0cfeda3314e0929cf7047e657912c610ad345356b68c9d6edd95711c31adfb44

Sharing

Copy URL

Twitter E-mail

General

Target

0cfeda3314e0929cf7047e657912c610ad345356b68c9d6edd95711c31adfb44
Size

196KB
MD5

82ae7aa68ef4c8b32e67883b3c734822
SHA1

caa3e5488432c54e7d8cffceba839cf07fdbd672
SHA256

0cfeda3314e0929cf7047e657912c610ad345356b68c9d6edd95711c31adfb44
SHA512

2d609fb0cbe73922d6542ca579236fe54cc080f4ba22c9f4f7cc372e8dbb73376486ea16a81c39f71c5cfa9f131eac4d513abb42ef81bccc8ffa7b1f2c26ad86
SSDEEP

3072:ycy2t3WhzLvox7qteuAcwugrxDXVo/rvfxLFQ+sVVfT6LUhrMe3PBnKI4:yc/3W5voxe0JDoRO7WgMe3JKI4

Score

N/A

Malware Config

Signatures

Files

0cfeda3314e0929cf7047e657912c610ad345356b68c9d6edd95711c31adfb44
.exe windows x86

890d1a8009f0a87f75c86036a4a153d8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
CloseHandle
GetDriveTypeW
HeapAlloc
WriteFile
GetSystemDirectoryA
LoadLibraryW
FindResourceExW
SetConsoleTitleA
GetEnvironmentVariableA
WriteConsoleA
CreateProcessW
OpenFileMappingW
GetEnvironmentVariableW
GetVolumeInformationW
AllocConsole
LoadLibraryA
GetCurrentProcessId
CreateThread
CreateMailslotA

cmutil

CmMoveMemory
CmRealloc
CmAtolA
CmFree

shlwapi

UrlUnescapeW
PathCombineA
UrlCanonicalizeA
PathIsRootW
UrlHashA
UrlIsNoHistoryA
UrlIsOpaqueW
UrlCreateFromPathW
UrlGetPartA
UrlEscapeA
UrlIsW
UrlGetLocationW
UrlCompareW
PathCompactPathW

advapi32

ControlService
CloseTrace
RegEnumKeyW
CryptSignHashA
ReadEventLogA
RegLoadKeyA
RegDeleteValueW
RegRestoreKeyW
RegOpenKeyW
RegCreateKeyExW
RegReplaceKeyA
IsValidSid

user32

PeekMessageW
CreateDesktopW
DispatchMessageA
IsCharUpperW
MessageBoxW
GetDlgItemTextA
FindWindowA
LoadCursorA
GetFocus
CharToOemA
DialogBoxParamA
GetMessageW
PostMessageA

ctl3d32

Ctl3dRegister
Ctl3dGetVer
Ctl3dCtlColor

crypt32

CertDuplicateCRLContext
CertDuplicateStore
CertFreeCTLContext
CertFindCRLInStore
CertCreateContext
CertNameToStrA
CertFindExtension
CertCloseStore
CertControlStore
CertDeleteCRLFromStore
CertOpenStore
CryptEncryptMessage
CryptFindOIDInfo
CertOIDToAlgId
CertCreateCRLContext

certcli

CACloseCertType
CAEnumFirstCA
CAEnumNextCA
CACloseCA

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.kdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 170KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

890d1a8009f0a87f75c86036a4a153d8

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

cmutil

shlwapi

advapi32

user32

ctl3d32

crypt32

certcli

Sections

.text Size: 5KB - Virtual size: 4KB

.kdata Size: 21KB - Virtual size: 20KB

.rsrc Size: 170KB - Virtual size: 169KB

.text
Size: 5KB - Virtual size: 4KB

.kdata
Size: 21KB - Virtual size: 20KB

.rsrc
Size: 170KB - Virtual size: 169KB