a2af158a0e0e558373f29936c56bce02881e5d092a71295be55ae0814ab477f4

Sharing

Copy URL Twitter E-mail

General

Target

a2af158a0e0e558373f29936c56bce02881e5d092a71295be55ae0814ab477f4
Size

49KB
MD5

3c1bd3e9adfd8d1b99258e006ccc61c3
SHA1

624d8bd5e3d4a083bd2486c08140bc0d43ed0460
SHA256

a2af158a0e0e558373f29936c56bce02881e5d092a71295be55ae0814ab477f4
SHA512

f85dfa4169c86f9c9d31d212278fb0f39ba7640c07009c40b7ac89f11d99615bba3c27ea4d9ca0ff416d1bb1fdc9e951f027eadb6020a0cfedaa7205936888ac
SSDEEP

1536:844k7Lt/2kEdkPQb5bs7wft+E0MIRYfn:8zk12kEdkAskft+E0MOy

Score

N/A

Malware Config

Signatures

Files

a2af158a0e0e558373f29936c56bce02881e5d092a71295be55ae0814ab477f4
.exe windows x86

2e891070daa0e21c7a0a867fe909f451

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

schannel

CompleteAuthToken
ImpersonateSecurityContext
RevertSecurityContext
MakeSignature
UnsealMessage
FreeContextBuffer
InitSecurityInterfaceA
InitializeSecurityContextW
SpUserModeInitialize
SslGetMaximumKeySize
SealMessage
SpLsaModeInitialize
DeleteSecurityContext
FreeCredentialsHandle
AcquireCredentialsHandleW
AcquireCredentialsHandleA
ApplyControlToken
InitializeSecurityContextA
EnumerateSecurityPackagesW
EnumerateSecurityPackagesA
QueryContextAttributesW
SslGenerateRandomBits
SslEmptyCacheA
SslFreeCertificate
QueryContextAttributesA
SslEmptyCacheW
SslLoadCertificate
QuerySecurityPackageInfoW
SslCrackCertificate

mapi32

OpenTnefStream
BMAPISendMail
ScMAPIXFromCMC
CloseIMsgSession@4
UNKOBJ_Free@8
SzFindLastCh@8
LPropCompareProp@8
cmc_send_documents
FixMAPI
MAPILogoff
FtDivFtBogus@20
OpenTnefStream@28
MAPIReadMail
FtAdcFt@20
SwapPlong@8
CchOfEncoding@4
MapStorageSCode@4
RTFSync
FtMulDw@12
HrEntryIDFromSz@12
FBadRestriction@4
__ValidateParameters@8
MAPISaveMail
MAPIAllocateBuffer@8
HrDecomposeEID@28

msdart

?WriteUnlock@CLKRLinearHashTable@@QBEXXZ
?TryWriteLock@CReaderWriterLock3@@QAE_NXZ
??4CReaderWriterLock@@QAEAAV0@ABV0@@Z
?_TryReadLock@CReaderWriterLock@@AAE_NXZ
?ReadUnlock@CReaderWriterLock@@QAEXXZ
?SetDefaultSpinCount@CReaderWriterLock3@@SGXG@Z
?_CurrentThreadId@CReaderWriterLock3@@CGJXZ
?IsWinNT4@CMdVersionInfo@@SAHXZ
?CreateHolder@@YGJPAUIGPDispenser@@HIPAPAUIGPHolder@@@Z
?MaxSize@CLKRHashTable@@QBEKXZ
??4CSpinLock@@QAEAAV0@ABV0@@Z
?WriteLock@CReaderWriterLock@@QAEXXZ
MPInitializeCriticalSection
?ReadUnlock@CLKRLinearHashTable@@QBEXXZ
?sm_dblDfltSpinAdjFctr@CCritSec@@1NA
?ReadOrWriteUnlock@CReaderWriterLock3@@QAEX_N@Z
?sm_dblDfltSpinAdjFctr@CReaderWriterLock3@@1NA
?TryReadLock@CCritSec@@QAE_NXZ
?Push@CLockedSingleList@@QAEXQAVCSingleListEntry@@@Z
mpRealloc
FXMemDetach
?IsEmpty@CLockedDoubleList@@QBE_NXZ
?IsWriteUnlocked@CLKRHashTable@@QBE_NXZ
?SetBucketLockSpinCount@CLKRLinearHashTable@@QAEXG@Z
?MaxSize@CLKRLinearHashTable@@QBEKXZ
?IsWin2k@CMdVersionInfo@@SAHXZ
?ConvertSharedToExclusive@CReaderWriterLock@@QAEXXZ
?WriteUnlock@CSmallSpinLock@@QAEXXZ
?_TryLock@CSmallSpinLock@@AAE_NXZ
??1CReaderWriterLock2@@QAE@XZ
?IsEmpty@CDoubleList@@QBE_NXZ

kernel32

SetConsoleKeyShortcuts
RegisterConsoleIME
SetLastConsoleEventActive
SetWaitableTimer
GetStartupInfoA
GetComputerNameA
GetVersionExA
RegisterWaitForInputIdle
GlobalReAlloc
LZDone
RemoveLocalAlternateComputerNameA
UnregisterWaitEx
CreateFileMappingA
VirtualAlloc
WaitNamedPipeW
SetMailslotInfo
BuildCommDCBW
GetModuleHandleExW
SizeofResource
FlushFileBuffers
BuildCommDCBA
ReadFileScatter
RegisterWaitForSingleObject
IsValidLocale
InvalidateConsoleDIBits
InterlockedExchangeAdd
GetLocaleInfoA
RemoveDirectoryA
GetCurrencyFormatW
MoveFileWithProgressW
_hwrite
LoadLibraryA
SetCurrentDirectoryW
WriteConsoleOutputCharacterA
ExpandEnvironmentStringsW
GetTickCount

gdi32

SetICMProfileW
CreateFontW
GdiEntry3
GetTextExtentPointW
UnrealizeObject
gdiPlaySpoolStream
CreateBitmap
DdEntry32
Polyline
GdiEntry10
DdEntry9
ClearBrushAttributes
EnumICMProfilesA
CreatePenIndirect
GdiConvertMetaFilePict
PATHOBJ_vEnumStart
EngCreateClip
CancelDC
GdiSetAttrs
EnumFontFamiliesA
GetTextCharset
AnimatePalette
DdEntry17
GetPixelFormat
GetEUDCTimeStampExW
GetFontAssocStatus
GetCharacterPlacementW
DdEntry48

Sections

.text
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2e891070daa0e21c7a0a867fe909f451

Headers

DLL Characteristics

File Characteristics

Imports

schannel

mapi32

msdart

kernel32

gdi32

Sections

.text Size: 38KB - Virtual size: 38KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 3KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 38KB - Virtual size: 38KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB