be5c8a18177ab0d5af763dc2ba258817ac9cb6eb7323ebdeb34d3d39560977bd

Sharing

Copy URL Twitter E-mail

General

Target

be5c8a18177ab0d5af763dc2ba258817ac9cb6eb7323ebdeb34d3d39560977bd
Size

212KB
MD5

650afcaabe69cb18eabf92960fbf4673
SHA1

ad2e5e2e1db44dd5f336c4f870681a1a6362fdf3
SHA256

be5c8a18177ab0d5af763dc2ba258817ac9cb6eb7323ebdeb34d3d39560977bd
SHA512

26ab607648034ddc9f26d1d43a17bebbded56b29e14a1205bcda948ffc87a9db8a4cc64cc606706c79f176fc5a88aee8970837eb7c6796a3e69854986111e89e
SSDEEP

6144:6VtVMnI25ZsubXQEyV/DLM58D668DHj5:6V/Mnd5/XQnRDY8WxDHj

Score

N/A

Malware Config

Signatures

Files

be5c8a18177ab0d5af763dc2ba258817ac9cb6eb7323ebdeb34d3d39560977bd
.exe windows x86

d6d6a1bcaa6ccf170a64b9a2bd371177

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

EncryptFileW
DecryptFileW
AddUsersToEncryptedFile
RemoveUsersFromEncryptedFile
AddUsersToEncryptedFileEx
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
LookupAccountSidW
FreeEncryptedFileKeyInfo
EncryptedFileKeyInfo
QueryRecoveryAgentsOnEncryptedFile
FreeEncryptionCertificateHashList
QueryUsersOnEncryptedFile
CryptReleaseContext
CryptDestroyKey
CryptSetKeyParam
GetUserNameW
CryptGenKey
CryptAcquireContextW
CryptGetUserKey
FlushEfsCache
SetUserFileEncryptionKey
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA

kernel32

ReadConsoleW
SetConsoleMode
DeleteCriticalSection
VirtualAlloc
InitializeCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
InterlockedExchangeAdd
VirtualFree
CloseHandle
HeapFree
SetEndOfFile
SetFilePointer
HeapAlloc
GetProcessHeap
CreateFileW
DeviceIoControl
GetVolumeNameForVolumeMountPointW
VerifyVersionInfoW
VerSetConditionMask
FindClose
FindNextFileW
lstrcmpW
FindFirstFileW
GetFileAttributesW
QueryDosDeviceW
FindVolumeClose
FindNextVolumeW
GetVolumeInformationW
FindFirstVolumeW
SetErrorMode
FileTimeToSystemTime
SystemTimeToFileTime
GetSystemTime
RemoveDirectoryW
FlushFileBuffers
GetTempFileNameW
GetComputerNameW
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetDriveTypeW
GetVolumePathNameW
GetCurrentDirectoryW
SetCurrentDirectoryW
HeapSetInformation
FreeLibrary
GetModuleHandleW
LoadLibraryA
GetProcAddress
GetLastError
EnterCriticalSection
GetLocalTime
GlobalMemoryStatus
GetDiskFreeSpaceA
GetEnvironmentStringsW
GetEnvironmentStrings
lstrlenA
FreeEnvironmentStringsW
FreeEnvironmentStringsA
InterlockedCompareExchange
GetVersionExA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
Sleep
InterlockedExchange
DelayLoadFailureHook
GetFullPathNameW
SetLastError
FormatMessageW
WriteConsoleW
lstrlenW
WideCharToMultiByte
LocalAlloc
WriteFile
LocalFree
GetFileType
GetStdHandle
CreateDirectoryW
GetConsoleMode

msvcrt

_controlfp
?terminate@@YAXXZ
_except_handler4_common
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_amsg_exit
_initterm
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_putws
_wcsnicmp
memcpy
printf
memset
fgetws
towupper
_iob
malloc
free
_vsnwprintf
_wcsicmp
wcschr
_get_osfhandle
getchar

rpcrt4

UuidToStringW
UuidCreate
RpcStringFreeW

user32

MessageBoxW

crypt32

CryptEncodeObject
CertCloseStore
CertFindCertificateInStore
CertOpenStore
CryptStringToBinaryW
CertFreeCertificateContext
CryptQueryObject
CertCreateSelfSignCertificate
CertStrToNameW
PFXExportCertStoreEx
CertAddCertificateContextToStore
CertGetCertificateContextProperty

winscard

SCardListCardsW
SCardGetCardTypeProviderNameW
SCardFreeMemory

Sections

.text
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

PACK
Size: 160KB - Virtual size: 416KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d6d6a1bcaa6ccf170a64b9a2bd371177

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

rpcrt4

user32

crypt32

winscard

Sections

.text Size: 46KB - Virtual size: 45KB

.data Size: 512B - Virtual size: 10KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

PACK Size: 160KB - Virtual size: 416KB

.text
Size: 46KB - Virtual size: 45KB

.data
Size: 512B - Virtual size: 10KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB

PACK
Size: 160KB - Virtual size: 416KB