ba39aef81129837800a06e4f18d4f486daf47a5bbda10b780c05fcc0007844bf

Sharing

Copy URL Twitter E-mail

General

Target

ba39aef81129837800a06e4f18d4f486daf47a5bbda10b780c05fcc0007844bf
Size

844KB
MD5

64f824534b24ba6dfb371e5188ab8e10
SHA1

a9e9456c7a9745610642f99978d83a000776886d
SHA256

ba39aef81129837800a06e4f18d4f486daf47a5bbda10b780c05fcc0007844bf
SHA512

3f345da621e3e5483563b73fed18032fcfe6aab62c76b25800563353ae9d6b6cd1c90125f35bd7adf5ecdfddd49a80c5f7e1704b1bf4c8514dd99877cae5ebc0
SSDEEP

24576:UC4E6EhWE6EhyW6Jrbj6ZQ2iByMZzshdF1qT:UCg0O0z6Jrbj6ZQcMZzmdFYT

Score

N/A

Malware Config

Signatures

Files

ba39aef81129837800a06e4f18d4f486daf47a5bbda10b780c05fcc0007844bf
.exe windows x64

9ecf0042285d950dedc3f0d725a3d42c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegCreateKeyExW
RegDeleteValueW
AllocateAndInitializeSid
FreeSid
CheckTokenMembership
RegCloseKey
RegSetValueExW
RegCreateKeyW
RegSetValueExA
RegQueryValueExA
RegQueryValueExW
RegDeleteKeyW
RegCreateKeyA
RegOpenKeyExA
RegEnumValueW
RegOpenKeyExW
CopySid
EqualSid
InitializeSecurityDescriptor
ConvertStringSidToSidW
SetSecurityDescriptorDacl
SetEntriesInAclW
CreateWellKnownSid
GetTraceEnableFlags
GetTraceLoggerHandle
TraceEvent
UnregisterTraceGuids
GetTraceEnableLevel
RegisterTraceGuidsW
GetTokenInformation
GetSidSubAuthority
GetSidSubAuthorityCount
GetKernelObjectSecurity
GetAce
InitializeAcl
SetSecurityInfo
IsValidSid
GetSecurityDescriptorSacl
GetLengthSid
RegOverridePredefKey
RegOpenCurrentUser
OpenProcessToken

kernel32

GetExitCodeThread
lstrcmpiW
DeleteCriticalSection
DuplicateHandle
CloseHandle
DeleteFileW
DeleteFileA
CreateThread
lstrcmpA
CreateDirectoryExA
WideCharToMultiByte
CopyFileW
GetFileAttributesA
MultiByteToWideChar
SetFileAttributesA
RemoveDirectoryA
FindClose
LocalAlloc
FindNextFileA
GetTempPathA
LeaveCriticalSection
SetEvent
CreateEventW
HeapSetInformation
GetVersionExA
OpenEventW
HeapAlloc
HeapFree
WaitForSingleObject
GetModuleHandleW
EnterCriticalSection
GetProcAddress
lstrcmpiA
lstrlenW
CreateFileW
FindFirstFileA
GetFileAttributesW
GetModuleFileNameW
DeactivateActCtx
ActivateActCtx
ReleaseActCtx
CreateActCtxW
SetLastError
SuspendThread
GetThreadContext
SetThreadContext
ResumeThread
VirtualAlloc
FlushInstructionCache
VirtualProtect
VirtualQuery
GetCurrentThread
UnhandledExceptionFilter
GetProcessHeap
GetLastError
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetStartupInfoW
Sleep
LoadLibraryW
OpenProcess
InitializeCriticalSection
GetCurrentProcess
LoadLibraryExW
SetProcessShutdownParameters
lstrlenA
FreeLibrary
CreateProcessW
LocalFree

user32

LoadStringW
CharNextW
PostQuitMessage
GetSystemMetrics

msvcrt

iswalpha
_vsnprintf
_wcsnicmp
wcstok
__wgetmainargs
__C_specific_handler
_XcptFilter
_exit
_cexit
exit
_wcmdln
_initterm
_amsg_exit
memset
memcpy
?terminate@@YAXXZ
wcsrchr
wcschr
__setusermatherr
_commode
_fmode
__set_app_type
_unlock
__dllonexit
_lock
_onexit
_vsnwprintf

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

psapi

GetModuleBaseNameW

ole32

CoTaskMemAlloc
CoRegisterClassObject
CoCreateInstance
CoUninitialize
CoInitialize
CoInitializeEx
CoInitializeSecurity
StringFromGUID2
CoGetCallContext
CoRevertToSelf
CoImpersonateClient
CoTaskMemFree
CoRevokeClassObject

oleaut32

RegisterTypeLi
UnRegisterTypeLi
RegisterTypeLibForUser
SysFreeString
SysStringLen
SysAllocString
UnRegisterTypeLibForUser

rpcrt4

UuidToStringW
RpcStringFreeW
UuidCreate

urlmon

CompatFlagsFromClsid
CoInternetSetFeatureEnabled
CoInternetCreateSecurityManager
Extract
ord107

wintrust

CryptCATAdminAcquireContext
CryptCATAdminAddCatalog
CryptCATAdminReleaseCatalogContext
CryptCATAdminReleaseContext

iertutil

ord650
ord658
ord201
ord200

Sections

.text
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 194KB - Virtual size: 194KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 580KB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9ecf0042285d950dedc3f0d725a3d42c

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

msvcrt

ntdll

psapi

ole32

oleaut32

rpcrt4

urlmon

wintrust

iertutil

Sections

.text Size: 65KB - Virtual size: 64KB

.data Size: 1KB - Virtual size: 3KB

.pdata Size: 2KB - Virtual size: 2KB

.rsrc Size: 194KB - Virtual size: 194KB

.reloc Size: 580KB - Virtual size: 1.9MB

.text
Size: 65KB - Virtual size: 64KB

.data
Size: 1KB - Virtual size: 3KB

.pdata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 194KB - Virtual size: 194KB

.reloc
Size: 580KB - Virtual size: 1.9MB