2ecb243fc9d8621331659b2e623930642d6eb0fed5e88b50fff46f1b82a06e9e

Sharing

Copy URL Twitter E-mail

General

Target

2ecb243fc9d8621331659b2e623930642d6eb0fed5e88b50fff46f1b82a06e9e
Size

308KB
MD5

6f4b6edc8106ce1d097ea3a03660cf1d
SHA1

ff8f31f0586c63ce7c9ff19e4bbcd311720d2c8a
SHA256

2ecb243fc9d8621331659b2e623930642d6eb0fed5e88b50fff46f1b82a06e9e
SHA512

216c9e8a4bbfcfca3cc20953ec502b6af70dae9c1bb23fc04734cae255b396e7ddfb305595f6d7a17f0bac05b5837e3de365225678d3c9c2508973132e487315
SSDEEP

6144:DYtLE3HnU/juNNqm6hfR1Ky98B3x3Axzkcmbv6koy9tUdC64wZo:/3HU/juNNwp1uBB3pmjk2ip

Score

N/A

Malware Config

Signatures

Files

2ecb243fc9d8621331659b2e623930642d6eb0fed5e88b50fff46f1b82a06e9e
.exe windows x86

c5f300b791c41a0489366d28d04fdcee

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

msvcirt

?setmode@ifstream@@QAEHH@Z
??0istream@@QAE@PAVstreambuf@@@Z
?ipfx@istream@@QAEHH@Z
??5istream@@QAEAAV0@AAD@Z
??_7istream@@6B@
??6ostream@@QAEAAV0@P6AAAV0@AAV0@@Z@Z
?lockbuf@ios@@QAAXXZ
??0strstreambuf@@QAE@XZ
??1strstream@@UAE@XZ
?stdiofile@stdiobuf@@QAEPAU_iobuf@@XZ
??_7stdiostream@@6B@
?getline@istream@@QAEAAV1@PACHD@Z
?adjustfield@ios@@2JB
?get@istream@@QAEAAV1@AAE@Z
?delbuf@ios@@QBEHXZ
??5istream@@QAEAAV0@AAJ@Z
?dbp@streambuf@@QAEXXZ
??_Estrstreambuf@@UAEPAXI@Z
?basefield@ios@@2JB
?seekp@ostream@@QAEAAV1@JW4seek_dir@ios@@@Z
??6ostream@@QAEAAV0@PBD@Z
?is_open@fstream@@QBEHXZ
?unlock@streambuf@@QAEXXZ

crypt32

CryptRegisterDefaultOIDFunction
I_CryptAddRefLruEntry
CryptGetKeyIdentifierProperty
CertCreateCertificateContext
CertCompareIntegerBlob
CertGetCRLFromStore
I_CryptInstallOssGlobal
CreateFileU
CertRDNValueToStrW
I_CryptGetAsn1Encoder
CryptHashToBeSigned
CryptRegisterOIDFunction
CryptUnregisterOIDInfo
I_CryptFreeTls
CertFindRDNAttr
I_CertSyncStore
I_CryptInstallAsn1Module
CryptInstallOIDFunctionAddress
CryptSIPPutSignedDataMsg
CertAddEncodedCertificateToSystemStoreA

kernel32

GetWriteWatch
TerminateThread
GetUserDefaultLangID
MultiByteToWideChar
VirtualAlloc
Thread32Next
CreateWaitableTimerW
AreFileApisANSI
GetThreadSelectorEntry
FlushInstructionCache
FindActCtxSectionGuid
SetConsoleKeyShortcuts
LCMapStringA
QueryPerformanceCounter
SetConsoleTitleA
SetComputerNameW
CreateHardLinkA
ExpandEnvironmentStringsW
CreateMailslotA
MapUserPhysicalPages
GetConsoleFontInfo
GetModuleHandleA
GetConsoleNlsMode
ReadFileScatter
HeapDestroy
TryEnterCriticalSection
FreeLibrary
EnumDateFormatsExW
GetConsoleAliasExesLengthW
GlobalGetAtomNameA
LoadLibraryA
GetFirmwareEnvironmentVariableA
EnumResourceTypesW

msdart

?_ReadLockSpin@CReaderWriterLock@@AAEXXZ
?_H1@CLKRLinearHashTable@@CGKKK@Z
?sm_llGlobalList@CLKRHashTable@@0VCLockedDoubleList@@A
?SetSpinCount@CReaderWriterLock3@@QAE_NG@Z
?IsWinNt4orLater@CMdVersionInfo@@SAHXZ
?SetDefaultSpinAdjustmentFactor@CSpinLock@@SGXN@Z
??4CSingleList@@QAEAAV0@ABV0@@Z
?_CmpExch@CReaderWriterLock3@@AAE_NJJ@Z
?IsReadLocked@CCritSec@@QBE_NXZ
?sm_pfnTryEnterCriticalSection@CCriticalSection@@0P6GHPAU_RTL_CRITICAL_SECTION@@@ZA
?BucketSize@CLKRHashTableStats@@SGJJ@Z
?IsWriteUnlocked@CSmallSpinLock@@QBE_NXZ
?IsReadUnlocked@CCritSec@@QBE_NXZ
?_TryLock@CSpinLock@@AAE_NXZ
?TryWriteLock@CFakeLock@@QAE_NXZ
?SetSpinCount@CReaderWriterLock2@@QAE_NG@Z
?IsReadUnlocked@CReaderWriterLock3@@QBE_NXZ
?TryReadLock@CReaderWriterLock2@@QAE_NXZ
?_CalcKeyHash@CLKRLinearHashTable@@ABEKK@Z
??4CSpinLock@@QAEAAV0@ABV0@@Z
?TryReadLock@CReaderWriterLock@@QAE_NXZ
?IsWin98@CMdVersionInfo@@SAHXZ
UMSEnterCSWraper
?ApplyIf@CLKRHashTable@@QAEKP6G?AW4LK_PREDICATE@@PBXPAX@ZP6G?AW4LK_ACTION@@01@Z1W4LK_LOCKTYPE@@@Z
?ReadUnlock@CLKRLinearHashTable@@QBEXXZ
?ConvertSharedToExclusive@CFakeLock@@QAEXXZ
?_PredTrue@CLKRLinearHashTable@@CG?AW4LK_PREDICATE@@PBXPAX@Z
?IsLocked@CLockedDoubleList@@QBE_NXZ
?IsReadUnlocked@CFakeLock@@QBE_NXZ

ntdll

RtlAnsiCharToUnicodeChar
RtlLargeIntegerSubtract
ZwLoadKey2
NtSetHighWaitLowEventPair
NtAccessCheckByType
NtFlushKey
NtQueryInformationProcess
NtWaitForSingleObject
ZwResumeProcess
NtTraceEvent
ZwQueryBootOptions
DbgUiIssueRemoteBreakin
RtlGetCurrentDirectory_U
NtCurrentTeb
RtlUnlockBootStatusData
RtlAreAnyAccessesGranted
RtlCreateAtomTable
NtWriteRequestData
RtlTimeToTimeFields
NtSetSystemEnvironmentValue
ZwDebugActiveProcess
NtListenPort
ZwReplyWaitReceivePortEx
ZwAlertThread
RtlGetLengthWithoutTrailingPathSeperators
ZwFlushKey

rpcrt4

RpcBindingSetAuthInfoExW
RpcSsSetClientAllocFree
RpcSsGetThreadHandle
NdrFixedArrayMemorySize
I_RpcSsDontSerializeContext
NdrNonEncapsulatedUnionFree
NdrStubForwardingFunction
MesBufferHandleReset
NdrMesSimpleTypeEncode
NdrXmitOrRepAsMarshall
tree_peek_ndr
UuidToStringW
RpcGetAuthorizationContextForClient
NdrSimpleStructFree
NdrComplexArrayMemorySize
long_from_ndr_temp
NdrSimpleStructBufferSize
NdrConformantArrayMemorySize
NdrSimpleStructMemorySize
RpcImpersonateClient
I_RpcBindingHandleToAsyncHandle

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 180KB - Virtual size: 554KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c5f300b791c41a0489366d28d04fdcee

Headers

File Characteristics

Imports

msvcirt

crypt32

kernel32

msdart

ntdll

rpcrt4

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 116KB - Virtual size: 116KB

.data Size: 180KB - Virtual size: 554KB

.tls Size: 512B - Virtual size: 4B

.rsrc Size: 5KB - Virtual size: 5KB

.reloc Size: 512B - Virtual size: 240B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 116KB - Virtual size: 116KB

.data
Size: 180KB - Virtual size: 554KB

.tls
Size: 512B - Virtual size: 4B

.rsrc
Size: 5KB - Virtual size: 5KB

.reloc
Size: 512B - Virtual size: 240B