e802e53605c676b15f43080c593e0cb04c0534d18e0e8c00f152ffc2103c51a6

Sharing

Copy URL Twitter E-mail

General

Target

e802e53605c676b15f43080c593e0cb04c0534d18e0e8c00f152ffc2103c51a6
Size

278KB
MD5

6a2c7c0a0654d92d0316eadfcf4b2110
SHA1

81c6477e784974f280412beb819318ea4a79b75d
SHA256

e802e53605c676b15f43080c593e0cb04c0534d18e0e8c00f152ffc2103c51a6
SHA512

cc136e934e4b485061331e29442864bb7af3813fd88667b49783628809877aee9a579c5223a38a3f39ab1a01da3a5e5bf8900bf6e32f984305613aa7fc97bb77
SSDEEP

6144:ywcL44q1QsaEX+pd1bEz2s7ETRhEgjJqX+pd1bEz2s7ETRhEgjJDRmL:pcs4q1SEX+pd167QhE0qX+pd167QhE0+

Score

N/A

Malware Config

Signatures

Files

e802e53605c676b15f43080c593e0cb04c0534d18e0e8c00f152ffc2103c51a6
.exe windows x86

9970fa4104e4c405b7ecd7c2ba1e5649

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegSetValueExW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegCreateKeyW
RegOpenKeyExW
RegEnumValueW
RegSetValueExA
RegQueryValueExA
RegDeleteKeyW
RegQueryValueExW
RegCreateKeyA
RegOpenKeyExA
ConvertStringSidToSidW
EqualSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclW
CopySid
CreateWellKnownSid
TraceEvent
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
GetSidSubAuthority
RegOpenCurrentUser
RegOverridePredefKey
GetTokenInformation
OpenProcessToken
InitializeAcl
GetLengthSid
IsValidSid
GetAce
GetSecurityDescriptorSacl
GetKernelObjectSecurity
SetSecurityInfo
GetSidSubAuthorityCount

kernel32

DeleteFileW
lstrcmpiW
lstrlenW
lstrcmpiA
lstrlenA
DeleteFileA
SetFileAttributesA
CreateProcessW
LoadLibraryExW
GetExitCodeThread
LoadLibraryW
WideCharToMultiByte
MultiByteToWideChar
LocalFree
LocalAlloc
FindClose
FindNextFileA
lstrcmpA
FindFirstFileA
RemoveDirectoryA
CreateDirectoryExA
GetFileAttributesA
GetTempPathA
CopyFileW
InterlockedCompareExchange
CreateEventW
HeapSetInformation
SetEvent
UnhandledExceptionFilter
TerminateProcess
GetVersionExA
OpenEventW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
GetStartupInfoW
Sleep
GetProcAddress
CreateFileW
GetFileAttributesW
GetCurrentProcess
OpenProcess
DuplicateHandle
CloseHandle
FreeLibrary
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
SetProcessShutdownParameters
InterlockedIncrement
InterlockedDecrement
WaitForSingleObject
VirtualQuery
VirtualProtect
FlushInstructionCache
VirtualAlloc
InterlockedExchange
GetModuleHandleW
GetLastError
ResumeThread
HeapFree
GetProcessHeap
HeapAlloc
CreateThread
GetThreadContext
SetThreadContext
SuspendThread
SetLastError
CreateActCtxW
ReleaseActCtx
ActivateActCtx
DeactivateActCtx
GetModuleFileNameW

user32

GetSystemMetrics
PostQuitMessage
CharNextW
LoadStringW

msvcrt

?terminate@@YAXXZ
memset
_vsnwprintf
wcsrchr
_vsnprintf
_wcsnicmp
memcpy
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_amsg_exit
wcstok
_controlfp
__setusermatherr
_onexit
_lock
__dllonexit
_unlock
_except_handler4_common
__set_app_type
__p__fmode
__p__commode

psapi

GetModuleBaseNameW

ole32

CoCreateInstance
CoRevertToSelf
CoImpersonateClient
CoTaskMemAlloc
CoTaskMemFree
CoRegisterClassObject
CoGetCallContext
CoInitializeSecurity
CoInitializeEx
StringFromGUID2
CoInitialize
CoUninitialize
CoRevokeClassObject

oleaut32

UnRegisterTypeLibForUser
RegisterTypeLibForUser
RegisterTypeLi
UnRegisterTypeLi
SysStringLen
SysAllocString
SysFreeString

rpcrt4

UuidCreate
UuidToStringW
RpcStringFreeW

urlmon

Extract
CompatFlagsFromClsid
CoInternetCreateSecurityManager
ord107
CoInternetSetFeatureEnabled

wintrust

CryptCATAdminReleaseCatalogContext
CryptCATAdminAddCatalog
CryptCATAdminAcquireContext
CryptCATAdminReleaseContext

iertutil

ord201
ord200
ord9

Sections

.text
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 194KB - Virtual size: 194KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

vvtmdkm
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9970fa4104e4c405b7ecd7c2ba1e5649

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

msvcrt

psapi

ole32

oleaut32

rpcrt4

urlmon

wintrust

iertutil

Sections

.text Size: 48KB - Virtual size: 48KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 194KB - Virtual size: 194KB

.reloc Size: 33KB - Virtual size: 34KB

vvtmdkm Size: - Virtual size: 4KB

.text
Size: 48KB - Virtual size: 48KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 194KB - Virtual size: 194KB

.reloc
Size: 33KB - Virtual size: 34KB

vvtmdkm
Size: - Virtual size: 4KB