0f9ca5c555ddf4b5b29573ea1a513a69555afcfd0b1d3fa8f441bc6991bce543

General

Target

0f9ca5c555ddf4b5b29573ea1a513a69555afcfd0b1d3fa8f441bc6991bce543
Size

600KB
MD5

caf3575a95198ee925f2dfdeba2e78f3
SHA1

2f267d5e2fb9d6ae818d5caa7f2fa508daf09d67
SHA256

0f9ca5c555ddf4b5b29573ea1a513a69555afcfd0b1d3fa8f441bc6991bce543
SHA512

0b76001d9990a8163caaae9187294af58d87a91f02ebb2840fd373e850e4dc311f57340b16462ebe0da258e811be1dfc6af442f57c2b745e67d06a5c21c8a952
SSDEEP

12288:sfK3FAyt2y5esclHdwCVJEJHGMWxfLoFB5nVRZ6mOkJuijB:sfoFVes8HCCVJEZGMWBUNVP6mNjj

Score

N/A

Malware Config

Signatures

Files

0f9ca5c555ddf4b5b29573ea1a513a69555afcfd0b1d3fa8f441bc6991bce543
.exe windows x86

96c766b3e774d8e412189713e40b75ea

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

shimeng

SE_IsShimDll
SE_InstallBeforeInit

user32

wsprintfA
DrawStateA
IsCharLowerW
LoadImageA
GetPropA
CreateDesktopW
LoadCursorA
PostMessageA
LoadIconW
PeekMessageA
LoadMenuW
LoadMenuW
LoadCursorA
wsprintfA
PostMessageA
MessageBoxW
CreateWindowExA
GetPropA
LoadBitmapW
GetClassLongW
LoadStringW
DialogBoxParamA
LoadIconA
DrawStateA
PeekMessageA

kernel32

CreateSemaphoreA
FindClose
lstrcatA
GetVersion
GetStringTypeA
GetFileSize
lstrcmp
IsBadStringPtrW
GetSystemDirectoryA
ReadConsoleA
CreateFileMappingA
GetStartupInfoW
GetCommandLineA
SearchPathW
SetFileTime
EnterCriticalSection
GetProcAddress
GetCurrentThreadId
FindNextFileA
WaitForSingleObjectEx
DeleteFileW
GetExpandedNameA
LoadLibraryW
MoveFileW
GetModuleHandleA

crypt32

CertSaveStore
CertFindAttribute
CertCompareCertificate
CertGetNameStringA
CertAlgIdToOID
CertControlStore
CertCloseStore
CertDuplicateCRLContext
CertFindExtension
CryptFindOIDInfo
CertDeleteCRLFromStore
CertFindChainInStore
CryptEnumOIDInfo
CertNameToStrA

cmutil

CmMalloc
CmRealloc
CmAtolA

Sections

.text
Size: 585KB - Virtual size: 585KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.mdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_MEM_READ

.adata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

96c766b3e774d8e412189713e40b75ea

Headers

DLL Characteristics

File Characteristics

Imports

shimeng

user32

kernel32

crypt32

cmutil

Sections

.text Size: 585KB - Virtual size: 585KB

.mdata Size: 8KB - Virtual size: 8KB

.adata Size: 3KB - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 2KB

.text
Size: 585KB - Virtual size: 585KB

.mdata
Size: 8KB - Virtual size: 8KB

.adata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 2KB