8d58c29a45d8a94f3add1317a2d1c00e0d6eda898293a81952f5603967ce45ad

Sharing

Copy URL

Twitter E-mail

General

Target

8d58c29a45d8a94f3add1317a2d1c00e0d6eda898293a81952f5603967ce45ad
Size

708KB
MD5

d93db4daa650dcdc5ffe670d61fcfa8f
SHA1

3ed89771339ea3e6d0ea56d16aface69ddef4f74
SHA256

8d58c29a45d8a94f3add1317a2d1c00e0d6eda898293a81952f5603967ce45ad
SHA512

bb1ab6ef623db5f71573ddd23a7c1873fabfc87c6f4f181fd8c8328367457bffc99edbb28d1c51991b137a69794d0915b845d9fbea6ca54c1dd922e9a797dabd
SSDEEP

12288:kahIBAYJ2Pzp/Y9DNtcejQ4JeW/svKai/V8PvkNDvtStRtl3/i4wIOhjc:kahtYJ2bpA9DNtcqIW/vrVnN7+Vvi4wx

Score

N/A

Malware Config

Signatures

Files

8d58c29a45d8a94f3add1317a2d1c00e0d6eda898293a81952f5603967ce45ad
.exe windows x86

f55dbad9feaf775cb74bbb99944c786f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

EqualSid
CryptEnumProviderTypesW
GetEffectiveRightsFromAclW
ObjectCloseAuditAlarmA
CryptCreateHash
RegEnumValueW

crypt32

CertVerifyCertificateChainPolicy
CertDuplicateCTLContext

cfgmgr32

CM_Get_Sibling

wintrust

WinVerifyTrustEx

kernel32

GetModuleFileNameW
GetLastError
LoadLibraryW
EnterCriticalSection
GetSystemInfo
VirtualProtect
GetBinaryTypeA
GetCurrentProcess
TerminateProcess
HeapSize
VirtualQuery
GetUserDefaultLCID
GetModuleHandleA
UnhandledExceptionFilter
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
RtlUnwind
HeapReAlloc
VirtualAlloc
Sleep
HeapAlloc
InitializeCriticalSection
LoadLibraryExA
LeaveCriticalSection
OutputDebugStringA
GetCommandLineA
GetVersionExA
SetUnhandledExceptionFilter
GetProcAddress
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCurrentThreadId
HeapDestroy
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP

oleaut32

VarDateFromUdate
LoadRegTypeLi

winspool.drv

GetJobW

comdlg32

ReplaceTextA

ole32

CoDisconnectObject

gdi32

AddFontResourceExW
GetGlyphOutlineA

esent

JetEscrowUpdate

shlwapi

PathRenameExtensionW
SHGetValueA
SHSetThreadRef
PathSearchAndQualifyW
SHSetValueW
StrTrimA

user32

TrackMouseEvent
CopyRect
CallWindowProcA
DefWindowProcA
SystemParametersInfoA
GetProcessWindowStation
GetSysColorBrush
SetActiveWindow

wininet

InternetQueryDataAvailable

userenv

FreeGPOListW

winmm

waveInMessage

setupapi

SetupDiGetINFClassW
SetupDiGetClassImageListExW

Sections

.text
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 300KB - Virtual size: 298KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 320KB - Virtual size: 330KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f55dbad9feaf775cb74bbb99944c786f

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

crypt32

cfgmgr32

wintrust

kernel32

oleaut32

winspool.drv

comdlg32

ole32

gdi32

esent

shlwapi

user32

wininet

userenv

winmm

setupapi

Sections

.text Size: 60KB - Virtual size: 57KB

.rdata Size: 300KB - Virtual size: 298KB

.data Size: 320KB - Virtual size: 330KB

.rsrc Size: 24KB - Virtual size: 21KB

.text
Size: 60KB - Virtual size: 57KB

.rdata
Size: 300KB - Virtual size: 298KB

.data
Size: 320KB - Virtual size: 330KB

.rsrc
Size: 24KB - Virtual size: 21KB