da92e4fdb4cc712c501acfa72ed472beb00e5fa33ebc8e8dea4eefd668f079e0

Sharing

Copy URL

Twitter E-mail

General

Target

da92e4fdb4cc712c501acfa72ed472beb00e5fa33ebc8e8dea4eefd668f079e0
Size

860KB
MD5

f46db665f4e40c8b524327a595a5e3b8
SHA1

8af5a259e2d5097c23ef03da711c319b984b9111
SHA256

da92e4fdb4cc712c501acfa72ed472beb00e5fa33ebc8e8dea4eefd668f079e0
SHA512

18de34683016f9802e17e8fa3db6ef04398963ebe472707074843a2d54487287f7b8d6e2917e937bed58d9b05ba626cb956ff8aff9625a46cc7c708554545e70
SSDEEP

24576:JlXAO/ZyK7uFaxzE9GfekuXRuKUaYHlmSfPTYbp/K:DXH/ZyK7Aide3R/U5Hl/LYt/

Score

N/A

Malware Config

Signatures

Files

da92e4fdb4cc712c501acfa72ed472beb00e5fa33ebc8e8dea4eefd668f079e0
.exe windows x86

d5eb97c76c39b53fedf8646f407233ab

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crtdll

remove
_acmdln_dll
_ftime
fclose
_creat
_finite
iswlower
_spawnlpe
_execlpe
_mbscspn
_ungetch
_chmod
_ismbbkana
vfwprintf
strerror
_getche
strncpy
_osmajor_dll
_timezone_dll
iscntrl
_getcwd
iswpunct
__dllonexit
_statusfp
_itoa
__argc_dll
_CIcosh
_beginthread
_wcslwr
_mbspbrk
_mbscpy
_cscanf
mbtowc
__fpecode
_hypot
_ismbcprint
_basemajor_dll
memchr

kernel32

GetConsoleKeyboardLayoutNameA
FindVolumeMountPointClose
BuildCommDCBW
ReadConsoleW
CommConfigDialogA
OpenSemaphoreA
GlobalFindAtomA
GetStringTypeExW
SetProcessPriorityBoost
GetSystemTimeAsFileTime
CreateFiber
SetConsoleCP
AttachConsole
HeapWalk
GlobalSize
GetConsoleInputExeNameA
GetLogicalDrives
AllocConsole
LZDone
SetConsoleMenuClose
SetProcessShutdownParameters
IsBadHugeWritePtr
BaseUpdateAppcompatCache
ReplaceFile
LocalReAlloc
FileTimeToLocalFileTime
Beep
GetUserDefaultLCID
VirtualAlloc
IsWow64Process
FormatMessageW
InitializeCriticalSection
EnumLanguageGroupLocalesA
OpenMutexA
LoadLibraryA
GetStartupInfoA
GetStdHandle
EnumCalendarInfoA

ntdll

NtFilterToken
RtlGenerate8dot3Name
isalnum
ZwSetEaFile
NtQuerySystemEnvironmentValueEx
NtAccessCheck
ZwOpenKeyedEvent
RtlGetSecurityDescriptorRMControl
RtlAddressInSectionTable
RtlUnlockHeap
DbgQueryDebugFilterState
_ultow
RtlInt64ToUnicodeString
RtlCheckRegistryKey
ZwLockFile
NtUnlockVirtualMemory
RtlDeactivateActivationContextUnsafeFast
NtCreateKeyedEvent
_ftol
ZwSaveMergedKeys
RtlGetControlSecurityDescriptor
ZwReadFileScatter
NtImpersonateAnonymousToken
RtlEqualUnicodeString
RtlTraceDatabaseDestroy
NtAllocateUuids
ZwQueryBootOptions
ZwQueryInformationToken
ZwReplyPort
ZwAlertResumeThread
RtlLengthRequiredSid
ZwSetHighEventPair
ZwQueryInformationFile
LdrUnlockLoaderLock
NtCreateWaitablePort
ZwIsSystemResumeAutomatic
ZwContinue
RtlGetElementGenericTableAvl
NtAcceptConnectPort
NtExtendSection
ZwQueryVolumeInformationFile
NtAllocateUserPhysicalPages
RtlRegisterSecureMemoryCacheCallback

cfgmgr32

CM_Get_HW_Prof_Flags_ExW
CM_Set_Class_Registry_PropertyW
CM_Get_Class_NameW
CM_Get_Parent_Ex
CM_Get_HW_Prof_Flags_ExA
CM_Free_Log_Conf_Handle
CM_Free_Res_Des_Ex
CM_Setup_DevNode
CM_Free_Res_Des
CM_Query_Resource_Conflict_List
CMP_WaitNoPendingInstallEvents
CM_Get_Res_Des_Data_Size
CM_Get_Device_Interface_List_SizeW
CM_Set_HW_Prof_Flags_ExA
CM_Get_Device_ID_List_ExW
CM_Register_Device_Interface_ExA
CM_Locate_DevNode_ExA
CM_Get_DevNode_Registry_Property_ExA
CM_Intersect_Range_List
CMP_WaitServicesAvailable
CM_Merge_Range_List
CM_Test_Range_Available
CM_Uninstall_DevNode
CM_Get_Sibling
CM_Get_Next_Log_Conf_Ex
CM_Query_And_Remove_SubTreeW
CM_Get_Device_ID_ListW
CM_Get_HW_Prof_FlagsA
CM_Get_Device_Interface_ListW
CM_Get_Device_Interface_Alias_ExW

wintrust

WinVerifyTrust
CryptCATEnumerateAttr
CryptCATPutCatAttrInfo
WintrustGetDefaultForUsage
SoftpubLoadMessage
WintrustRemoveActionID
CatalogCompactHashDatabase
CryptCATCDFClose
WVTAsn1SpcStatementTypeEncode
CryptCATCDFEnumAttributes
CryptCATCDFOpen
CryptCATAdminCalcHashFromFileHandle
CryptSIPPutSignedDataMsg
CryptCATPersistStore
WTHelperGetFileHash
WVTAsn1SpcStatementTypeDecode
CryptSIPCreateIndirectData
CryptCATAdminRemoveCatalog
SoftpubAuthenticode
CryptSIPGetRegWorkingFlags
SoftpubDumpStructure
IsCatalogFile
TrustDecode
SoftpubDllRegisterServer
WVTAsn1SpcFinancialCriteriaInfoEncode
CryptCATAdminPauseServiceForBackup
WVTAsn1SpcPeImageDataDecode
CryptCATCDFEnumAttributesWithCDFTag
mssip32DllRegisterServer
OpenPersonalTrustDBDialogEx
DriverFinalPolicy
mscat32DllRegisterServer
HTTPSCertificateTrust
CryptCATAdminEnumCatalogFromHash
WTHelperGetFileHandle

Sections

.text
Size: 366KB - Virtual size: 366KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 350KB - Virtual size: 350KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 140KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d5eb97c76c39b53fedf8646f407233ab

Headers

DLL Characteristics

File Characteristics

Imports

crtdll

kernel32

ntdll

cfgmgr32

wintrust

Sections

.text Size: 366KB - Virtual size: 366KB

.rdata Size: 350KB - Virtual size: 350KB

.data Size: 140KB - Virtual size: 1.6MB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 366KB - Virtual size: 366KB

.rdata
Size: 350KB - Virtual size: 350KB

.data
Size: 140KB - Virtual size: 1.6MB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1KB - Virtual size: 1KB