deadc537b2b7899ea7b7a9ae1504154cbb20ed14c55c0c967a1ab452d0442b0e

Sharing

Copy URL Twitter E-mail

General

Target

deadc537b2b7899ea7b7a9ae1504154cbb20ed14c55c0c967a1ab452d0442b0e
Size

240KB
MD5

6e94fde7674c5589d30505b5677bb160
SHA1

8c8889c698a338a755beb93bff1829a0131b3c8b
SHA256

deadc537b2b7899ea7b7a9ae1504154cbb20ed14c55c0c967a1ab452d0442b0e
SHA512

e93a45b07a8746a68afb2848f490d47cc4e1c48163f5e1e2e2173ab7a7a10ac77c2c83935620b23b039f929dffe4809f0f79ca289bcba76589eb512b783dc9ac
SSDEEP

6144:7p6/nbrZiiFMwUOI0ctwmeUDc/tpT+QPb:7p6/nbEJwUCWcrT+QP

Score

N/A

Malware Config

Signatures

Files

deadc537b2b7899ea7b7a9ae1504154cbb20ed14c55c0c967a1ab452d0442b0e
.exe windows x86

bce22a66cca5354276573e2d354e0d5e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wtsapi32

WTSLogoffSession
WTSSendMessageA

version

VerInstallFileA

pdh

PdhAddCounterA

gdi32

DescribePixelFormat
CreateFontIndirectA
DeviceCapabilitiesExW
GdiPlayPrivatePageEMF
PlayEnhMetaFile
GetDIBits
EnumFontsW
PolyTextOutA
SetWindowOrgEx
GetDCOrgEx
GetTextAlign
GetTextExtentExPointW
Pie
ScaleViewportExtEx
SetWindowExtEx
BeginPath
CreateRectRgnIndirect
GetCharABCWidthsA
GetCharacterPlacementW
SetRectRgn
GetBitmapDimensionEx
GetEnhMetaFileBits
GetCharABCWidthsW
StrokePath
SetColorAdjustment
CreateHatchBrush
SetMetaRgn
InvertRgn
LPtoDP

mswsock

EnumProtocolsW
SetServiceW
GetNameByTypeA

urlmon

HlinkNavigateString

advpack

RunSetupCommand

tapi32

phoneGetStatusA
lineSetAgentActivity

winmm

mixerSetControlDetails

wininet

FindNextUrlCacheEntryExA
UnlockUrlCacheEntryFileA

iphlpapi

GetIcmpStatistics

psapi

GetModuleBaseNameA

shell32

SHGetDiskFreeSpaceA

crypt32

CryptEncodeObjectEx
CryptSIPGetSignedDataMsg
CertFreeCRLContext
CertSerializeCertificateStoreElement
CertCompareCertificate
CryptMsgUpdate
CertUnregisterPhysicalStore
CertEnumCertificateContextProperties
CryptExportPublicKeyInfo
PFXVerifyPassword
CertVerifyCRLRevocation
CertAddCRLContextToStore
CertVerifyCRLTimeValidity
CryptSignCertificate
CertGetIssuerCertificateFromStore
CertSetCRLContextProperty
CryptUnregisterDefaultOIDFunction
CertEnumSystemStore
CertEnumPhysicalStore
CertCreateSelfSignCertificate
CryptDecryptAndVerifyMessageSignature
CertFindSubjectInCTL
CertDuplicateCertificateChain
CertGetCTLContextProperty
CertVerifySubjectCertificateContext
CryptFindOIDInfo
CertRDNValueToStrA
CryptAcquireCertificatePrivateKey
CryptEnumOIDFunction
CertIsRDNAttrsInCertificateName
CertFindCertificateInStore

kernel32

GetFileTime
lstrcatW
ReplaceFileA

clusapi

CloseClusterResource

netapi32

RxNetAccessSetInfo
NetUseGetInfo

cryptui

CryptUIGetCertificatePropertiesPagesA
CryptUIWizFreeDigitalSignContext
CryptUIDlgCertMgr
CryptUIDlgViewSignerInfoW
CryptUIDlgViewCRLW
CryptUIDlgSelectStoreA
CryptUIDlgViewCTLA
CryptUIGetCertificatePropertiesPagesW
CryptUIDlgSelectCertificateW
ACUIProviderInvokeUI

userenv

GetProfilesDirectoryW

mscms

EnumColorProfilesW

user32

GetCursorPos
SetMessageExtraInfo
DialogBoxIndirectParamW

winsta

WinStationInstallLicense

scesrv

ScesrvInitializeServer

rpcrt4

RpcBindingFromStringBindingA
NdrConformantVaryingStructUnmarshall
NdrRangeUnmarshall
NdrComplexStructUnmarshall
I_RpcConnectionInqSockBuffSize
UuidIsNil
NdrMesTypeAlignSize
NdrInterfacePointerUnmarshall
I_RpcGetBufferWithObject
RpcNetworkInqProtseqsW
NdrEncapsulatedUnionFree
RpcMgmtStatsVectorFree
RpcBindingToStringBindingA
RpcServerRegisterIf
RpcServerUseAllProtseqsIfEx
NdrMesTypeDecode2
MesEncodeIncrementalHandleCreate
NdrComplexStructBufferSize
NdrFullPointerFree
RpcRevertToSelfEx
RpcServerUseProtseqEpExA
RpcBindingSetAuthInfoW
RpcBindingInqOption
NdrCorrelationInitialize
MesDecodeIncrementalHandleCreate
NdrClientInitializeNew
NdrGetUserMarshalInfo
NdrConformantStringBufferSize
NdrConformantStringUnmarshall
RpcMgmtEpEltInqBegin
RpcServerInqIf
MesEncodeFixedBufferHandleCreate

comdlg32

GetFileTitleA

Sections

.text
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bce22a66cca5354276573e2d354e0d5e

Headers

File Characteristics

Imports

wtsapi32

version

pdh

gdi32

mswsock

urlmon

advpack

tapi32

winmm

wininet

iphlpapi

psapi

shell32

crypt32

kernel32

clusapi

netapi32

cryptui

userenv

mscms

user32

winsta

scesrv

rpcrt4

comdlg32

Sections

.text Size: 33KB - Virtual size: 32KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 40KB - Virtual size: 228KB

.rsrc Size: 152KB - Virtual size: 151KB

.text
Size: 33KB - Virtual size: 32KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 40KB - Virtual size: 228KB

.rsrc
Size: 152KB - Virtual size: 151KB