b47897979b96b4f219aaa45c614b585b9a83b33c3c95c3aaf5593ef372e48f10

Sharing

Copy URL Twitter E-mail

General

Target

b47897979b96b4f219aaa45c614b585b9a83b33c3c95c3aaf5593ef372e48f10
Size

71KB
MD5

75ced8a50daea6a1dc714707bb0c6dc0
SHA1

052d32a60f26baf0e89292d22efce72e8572e79c
SHA256

b47897979b96b4f219aaa45c614b585b9a83b33c3c95c3aaf5593ef372e48f10
SHA512

ac135d855019230c9503e94f323c5a8a814309867db753be6545730bc6b07228a946e8a613066f16709de8634662a9285bdc10133e0a9401738b5734dbc65c9f
SSDEEP

1536:QbHOcPIE3Iff3pRVQW/Bxa6LIT4Ki+o4I1peNK8gv:s5ApfQW/Bxa6LGhi+o4IwK8gv

Score

N/A

Malware Config

Signatures

Files

b47897979b96b4f219aaa45c614b585b9a83b33c3c95c3aaf5593ef372e48f10
.exe windows x86

9e3671c53682c2b078ee19b6ac78ed51

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

certcli

CAEnumCertTypesForCA
CAEnumFirstCA
CAUpdateCA
CAFreeCertTypeProperty
CACloseCertType
CAAccessCheck
CAGetCAFlags
CAGetCertTypeExtensionsEx
CAGetDN
CAGetCertTypeKeySpec
CASetCertTypePropertyEx
CAOIDGetProperty
CACreateNewCA
CASetCASecurity
CAFindCertTypeByName
CAEnumNextCertType
CAEnumCertTypesForCAEx
CADeleteCA
CADeleteCertType
CAGetCASecurity
CACertTypeGetSecurity
CACertTypeSetSecurity
CAGetCACertificate
CACertTypeQuery
CAOIDDelete
CAGetCertTypeFlags
CAFindByName
CASetCAExpiration
GetProxyDllInfo

kernel32

GetEnvironmentStrings
GetConsoleCursorInfo
CreateMailslotA
GetACP
EndUpdateResourceA
AddVectoredExceptionHandler
GetNumaHighestNodeNumber
VirtualAlloc
SetCurrentDirectoryW
CreateMailslotW
IsDBCSLeadByteEx
LocalAlloc
IsValidLanguageGroup
GetPrivateProfileIntW
DeleteCriticalSection
GetThreadTimes
OpenWaitableTimerA
RestoreLastError
LoadLibraryA
FindResourceW
GetConsoleOutputCP
FreeLibraryAndExitThread
GetUserDefaultUILanguage
Module32FirstW
GetDefaultCommConfigW
GetProcessId
ReadConsoleA
MapViewOfFileEx
GetCurrentConsoleFont
GetCurrentThread
QueueUserAPC
lstrcatW
LocalUnlock

advapi32

CloseEncryptedFileRaw
EncryptedFileKeyInfo
GetMultipleTrusteeW
SetSecurityDescriptorRMControl
RevertToSelf
CommandLineFromMsiDescriptor
SystemFunction004
GetNamedSecurityInfoExW
RegOpenKeyExA
GetNamedSecurityInfoA
CredUnmarshalCredentialW
QueryServiceStatusEx
SetFileSecurityA
BuildTrusteeWithNameA
SetPrivateObjectSecurityEx
CryptGetProvParam
CryptDestroyKey
QueryRecoveryAgentsOnEncryptedFile
GetEffectiveRightsFromAclW
EnumDependentServicesW
SystemFunction015
AddAccessDeniedAceEx
RemoveTraceCallback
FlushTraceW
WmiSetSingleInstanceA
GetExplicitEntriesFromAclA
ReportEventW
PrivilegedServiceAuditAlarmA
LsaCreateAccount

msvcirt

??0stdiobuf@@QAE@PAU_iobuf@@@Z
??0fstream@@QAE@H@Z
?read@istream@@QAEAAV1@PADH@Z
?x_curindex@ios@@0HA
?open@ifstream@@QAEXPBDHH@Z
??_8iostream@@7Bistream@@@
??0ifstream@@QAE@ABV0@@Z
??0istream@@IAE@ABV0@@Z
?underflow@filebuf@@UAEHXZ
??_Eios@@UAEPAXI@Z
??0Iostream_init@@QAE@AAVios@@H@Z
??_7fstream@@6B@
?xsputn@streambuf@@UAEHPBDH@Z
??4ostream_withassign@@QAEAAV0@ABV0@@Z
?lockc@ios@@KAXXZ
??_Eostream@@UAEPAXI@Z
?eof@ios@@QBEHXZ
?sh_read@filebuf@@2HB
??0ostrstream@@QAE@XZ
??_Dostream_withassign@@QAEXXZ
??6ostream@@QAEAAV0@PBE@Z
??4ostream@@IAEAAV0@PAVstreambuf@@@Z
?setf@ios@@QAEJJ@Z
?rdbuf@ostrstream@@QBEPAVstrstreambuf@@XZ
??6ostream@@QAEAAV0@PBD@Z
??_Estrstreambuf@@UAEPAXI@Z
??5istream@@QAEAAV0@PAD@Z
?overflow@filebuf@@UAEHH@Z
??1ostream_withassign@@UAE@XZ
??1streambuf@@UAE@XZ
??_Gistream_withassign@@UAEPAXI@Z
??_Gostream_withassign@@UAEPAXI@Z
??_Gstdiostream@@UAEPAXI@Z
??0streambuf@@IAE@PADH@Z
??_Dostream@@QAEXXZ

msvcrt

_mbsbtype
_wsplitpath
_wasctime
_wpopen
abort
rewind
_mbsnbcat
_mbsninc
_adj_fdivr_m32i
swprintf
_wsearchenv
__lconv_init
_mbsnextc
_ultow
_mbsnbcoll
_lrotl
_strupr
_endthreadex
__CxxQueryExceptionSize
_tolower
_findnext64
swscanf
__CxxFrameHandler
_timezone
__mb_cur_max
_pwctype
_ismbbkalnum
_adjust_fdiv
_purecall
_strlwr

user32

DrawMenuBarTemp
SetForegroundWindow
HideCaret
SendDlgItemMessageA
NotifyWinEvent
GetMenuItemInfoA
DestroyCursor
EndDialog
DdeCmpStringHandles
ShowCaret
DlgDirListComboBoxW
SetCapture
DefDlgProcA
EnumPropsExW
UnionRect
MsgWaitForMultipleObjects
DefFrameProcW
GetGuiResources
DdeDisconnectList
DlgDirListComboBoxA
CallWindowProcA
PeekMessageA
RegisterRawInputDevices
BroadcastSystemMessageW
InvertRect
CopyAcceleratorTableW
CreateAcceleratorTableA
SetWindowRgn
MessageBoxW
DdeClientTransaction

shell32

SHGetMalloc

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 262B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9e3671c53682c2b078ee19b6ac78ed51

Headers

DLL Characteristics

File Characteristics

Imports

certcli

kernel32

advapi32

msvcirt

msvcrt

user32

shell32

Sections

.text Size: 33KB - Virtual size: 33KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 262B

.rsrc Size: 27KB - Virtual size: 30KB

.text
Size: 33KB - Virtual size: 33KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 262B

.rsrc
Size: 27KB - Virtual size: 30KB