8e8944bc1d5420d0ae7eb500eb93d96bb1b72166ca51798c5895a4ddb69ec7c6

Sharing

Copy URL Twitter E-mail

General

Target

8e8944bc1d5420d0ae7eb500eb93d96bb1b72166ca51798c5895a4ddb69ec7c6
Size

777KB
MD5

70a86741573dd1d84cff4847cc7f2e98
SHA1

f4eac665d29be3813bd8560017e076e98f336cc7
SHA256

8e8944bc1d5420d0ae7eb500eb93d96bb1b72166ca51798c5895a4ddb69ec7c6
SHA512

041a2328113810da415bda166f04cc4bb4f8fb0fbfdaed3a822fce52c14aac5abf79fba4ef12e65f1dfc82882801f0e5e9ad2e5548a13e4e9bba473a77a4a2b4
SSDEEP

12288:5dtnR6/pMPgfTlWjECTuoBjRDV7WYbf/MUgvFDi3olzmVn0AbGN82aymH:5dxRqLcjJuoBjlMYj0Nwy9N82GH

Score

N/A

Malware Config

Signatures

Files

8e8944bc1d5420d0ae7eb500eb93d96bb1b72166ca51798c5895a4ddb69ec7c6
.exe windows x86

498219ae341dfc8e87973711990b49a6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

ClearCommBreak
MapViewOfFile
ReadConsoleOutputA
QueueUserWorkItem
IsValidLocale
LocalLock
InitializeCriticalSectionAndSpinCount
WaitForSingleObjectEx
SetErrorMode
RegisterWaitForInputIdle
SetupComm
GlobalAddAtomW
VirtualAlloc
QueryInformationJobObject
CreateThread
LCMapStringA
EnumResourceTypesW
ExitProcess
Module32First
GetExitCodeThread
GetProcAddress
SetConsoleMaximumWindowSize
WritePrivateProfileStringW
EnumResourceNamesW
HeapFree

rtutils

TraceDumpExA
RouterLogRegisterA
TraceRegisterExA
TracePrintfExA
RouterLogDeregisterA
RouterLogDeregisterW
RouterLogEventDataA
TracePrintfA
LogErrorA
MprSetupProtocolFree
RouterLogEventW
RouterLogEventStringA
TraceDeregisterW
RouterLogEventExA
TraceDeregisterA
RouterLogEventA
MprSetupProtocolEnum
TraceRegisterExW
TraceDeregisterExA
RouterLogEventStringW
TracePrintfExW
RouterLogEventExW
TracePutsExA
RouterLogRegisterW
LogEventW
TracePrintfW
TraceVprintfExA
LogEventA

ole32

OleSetClipboard
OleGetIconOfClass
CoUnmarshalInterface
HDC_UserFree
CoInitializeEx
StgIsStorageILockBytes
CoReleaseServerProcess
MkParseDisplayName
CoTaskMemRealloc
CoCreateFreeThreadedMarshaler
WriteFmtUserTypeStg
OleConvertIStorageToOLESTREAM
OleLoadFromStream
CLSIDFromString
OleCreateMenuDescriptor
CoMarshalInterThreadInterfaceInStream
CreateDataAdviseHolder
ReadClassStm

rpcrt4

NdrMesTypeAlignSize2
UuidCreateSequential
NdrDllRegisterProxy
CStdStubBuffer_DebugServerQueryInterface
UuidCreate
RpcBindingVectorFree
RpcCertGeneratePrincipalNameW
I_RpcGetBufferWithObject
RpcBindingServerFromClient
MesEncodeIncrementalHandleCreate
RpcBindingSetAuthInfoA
RpcMgmtInqStats
NdrStubForwardingFunction
IUnknown_AddRef_Proxy
RpcRevertToSelfEx
I_RpcAsyncAbortCall
NdrGetUserMarshalInfo
RpcAsyncGetCallStatus
RpcMgmtInqServerPrincNameW
RpcSsGetContextBinding
NdrCStdStubBuffer2_Release
RpcBindingSetAuthInfoExA
RpcUserFree

wintrust

WintrustRemoveActionID
WinVerifyTrustEx
WTHelperProvDataFromStateData
WinVerifyTrust
CryptCATGetAttrInfo
CryptCATGetMemberInfo
CryptCATCatalogInfoFromContext
IsCatalogFile
CryptCATAdminReleaseCatalogContext
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminAddCatalog
CryptCATAdminEnumCatalogFromHash
WTHelperGetProvCertFromChain
CryptCATAdminAcquireContext
CryptCATOpen
WTHelperGetFileHash
CryptCATGetCatAttrInfo
WintrustLoadFunctionPointers
CryptCATEnumerateCatAttr
CryptCATClose
CryptCATEnumerateAttr
CryptCATEnumerateMember
CryptCATAdminReleaseContext
WintrustAddActionID
WTHelperGetProvSignerFromChain

crypt32

RegOpenKeyExU

msvcrt

_CItan
__RTtypeid
_makepath
_onexit
_mbslwr
_winminor
fclose
rand
_exit
fmod
_cexit
_mbsnbcnt
??0exception@@QAE@ABQBD@Z
isdigit
_getcwd
_itoa
_findfirst

advapi32

CryptSignHashW
LookupPrivilegeNameW
RegisterTraceGuidsW
LsaCreateSecret
RegisterTraceGuidsA
CryptSetKeyParam
RevertToSelf
RegOpenKeyA
ReportEventW
AddAuditAccessAceEx
RegCreateKeyExA
GetLengthSid
SetPrivateObjectSecurity
ChangeServiceConfig2W
RegDeleteValueA
QueryServiceStatusEx
LsaLookupNames
GetKernelObjectSecurity
InitializeSecurityDescriptor
RegisterEventSourceW
RegisterEventSourceA
CheckTokenMembership
CryptEnumProvidersW
TreeResetNamedSecurityInfoW
EncryptFileW
LookupAccountNameA
MakeSelfRelativeSD
CloseTrace
OpenTraceW
SetEntriesInAclW
WmiQueryAllDataW
RegQueryValueExW

Sections

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 464B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 36KB - Virtual size: 292KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 174KB - Virtual size: 323KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 239KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 229KB - Virtual size: 311KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

498219ae341dfc8e87973711990b49a6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

rtutils

ole32

rpcrt4

wintrust

crypt32

msvcrt

advapi32

Sections

.data Size: 2KB - Virtual size: 1KB

.rdata Size: 512B - Virtual size: 464B

.idata Size: 1KB - Virtual size: 1KB

.text Size: 36KB - Virtual size: 292KB

.rdata Size: 174KB - Virtual size: 323KB

INIT Size: 239KB - Virtual size: 264KB

INIT Size: 229KB - Virtual size: 311KB

.rsrc Size: 92KB - Virtual size: 92KB

.reloc Size: 512B - Virtual size: 320B

.data
Size: 2KB - Virtual size: 1KB

.rdata
Size: 512B - Virtual size: 464B

.idata
Size: 1KB - Virtual size: 1KB

.text
Size: 36KB - Virtual size: 292KB

.rdata
Size: 174KB - Virtual size: 323KB

INIT
Size: 239KB - Virtual size: 264KB

INIT
Size: 229KB - Virtual size: 311KB

.rsrc
Size: 92KB - Virtual size: 92KB

.reloc
Size: 512B - Virtual size: 320B