3fcad88a3de96dbc599c15d3d54fe955c43d6ed97c87fc15da889660647084c4

Sharing

Copy URL Twitter E-mail

General

Target

3fcad88a3de96dbc599c15d3d54fe955c43d6ed97c87fc15da889660647084c4
Size

606KB
MD5

41d3c79d1d6c22912d794d5b4cbf6300
SHA1

dcad81fd9dbfbe1e8ec4003114ad0cff6d2d7d44
SHA256

3fcad88a3de96dbc599c15d3d54fe955c43d6ed97c87fc15da889660647084c4
SHA512

0dd60f925a67665cc7a297ca0403b309d63071c807bc92d857496e4bc98b2da0849f2da560c36d858f11809fd86c39b6bb1454f7ac127d53ab72554bd31904b7
SSDEEP

12288:Zqn6l5s9RDJ19D3GbM+3dzHniYvMKiTL2itciOSns+MxprzTBLGRRNE795:Z+66DaB1itciOdbrzTNsRNw5

Score

N/A

Malware Config

Signatures

Files

3fcad88a3de96dbc599c15d3d54fe955c43d6ed97c87fc15da889660647084c4
.exe windows x64

1ee36644e39b2682063401b8e035be4b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

EncryptedFileKeyInfo
AddUsersToEncryptedFile
CryptAcquireContextW
GetUserNameW
CryptSetKeyParam
FlushEfsCache
DecryptFileW
CryptReleaseContext
RegQueryValueExW
LookupAccountSidW
QueryRecoveryAgentsOnEncryptedFile
RegOpenKeyExW
CryptGenKey
CryptDestroyKey
SetUserFileEncryptionKey
AddUsersToEncryptedFileEx
FreeEncryptedFileKeyInfo
FreeEncryptionCertificateHashList
QueryUsersOnEncryptedFile
CryptGetUserKey
EncryptFileW
RegCloseKey
RemoveUsersFromEncryptedFile

kernel32

GetFullPathNameW
GetTempFileNameW
FindFirstFileW
FindVolumeClose
SetFilePointer
TryEnterCriticalSection
GetDriveTypeW
SetEndOfFile
SetErrorMode
HeapAlloc
SystemTimeToFileTime
VerSetConditionMask
HeapFree
CreateDirectoryW
GetComputerNameW
VirtualFree
GetProcessHeap
ReadConsoleW
InitializeCriticalSection
LocalFree
LeaveCriticalSection
FindNextVolumeW
SetConsoleMode
GetFileAttributesW
FileTimeToSystemTime
CreateFileW
lstrcmpW
FlushFileBuffers
VerifyVersionInfoW
GetCurrentDirectoryW
SetLastError
VirtualAlloc
GetDiskFreeSpaceW
FindClose
SetCurrentDirectoryW
RemoveDirectoryW
QueryDosDeviceW
DeviceIoControl
HeapSetInformation
FindNextFileW
DeleteCriticalSection
GetDiskFreeSpaceExW
CloseHandle
FindFirstVolumeW
GetVolumeNameForVolumeMountPointW
GetSystemTime
GetVolumeInformationW
FreeLibrary
LoadLibraryA
EnterCriticalSection
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep
DelayLoadFailureHook
GetFileType
LocalAlloc
GetProcAddress
GetLastError
GetStdHandle
lstrlenW
WriteConsoleW
FormatMessageW
GetConsoleMode
WideCharToMultiByte
WriteFile
GetModuleHandleW
GetVolumePathNameW

msvcrt

_get_osfhandle
_wcsicmp
wcschr
memcpy
_fmode
_commode
__setusermatherr
_amsg_exit
_initterm
exit
_cexit
_exit
_XcptFilter
__C_specific_handler
__wgetmainargs
getchar
__set_app_type
?terminate@@YAXXZ
towupper
_putws
_iob
_vsnwprintf
printf
fgetws
malloc
_wcsnicmp
free
memset

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlInitUnicodeString
NtOpenFile
RtlInitializeCriticalSection
RtlCaptureContext

rpcrt4

RpcStringFreeW
UuidToStringW
UuidCreate

user32

MessageBoxW

crypt32

CertOpenStore
CertCreateSelfSignCertificate
CertFreeCertificateContext
CertAddCertificateContextToStore
CertFindCertificateInStore
CertStrToNameW
CertCloseStore
CertGetCertificateContextProperty
CryptStringToBinaryW
CryptEncodeObject
PFXExportCertStoreEx
CryptQueryObject

winscard

SCardFreeMemory
SCardGetCardTypeProviderNameW
SCardListCardsW

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vmp1
Size: 540KB - Virtual size: 1.8MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1ee36644e39b2682063401b8e035be4b

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

ntdll

rpcrt4

user32

crypt32

winscard

Sections

.text Size: 60KB - Virtual size: 59KB

.data Size: 1024B - Virtual size: 10KB

.pdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 180B

.vmp1 Size: 540KB - Virtual size: 1.8MB

.text
Size: 60KB - Virtual size: 59KB

.data
Size: 1024B - Virtual size: 10KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 180B

.vmp1
Size: 540KB - Virtual size: 1.8MB