78f396030c0d94be63cd6e822c1dc74d118d376c74c83eaf8f0c1f0bb232473e

Sharing

Copy URL

Twitter E-mail

General

Target

78f396030c0d94be63cd6e822c1dc74d118d376c74c83eaf8f0c1f0bb232473e
Size

836KB
MD5

7d0feb36fa4b3968c558e9250cd4dee8
SHA1

cdc3b89c4a333345542dceeb1348a6dfab43c80a
SHA256

78f396030c0d94be63cd6e822c1dc74d118d376c74c83eaf8f0c1f0bb232473e
SHA512

c735e8655b1afe55543d44da137820b5a7a461e22e48f3138d779556f7efc1970fe42d02f22da11621e188cbce7eab5a293b8c3e28029cbed9d363303fc66c2c
SSDEEP

24576:ZVyVdd1RqXGf/VbHNRzdyeX7N/p41WZV:ZA1SWfNNfyeLNB

Score

N/A

Malware Config

Signatures

Files

78f396030c0d94be63cd6e822c1dc74d118d376c74c83eaf8f0c1f0bb232473e
.exe windows x86

6d7a8eb0c7badbcd5c33bca8ce7eccf4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

cryptext

CryptExtAddP7RW
CryptExtOpenSTRW
CryptExtOpenCRL
CryptExtAddP7R
CryptExtOpenCTLW
CryptExtAddCTL
CryptExtAddCTLW
CryptExtAddSPCW
CryptExtOpenPKCS7
CryptExtOpenCAT
CryptExtAddCRL
CryptExtOpenP7R
CryptExtAddCRLW
CryptExtAddPFX
CryptExtAddCER
CryptExtOpenCERW
CryptExtOpenPKCS7W
CryptExtOpenP7RW

ntdll

NtWaitForMultipleObjects
RtlxAnsiStringToUnicodeSize
RtlMakeSelfRelativeSD
RtlAcquireResourceExclusive
LdrInitializeThunk
RtlNewInstanceSecurityObject
ZwSecureConnectPort
atan
iswalpha
PfxInitialize
NtAdjustPrivilegesToken
ZwRemoveProcessDebug
RtlInitUnicodeString
LdrAddRefDll
ZwQueryOpenSubKeys
RtlDosPathNameToNtPathName_U
RtlAreBitsClear
NtTestAlert
_stricmp
RtlDuplicateUnicodeString
RtlGUIDFromString
ZwInitializeRegistry
NtUnloadKey

kernel32

IsWow64Process
GetPrivateProfileIntW
GetCurrentThread
GetStartupInfoA
GetVolumeInformationA
InitializeSListHead
ReadConsoleInputExA
MapUserPhysicalPages
EnumResourceTypesW
GetConsoleAliasesLengthW
GetComputerNameExA
GetSystemDefaultLCID
QueryPerformanceCounter
SetPriorityClass
GetConsoleCursorMode
MoveFileExA
VirtualAlloc
SetConsoleCP
WriteConsoleOutputCharacterW
SetCommTimeouts
SetTermsrvAppInstallMode
Module32NextW
LoadLibraryA
GetConsoleAliasesW
SystemTimeToTzSpecificLocalTime
GetThreadLocale
SetLastError
MoveFileWithProgressW
BaseInitAppcompatCacheSupport
GlobalAddAtomW
VirtualUnlock
lstrlenA
GetLogicalDrives
CompareStringW
lstrcmpA

imagehlp

SymGetLineFromName64
SymEnumSymbols
SymGetModuleInfo64
SymEnumerateModules64
SymGetLinePrev
SymCleanup
SymFromName
SymMatchString
TouchFileTimes
EnumerateLoadedModules64
ImagehlpApiVersion
SymEnumerateSymbolsW64
StackWalk64
SymGetLineNext64
SymSetContext
SymGetSymPrev64
BindImageEx
ImageAddCertificate
SymEnumTypes
SymGetLinePrev64
FindExecutableImage

Sections

.text
Size: 269KB - Virtual size: 268KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 295KB - Virtual size: 294KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 268KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6d7a8eb0c7badbcd5c33bca8ce7eccf4

Headers

DLL Characteristics

File Characteristics

Imports

cryptext

ntdll

kernel32

imagehlp

Sections

.text Size: 269KB - Virtual size: 268KB

.rdata Size: 295KB - Virtual size: 294KB

.data Size: 268KB - Virtual size: 1.6MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 269KB - Virtual size: 268KB

.rdata
Size: 295KB - Virtual size: 294KB

.data
Size: 268KB - Virtual size: 1.6MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB