9b5fbda8302d1e8b3248fb6282403e5a5401e500c65365912ae5a3e2ac89b5f6

Sharing

Copy URL Twitter E-mail

General

Target

9b5fbda8302d1e8b3248fb6282403e5a5401e500c65365912ae5a3e2ac89b5f6
Size

63KB
MD5

05deaaede50610b3ec60f2fe2a69e4e0
SHA1

a869f3c80c20a7da931b6a75258977c01e6d48b3
SHA256

9b5fbda8302d1e8b3248fb6282403e5a5401e500c65365912ae5a3e2ac89b5f6
SHA512

5d35524a44f4b7e8424692e957c533196d6715ad55b4c961149fa31fafd39ce33177f684dc5b533e7c65cc5d795595f49e156154ce6aab43353ad36a041312c8
SSDEEP

1536:DGDQJeChdAFDaCNJ0dizczaV2FzgZQWPwE:peChCFDtNJCPu2tgR

Score

N/A

Malware Config

Signatures

Files

9b5fbda8302d1e8b3248fb6282403e5a5401e500c65365912ae5a3e2ac89b5f6
.exe windows x86

fb92ef247e1be6be67cfa6625459427e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

EncryptFileW
DecryptFileW
AddUsersToEncryptedFile
RemoveUsersFromEncryptedFile
AddUsersToEncryptedFileEx
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
LookupAccountSidW
FreeEncryptedFileKeyInfo
FreeEncryptionCertificateHashList
QueryRecoveryAgentsOnEncryptedFile
QueryUsersOnEncryptedFile
EncryptedFileKeyInfo
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptGetUserKey
FlushEfsCache
SetUserFileEncryptionKey

kernel32

GetFullPathNameW
GetComputerNameW
ReadConsoleW
SetConsoleMode
VirtualFree
VirtualAlloc
CloseHandle
SetEndOfFile
SetFilePointer
CreateFileW
DeviceIoControl
GetVolumeNameForVolumeMountPointW
VerifyVersionInfoW
VerSetConditionMask
FindClose
FindNextFileW
WideCharToMultiByte
FindFirstFileW
GetFileAttributesW
QueryDosDeviceW
FindVolumeClose
FindNextVolumeW
GetVolumeInformationW
FindFirstVolumeW
SetErrorMode
RemoveDirectoryW
SetLastError
GetTempFileNameW
CreateDirectoryW
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetDriveTypeW
GetVolumePathNameW
GetCurrentDirectoryW
SetCurrentDirectoryW
HeapSetInformation
DelayLoadFailureHook
FreeLibrary
InterlockedCompareExchange
LoadLibraryExA
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
UnhandledExceptionFilter
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
Sleep
InterlockedExchange
LocalFree
WriteConsoleW
FlushFileBuffers
lstrlenW
WriteFile
HeapFree
GetProcessHeap
HeapAlloc
FormatMessageW
GetFileType
GetStdHandle
GetConsoleMode
GetModuleHandleW
GetLastError
GetProcAddress
lstrcmpW

msvcrt

__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
exit
_XcptFilter
__set_app_type
?terminate@@YAXXZ
_controlfp
_get_osfhandle
_vsnwprintf
_except_handler4_common
_exit
_cexit
__wgetmainargs
_putws
_wcsnicmp
memcpy
getchar
printf
memset
_iob
fgetws
towupper
wcschr
_wcsicmp

ntdll

RtlNtStatusToDosError

rpcrt4

UuidCreate
RpcStringFreeW
UuidToStringW

user32

MessageBoxW

ntdsapi

DsCrackNamesW
DsBindW
DsUnBindW
DsFreeNameResultW

crypt32

CertCloseStore
CertFindCertificateInStore
CertOpenStore
CryptStringToBinaryW
CertAddCertificateContextToStore
CertGetEnhancedKeyUsage
CertFreeCertificateContext
CryptQueryObject
PFXExportCertStoreEx
CertEnumCertificatesInStore
CertGetCertificateContextProperty

bcrypt

BCryptGenRandom
BCryptOpenAlgorithmProvider
BCryptGetProperty
BCryptGenerateSymmetricKey
BCryptEncrypt
BCryptDestroyKey
BCryptCloseAlgorithmProvider

netapi32

DsRoleFreeMemory
DsRoleGetPrimaryDomainInformation

efsutil

EfsUtilCreateSelfSignedCertificate
EfsUtilGetSmartcardProviderName
EfsUtilGetCurrentUserInformation

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fb92ef247e1be6be67cfa6625459427e

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

ntdll

rpcrt4

user32

ntdsapi

crypt32

bcrypt

netapi32

efsutil

Sections

.text Size: 31KB - Virtual size: 31KB

.data Size: 512B - Virtual size: 9KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 29KB - Virtual size: 30KB

.text
Size: 31KB - Virtual size: 31KB

.data
Size: 512B - Virtual size: 9KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 29KB - Virtual size: 30KB