066495f8ce07574b7244d091c351e32d0b4ca3bf596da18941f0e8821403f269

General

Target

066495f8ce07574b7244d091c351e32d0b4ca3bf596da18941f0e8821403f269
Size

76KB
MD5

fd44ad93ac7d143405c42e602cc431b2
SHA1

ed93622b49f73488a0aca7822aa668e9ac170fe6
SHA256

066495f8ce07574b7244d091c351e32d0b4ca3bf596da18941f0e8821403f269
SHA512

4ee206ee11d23c144049b3c861b133a4f90e1a9bc0ab8ad3dd7360e399f27c8636deb46260e1c7e454369e78d4afeb059551819b25bdb6775e40e6926a8a9507
SSDEEP

1536:gZ+3b6TCiooOlgluCPfmNIer9WjrixP1qI02+GTeOUhAVv:gumeuOlzQfiIeBWniXr+Z9A

Score

N/A

Malware Config

Signatures

Files

066495f8ce07574b7244d091c351e32d0b4ca3bf596da18941f0e8821403f269
.exe windows x86

ad3a62e97c4fca7c35c50d6fab44fbbb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comsvcs

CoEnterServiceDomain
CoCreateActivity
CoLoadServices
RecycleSurrogate
SafeRef

cmpbk32

PhoneBookLoad
PhoneBookCopyFilter
PhoneBookEnumNumbers
PhoneBookEnumCountries
PhoneBookFreeFilter

kernel32

WriteProcessMemory
OpenEventW
MoveFileW
GetFileAttributesW
EncodePointer
InterlockedDecrement
GetACP
CreateEventA
GetModuleHandleA
OpenFileMappingA
GetEnvironmentVariableA
VirtualAllocEx
GetVolumeNameForVolumeMountPointA
LoadLibraryExW

crypt32

CertOpenStore
CertCloseStore
CertFreeCTLContext
CryptMemAlloc
CertFindCRLInStore
CryptMsgClose
CertDuplicateCRLContext
CertCompareCertificate
CertDeleteCTLFromStore
CertGetNameStringA
CertAlgIdToOID
CertCreateCRLContext

shell32

ExtractIconA
DragQueryFileW
SHQueryRecycleBinA
ShellExecuteW
DragFinish
FindExecutableA
SHEmptyRecycleBinA
FindExecutableW
SHDefExtractIconA
ShellAboutW
SHGetFileInfoA
SHGetDataFromIDListW

clusapi

CloseClusterNode
ClusterControl

cmutil

CmMalloc
CmMoveMemory

advapi32

RegSaveKeyA
RegReplaceKeyA
ControlService
RegDeleteValueW
CryptSignHashA
ReadEventLogW
RegCreateKeyExW
RegUnLoadKeyA
RegCloseKey
InitializeSid
OpenEventLogW

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.joi
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ad3a62e97c4fca7c35c50d6fab44fbbb

Headers

DLL Characteristics

File Characteristics

Imports

comsvcs

cmpbk32

kernel32

crypt32

shell32

clusapi

cmutil

advapi32

Sections

.text Size: 8KB - Virtual size: 7KB

.joi Size: 67KB - Virtual size: 67KB

.text
Size: 8KB - Virtual size: 7KB

.joi
Size: 67KB - Virtual size: 67KB