6e01c4d4271909631c4b0efc5fd8f3cabe87e6472d214a2a921b69819c24e90e

Sharing

Copy URL

Twitter E-mail

General

Target

6e01c4d4271909631c4b0efc5fd8f3cabe87e6472d214a2a921b69819c24e90e
Size

858KB
MD5

06a5a5ee2d2d5f49fd9434a2a71398f1
SHA1

4910812af84ae6a16f3228fd17e01e178f735fa3
SHA256

6e01c4d4271909631c4b0efc5fd8f3cabe87e6472d214a2a921b69819c24e90e
SHA512

a5c6315819ee1702eee00b736ee7658d86a9d85181275b6660b068d5c7f3d4e06b874a34ebd5bd74b9f5efa8c3da5677a8e6e460e78f3d1ef2408f9965beb28d
SSDEEP

24576:chZU6IGwJii9uFIt8opJdLCM4DE3a3GFQgJ2pY:SU5vEM8y5CM4Dwt+y2

Score

N/A

Malware Config

Signatures

Files

6e01c4d4271909631c4b0efc5fd8f3cabe87e6472d214a2a921b69819c24e90e
.exe windows x86

f574cce1079d23f56399c491763d715e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

wcschr
_ismbbkana
_wfindnext
_callnewh
_wsplitpath
_wcsnicmp
getwc
__getmainargs
setlocale
_mbslwr
_nextafter
__p__commode
_toupper
frexp
_spawnve
_wrmdir
_ftime
_mktemp
__p__pwctype
_itoa
exit
_mbsdec
__set_app_type
_wspawnlpe

ntdll

_strnicmp
RtlConvertUlongToLargeInteger
RtlLargeIntegerNegate
_vsnwprintf
ZwQueryInformationProcess
RtlCompareString
NtTranslateFilePath
_itow
ZwSetSystemTime
NtCreateProfile
RtlNtStatusToDosErrorNoTeb
RtlIntegerToUnicodeString
RtlValidateProcessHeaps
RtlSystemTimeToLocalTime
ZwQueryDirectoryObject
NtSetInformationKey
RtlIsNameLegalDOS8Dot3
NtCreateNamedPipeFile
RtlMakeSelfRelativeSD
ZwSetEventBoostPriority

oleaut32

OleLoadPictureEx
VarFormatFromTokens
VarBoolFromUI2
VarI2FromI1
LPSAFEARRAY_UserFree
VarI2FromUI4
VarDecMul
VarUI2FromUI1
VarCyMul

kernel32

QueryDepthSList
SetThreadPriority
SetupComm
GetSystemTimeAdjustment
LoadLibraryA
IsValidCodePage
GetStartupInfoA
FindActCtxSectionStringW
DeleteVolumeMountPointA
GetExitCodeThread
ConsoleMenuControl
LocalAlloc
GetCPInfoExW
GetTimeZoneInformation
GetCommState
IsDBCSLeadByteEx
GetSystemTimeAsFileTime
GetLastError

wintrust

WTHelperGetProvSignerFromChain
SoftpubLoadMessage
WVTAsn1SpcStatementTypeEncode
CryptCATCDFEnumMembersByCDFTagEx
WTHelperCertFindIssuerCertificate
WVTAsn1SpcLinkEncode
GenericChainFinalProv
WTHelperGetKnownUsages
WTHelperOpenKnownStores
CatalogCompactHashDatabase
TrustDecode
IsCatalogFile
WVTAsn1SpcPeImageDataEncode
WVTAsn1SpcSpOpusInfoEncode
CryptCATPutMemberInfo

user32

EndDialog

msvcirt

??6ostream@@QAEAAV0@C@Z
??0ofstream@@QAE@HPADH@Z
??5istream@@QAEAAV0@PAVstreambuf@@@Z
?get@istream@@QAEAAV1@AAVstreambuf@@D@Z
??0ofstream@@QAE@H@Z

Sections

.text
Size: 388KB - Virtual size: 387KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 137KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 165KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 138KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f574cce1079d23f56399c491763d715e

Headers

File Characteristics

Imports

msvcrt

ntdll

oleaut32

kernel32

wintrust

user32

msvcirt

Sections

.text Size: 388KB - Virtual size: 387KB

.rdata Size: 137KB - Virtual size: 136KB

.data Size: 165KB - Virtual size: 1.5MB

.rsrc Size: 138KB - Virtual size: 138KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 388KB - Virtual size: 387KB

.rdata
Size: 137KB - Virtual size: 136KB

.data
Size: 165KB - Virtual size: 1.5MB

.rsrc
Size: 138KB - Virtual size: 138KB

.reloc
Size: 1024B - Virtual size: 1024B