a2784d9605919c41993292e7fcfad1420487024a47ed56a0bfaf5872e314729a

Sharing

Copy URL Twitter E-mail

General

Target

a2784d9605919c41993292e7fcfad1420487024a47ed56a0bfaf5872e314729a
Size

226KB
MD5

79e63b9f9652a28b5a38cb8a7a3a8740
SHA1

396ad17e973ad9d90ea7100864e5944f8f51c98f
SHA256

a2784d9605919c41993292e7fcfad1420487024a47ed56a0bfaf5872e314729a
SHA512

60a7b861304d146c6fe0842c8f6369744cc96d410cc582541baca8302d07617275827d2996d304698f555c6e81a09260613a27ec97dadab11473e6684c8656c8
SSDEEP

3072:Dg3rdlYEgPE9AbkxCOazCgYWwTZN3nwvoQivhuBfu1HTgC9ffezVM8iWCOH29pUe:DcR2E9AbkopxY2muGxebVN2XOXb76

Score

N/A

Malware Config

Signatures

Files

a2784d9605919c41993292e7fcfad1420487024a47ed56a0bfaf5872e314729a
.exe windows x86

2c7ea1f046a80a4d02174a4ba61467ec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegQueryValueExW
RegOpenKeyExW
EventActivityIdControl
ConvertStringSidToSidW
RegCloseKey

kernel32

GetProcessHeap
HeapFree
GetTickCount
GetStdHandle
SetThreadPreferredUILanguages
HeapSetInformation
GetLastError
SetThreadUILanguage
GetComputerNameW
GetProcAddress
LoadLibraryW
GetModuleHandleW
HeapAlloc
FormatMessageW
LocalFree
WriteConsoleW
WideCharToMultiByte
WriteFile
GetFileType
GetConsoleMode
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
FileTimeToSystemTime
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
InterlockedCompareExchange
Sleep
MultiByteToWideChar
InterlockedExchange
GetCurrentThreadId

msvcrt

malloc
_controlfp
_except_handler4_common
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
_XcptFilter
_exit
_cexit
__wgetmainargs
memset
memcpy
fprintf
_iob
_wcsicmp
exit
printf
free
wcstol
getchar
_getch
wcschr
wcsstr
_wtoi

rpcrt4

RpcErrorLoadErrorInfo
RpcErrorEndEnumeration
RpcErrorClearInformation
RpcErrorSaveErrorInfo
RpcErrorResetEnumeration
RpcErrorGetNextRecord
RpcErrorGetNumberOfRecords
RpcErrorStartEnumeration
RpcMgmtStatsVectorFree
RpcMgmtInqStats
RpcEpResolveBinding
RpcBindingSetAuthInfoExW
RpcBindingFromStringBindingW
RpcStringBindingComposeW
UuidToStringW
UuidCreate
RpcCertGeneratePrincipalNameW
UuidFromStringW
RpcStringFreeW
I_RpcCertProcessAndProvision

ntdll

WinSqmIsOptedIn
WinSqmIncrementDWORD

winhttp

WinHttpSetCredentials
WinHttpCloseHandle
WinHttpOpenRequest
WinHttpConnect
WinHttpOpen
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryAuthSchemes
WinHttpSetOption
WinHttpQueryHeaders
WinHttpQueryOption

crypt32

CertFreeCertificateContext

credui

SspiPromptForCredentialsW
CredUIPromptForCredentialsW

rpcdiag

RpcDiagnoseError

sspicli

SspiEncodeStringsAsAuthIdentity
SspiEncodeAuthIdentityAsStrings

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vmp0
Size: 192KB - Virtual size: 1.3MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2c7ea1f046a80a4d02174a4ba61467ec

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

rpcrt4

ntdll

winhttp

crypt32

credui

rpcdiag

sspicli

Sections

.text Size: 28KB - Virtual size: 28KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

.vmp0 Size: 192KB - Virtual size: 1.3MB

.text
Size: 28KB - Virtual size: 28KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB

.vmp0
Size: 192KB - Virtual size: 1.3MB