8f4cae96ef21c80f5b5371d02a11875a55934b32b6d7a8927c2bc6f41719418c

Sharing

Copy URL

Twitter E-mail

General

Target

8f4cae96ef21c80f5b5371d02a11875a55934b32b6d7a8927c2bc6f41719418c
Size

154KB
MD5

d113a6631a1d494c2208296c9944729c
SHA1

66dd0f3337fbd2ded09dcfb800f8a35212fea24d
SHA256

8f4cae96ef21c80f5b5371d02a11875a55934b32b6d7a8927c2bc6f41719418c
SHA512

2b17d29ba83c1c049385fad638c1e650d1243af68a9ac4af85d21aee2caf7eff6c67482d8c87b9f9ce9a2c49104a9613aa665be99a09ff82fe08b30dd89a1a66
SSDEEP

3072:e2fGP+dobn+M/X/kUfHj4Ze7zV/AapUJy7MFen4YITpfqgPVBfUDi+kY4Mx0q:1qNDfDfHr/AapUJbojITZqwUWXMyq

Score

N/A

Malware Config

Signatures

Files

8f4cae96ef21c80f5b5371d02a11875a55934b32b6d7a8927c2bc6f41719418c
.exe windows x86

85b93317f51e5aace739938b5ff80309

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CryptSIPLoad
CryptSIPRetrieveSubjectGuid

mscms

GetColorDirectoryW

verifier

VerifierSetFlags

kernel32

EnterCriticalSection
DeleteFileW
GlobalAlloc
GetPrivateProfileSectionNamesW
CompareFileTime
GetLastError
lstrcpynA
GetCurrentThreadId
Sleep
VirtualAlloc
WideCharToMultiByte
lstrlenA
MultiByteToWideChar
GetPrivateProfileStructW
QueryPerformanceCounter
lstrcmpiW
SetCurrentDirectoryW
FreeLibrary
SetFilePointer
GetFileTime
CreateThread
GetExitCodeProcess
GetSystemWindowsDirectoryW
lstrcmpiA
GetCurrentThread
WriteFile
CloseHandle
lstrcmpW
WritePrivateProfileStringW
InitializeCriticalSection
CopyFileW
GetProcAddress
GetComputerNameW
FindNextFileW
SetLastError
GetSystemTimeAsFileTime
UnhandledExceptionFilter
GetFileSize
GetSystemTime
LeaveCriticalSection
TerminateProcess
GetTickCount
GetPrivateProfileSectionW
lstrlenW
CreateEventW
SetEvent
GetCurrentProcess
GetSystemDirectoryW
HeapDestroy
CreateProcessW
FindFirstFileW
DeleteCriticalSection
GetPrivateProfileStringW
LocalAlloc
WritePrivateProfileSectionW
LoadLibraryW
WritePrivateProfileStructW
ExitThread
GetCurrentDirectoryW
GlobalFree
DisableThreadLibraryCalls
SetFileAttributesW
HeapCreate
MoveFileExW
CreateFileW
WaitForSingleObject
SetUnhandledExceptionFilter
LocalFree
CreateDirectoryW
ReadFile
GetCurrentProcessId

clusapi

GetNodeClusterState

ntdll

NtClose
NtSetInformationThread
NtOpenThreadToken

user32

LoadStringW
CharUpperW

ole32

CoCreateInstance

advapi32

RegCloseKey
OpenThreadToken
SetThreadToken
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW

version

GetFileVersionInfoA
VerQueryValueA

setupapi

SetupScanFileQueueW
SetupInstallFilesFromInfSectionW
SetupGetIntField
SetupOpenFileQueue
SetupGetStringFieldW
SetupCloseInfFile
SetupGetLineCountW
SetupGetInfInformationW
SetupGetLineByIndexW
SetupFindNextMatchLineW
SetupSetPlatformPathOverrideW
SetupGetMultiSzFieldW
SetupQueryInfFileInformationW
SetupSetDirectoryIdW
SetupOpenInfFileW
SetupQueryInfOriginalFileInformationW
SetupCloseFileQueue
SetupDiGetActualSectionToInstallW
SetupFindFirstLineW

wintrust

CryptCATCatalogInfoFromContext
CryptCATAdminAcquireContext
CryptCATAdminReleaseContext
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminEnumCatalogFromHash

Sections

.text
Size: 512B - Virtual size: 392B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 736KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

85b93317f51e5aace739938b5ff80309

Headers

DLL Characteristics

File Characteristics

Imports

crypt32

mscms

verifier

kernel32

clusapi

ntdll

user32

ole32

advapi32

version

setupapi

wintrust

Sections

.text Size: 512B - Virtual size: 392B

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 3KB - Virtual size: 736KB

.reloc Size: 512B - Virtual size: 28B

.idata Size: 4KB - Virtual size: 3KB

.rsrc Size: 140KB - Virtual size: 139KB

.text
Size: 512B - Virtual size: 392B

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 736KB

.reloc
Size: 512B - Virtual size: 28B

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 140KB - Virtual size: 139KB