49dcb7a8bc52f45272ba9b1a5ef34d3bf4432040cd4049537f608edfee62c988

Sharing

Copy URL Twitter E-mail

General

Target

49dcb7a8bc52f45272ba9b1a5ef34d3bf4432040cd4049537f608edfee62c988
Size

442KB
MD5

2e3eeb59cac566ae8f54f8a680111880
SHA1

79d34fdf33590b8012ae66ccf5feccfbee09fe0f
SHA256

49dcb7a8bc52f45272ba9b1a5ef34d3bf4432040cd4049537f608edfee62c988
SHA512

926aeb81875895b0e5c670bc599d94799e804ad9edb472065eec376b1f0a8ffc8f28c75305ea9ad1fd55c2fcf5f27f12d98f08509f5a3920dc2e4d4c231a75fd
SSDEEP

12288:lbqV10zuayB8LDFk+sTOuuPLG8QHfFYCOjqoFpl:tqszyBRR1uS//yCOjqoFp

Score

N/A

Malware Config

Signatures

Files

49dcb7a8bc52f45272ba9b1a5ef34d3bf4432040cd4049537f608edfee62c988
.exe windows x86

34a477edf18ed62fcd70ff618d9298b1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

esent

JetBackup

credui

CredUIParseUserNameW
CredUIPromptForCredentialsW

urlmon

CopyStgMedium

kernel32

BackupRead
VirtualAlloc
AddConsoleAliasA
GetLastError

cryptui

CryptUIDlgViewCertificateW

winmm

waveOutGetPitch
waveOutClose
waveOutWrite
waveOutSetVolume
waveOutReset
waveOutUnprepareHeader
waveOutOpen
waveOutPrepareHeader
waveOutGetVolume

crypt32

CertAddCertificateContextToStore
CertVerifyCertificateChainPolicy
CertGetNameStringW
CertVerifySubjectCertificateContext
CertGetEnhancedKeyUsage
CryptSignMessage
CertOpenStore
CertFindExtension
CertGetCertificateChain
CertDuplicateCertificateChain
CertFindCertificateInStore
CertCloseStore
CryptMsgOpenToDecode
CertFreeCertificateContext
CertGetCertificateContextProperty
CertCompareCertificate
CryptStringToBinaryW
CertDuplicateCertificateContext
CertFreeCertificateChain
CryptMsgClose
CryptProtectData
CryptMsgUpdate
CryptBinaryToStringW
CryptVerifyDetachedMessageSignature
CryptDecodeObject
CertCreateCertificateContext

user32

DlgDirListComboBoxA
EnumPropsA

wtsapi32

WTSRegisterSessionNotification
WTSUnRegisterSessionNotification

ws2_32

getaddrinfo
WSANSPIoctl
WSALookupServiceEnd
WSALookupServiceBeginW
freeaddrinfo
WSAIoctl
WSALookupServiceNextW

setupapi

SetupDiCreateDeviceInfoList
SetupDiGetDeviceRegistryPropertyW
SetupDiOpenClassRegKeyExW
SetupDiGetDeviceInstanceIdW
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiOpenDevRegKey
SetupDiEnumDeviceInfo
SetupDiOpenDeviceInfoW
SetupDiGetClassDevsW

rpcrt4

CStdStubBuffer_Disconnect
NdrOleFree
IUnknown_AddRef_Proxy
CStdStubBuffer_IsIIDSupported
MesEncodeDynBufferHandleCreate
NdrMesTypeFree2
NdrDllCanUnloadNow
IUnknown_Release_Proxy
NdrCStdStubBuffer_Release
NdrOleAllocate
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_Connect
MesHandleFree
CStdStubBuffer_QueryInterface
NdrMesTypeDecode2
NdrMesTypeEncode2
CStdStubBuffer_Invoke
IUnknown_QueryInterface_Proxy
NdrDllUnregisterProxy
CStdStubBuffer_AddRef
CStdStubBuffer_CountRefs
NdrDllRegisterProxy
NdrDllGetClassObject
MesDecodeBufferHandleCreate
CStdStubBuffer_DebugServerRelease

iphlpapi

GetBestInterfaceEx

secur32

FreeContextBuffer
AcquireCredentialsHandleW
InitializeSecurityContextW
QuerySecurityPackageInfoW
GetUserNameExW
EncryptMessage
DeleteSecurityContext
FreeCredentialsHandle
DecryptMessage

shell32

Shell_NotifyIconW
ExtractIconW
SHAppBarMessage
DragQueryFileW
SHFileOperationW

msimg32

GradientFill

wininet

InternetGetCookieW

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 400KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

34a477edf18ed62fcd70ff618d9298b1

Headers

DLL Characteristics

File Characteristics

Imports

esent

credui

urlmon

kernel32

cryptui

winmm

crypt32

user32

wtsapi32

ws2_32

setupapi

rpcrt4

iphlpapi

secur32

shell32

msimg32

wininet

Sections

.text Size: 1KB - Virtual size: 1KB

.rdata Size: 13KB - Virtual size: 12KB

.reloc Size: 512B - Virtual size: 28B

.rsrc Size: 22KB - Virtual size: 21KB

.idata Size: 4KB - Virtual size: 4KB

.data Size: 400KB - Virtual size: 1.8MB

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 13KB - Virtual size: 12KB

.reloc
Size: 512B - Virtual size: 28B

.rsrc
Size: 22KB - Virtual size: 21KB

.idata
Size: 4KB - Virtual size: 4KB

.data
Size: 400KB - Virtual size: 1.8MB