock
InterlockedIncrement
ExpandEnvironmentStringsA
WriteFile
CreateFileA
DeviceIoControl
QueryPerformanceCounter
QueryPerformanceFrequency
GetCurrentThread
GetCurrentDirectoryW
GetStringTypeW
MultiByteToWideChar
TerminateProcess
GetFileAttributesW
CreateFileW
GetFileSize
ReadFile
GetConsoleWindow
GetCommandLineA
SetConsoleTitleA
SetConsoleCtrlHandler
LoadLibraryA
FreeLibrary
GetFileAttributesExA
lstrlenA
DeleteFileA
RemoveDirectoryA
CreateDirectoryA
GetModuleFileNameA
GetFileAttributesA
OutputDebugStringA
GetCurrentDirectoryA
SetCurrentDirectoryA
SetEnvironmentVariableA
GetLastError
GetEnvironmentStrings
CreateProcessA
WaitForSingleObject
GetExitCodeProcess
CloseHandle
GetModuleHandleA
GetProcAddress
VirtualQuery
IsProcessorFeaturePresent
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleW
LCMapStringW
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStartupInfoW
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
GetACP
ExitProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapReAlloc
HeapCreate
GetDriveTypeW
HeapSetInformation
GetSystemTimeAsFileTime
GetModuleHandleW
GetStdHandle
WideCharToMultiByte
GetCurrentThreadId
FlushFileBuffers
CreateDirectoryW
SetEndOfFile
SetFilePointer
EnterCriticalSection
LeaveCriticalSection
IsDebuggerPresent
VirtualAlloc
GetProcessHeap
HeapUnlock
HeapWalk
HeapLock
GetModuleFileNameW
InitializeCriticalSection
DeleteCriticalSection
GetCurrentProcessId
GetExitCodeThread
OpenThread
GetThreadPriority
SetThreadAffinityMask
RaiseException
SetEvent
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
InitializeCriticalSectionAndSpinCount
LoadLibraryExA
LoadLibraryW
LoadLibraryExW
InterlockedExchange
DebugBreak
InterlockedCompareExchange
VirtualFree
VirtualProtect
HeapQueryInformation
GetProcessHeaps
HeapFree
HeapAlloc
HeapValidate
InterlockedExchangeAdd
HeapSize
GetSystemInfo
GetProcessAffinityMask
SetProcessAffinityMask
RtlUnwind
GetLocalTime

user32

ShowWindow
MessageBoxA
DialogBoxParamA
EnumWindows
GetWindowThreadProcessId
GetDlgItemInt
EndDialog
OpenClipboard
EmptyClipboard
GetDlgItem
GetWindowTextLengthA
IsWindowVisible
SetWindowPos
GetDesktopWindow
GetWindowRect
SetDlgItemInt
SetDlgItemTextA
CloseClipboard
SetClipboardData
wsprintfA

advapi32

StartServiceCtrlDispatcherA
RegOpenKeyExW
RegEnumKeyExW
OpenProcessToken
SetNamedSecurityInfoA
LookupPrivilegeValueA
AdjustTokenPrivileges
RegisterServiceCtrlHandlerA
SetServiceStatus
DeleteService
QueryServiceObjectSecurity
GetSecurityDescriptorDacl
ConvertStringSidToSidA
SetEntriesInAclA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetServiceObjectSecurity
CreateServiceA
ChangeServiceConfigA
ChangeServiceConfig2A
StartServiceA
QueryServiceStatus
ControlService
QueryServiceStatusEx
OpenServiceA
OpenSCManagerA
CloseServiceHandle
RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegEnumValueA
RegQueryInfoKeyA
RegEnumKeyExA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

ole32

PropVariantClear
CoInitialize
CoUninitialize
CoCreateInstance
CoInitializeEx

oleaut32

SysFreeString
SysAllocString
VariantClear

Exports

Exports

g_dwDllEntryThreadId

Sections

.text
Size: 337KB - Virtual size: 336KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 447KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

948979b925746faec30abb0dacfe498e

Code Sign

67:e8:a3:67:23:14:db:ec:1e:91:d8:41:b1:2b:4b:e9:c7:bc:50:c0Signer

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

shell32

kernel32

user32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 337KB - Virtual size: 336KB

.rdata Size: 86KB - Virtual size: 86KB

.data Size: 13KB - Virtual size: 447KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 70KB - Virtual size: 70KB

67:e8:a3:67:23:14:db:ec:1e:91:d8:41:b1:2b:4b:e9:c7:bc:50:c0
Signer

.text
Size: 337KB - Virtual size: 336KB

.rdata
Size: 86KB - Virtual size: 86KB

.data
Size: 13KB - Virtual size: 447KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 70KB - Virtual size: 70KB