1d63c054bdcd9b4e2aa626074fac5e8c7056443ee4ae269a59c3e8c1f0a7d733

Sharing

Copy URL Twitter E-mail

General

Target

1d63c054bdcd9b4e2aa626074fac5e8c7056443ee4ae269a59c3e8c1f0a7d733
Size

133KB
MD5

6d922ff2ef6579146923d6a581783230
SHA1

7a70503088ab5875681c60251f970f5c0e719955
SHA256

1d63c054bdcd9b4e2aa626074fac5e8c7056443ee4ae269a59c3e8c1f0a7d733
SHA512

ef02c0d15774f0a761e016f758c72bde0f8b3e9769a20e29d468f294bfd20ceb3c1ad4377e92f4a4a6232f54520a6b65f03e6179ee2665c747bf2f58d3137f6f
SSDEEP

3072:jZ93KSiRwimSARkiu95FSQMh6dCq7DBJCJCdhp:f6VqXG5d86d97DBQJCd

Score

N/A

Malware Config

Signatures

Files

1d63c054bdcd9b4e2aa626074fac5e8c7056443ee4ae269a59c3e8c1f0a7d733
.exe windows x86

c623c894ddd35f7db19088bbaf8e4b31

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

catsrvut

SysprepComplus
??0CComPlusComponent@@QAE@ABV0@@Z
??4CComPlusInterface@@QAEAAV0@ABV0@@Z
RunMTSToCom
WinlogonHandlePendingInfOperations
??0CComPlusMethod@@QAE@ABV0@@Z
??0CComPlusInterface@@QAE@ABV0@@Z
??4CComPlusObject@@QAEAAV0@ABV0@@Z
??_7CComPlusComponent@@6B@
??_7CComPlusMethod@@6B@
??4CComPlusComponent@@QAEAAV0@ABV0@@Z
SysprepComplus2
??_7CComPlusObject@@6B@
??1CComPlusComponent@@UAE@XZ
StartMTSTOCOM

crtdll

_itoa
setvbuf
_j1
_ftol
_strcmpi
_rmdir
_cscanf
__mb_cur_max_dll
??3@YAXPAX@Z
_mbsnccnt
abort
wcslen
_CIsin
_mbsnbcpy
isxdigit
wcsncat
_dup2
_heapset
_lrotl
_wtol
_tzname
_vsnprintf

kernel32

SetTapePosition
GetLocaleInfoA
GetTimeFormatW
SetLastError
EnumSystemCodePagesW
FreeResource
SetConsoleCursor
Module32FirstW
GetNumaNodeProcessorMask
WaitCommEvent
lstrcat
FormatMessageA
lstrcmpiW
GetLogicalDriveStringsW
LoadLibraryA
GetProcessHeap
GlobalAlloc
GetStartupInfoA
VirtualAlloc
FlushViewOfFile

ntdll

ZwRegisterThreadTerminatePort
ZwResetEvent
RtlGetSaclSecurityDescriptor
_chkstk
NtDeviceIoControlFile
RtlDefaultNpAcl
ZwCreateMutant
iswctype
ZwRestoreKey
ZwSystemDebugControl
LdrAccessResource
ZwPrivilegeCheck
RtlCompareMemory
NtPrivilegedServiceAuditAlarm
NtFlushInstructionCache
RtlUnicodeToOemN
RtlGetOwnerSecurityDescriptor
NtFreeVirtualMemory
_snwprintf
RtlCreateEnvironment
RtlCreateSystemVolumeInformationFolder
NtAllocateLocallyUniqueId
ZwAcceptConnectPort
RtlFreeHandle
RtlMultiAppendUnicodeStringBuffer

Sections

.text
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 57KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 380B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c623c894ddd35f7db19088bbaf8e4b31

Headers

DLL Characteristics

File Characteristics

Imports

catsrvut

crtdll

kernel32

ntdll

Sections

.text Size: 35KB - Virtual size: 35KB

Size: 37KB - Virtual size: 37KB

.data Size: 57KB - Virtual size: 182KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 380B

.text
Size: 35KB - Virtual size: 35KB

.data
Size: 57KB - Virtual size: 182KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 380B