0ca2159210ecf8401b2dde32841d9bc078303832658bb882fddb1065508451bb

Sharing

Copy URL Twitter E-mail

General

Target

0ca2159210ecf8401b2dde32841d9bc078303832658bb882fddb1065508451bb
Size

1.4MB
MD5

6c52b37291252af98821a816f39cd418
SHA1

e5c910ba612f958f955274c6c496dd9c839dc57c
SHA256

0ca2159210ecf8401b2dde32841d9bc078303832658bb882fddb1065508451bb
SHA512

b46e89d328ee7ea50fb93f7b1f0be818f762a8b42404c2b3137b9d03d49ce1c7154150622317bed6195111142284317d58ab9d21548fe74fea23d538f0593a0c
SSDEEP

24576:hryrWUV9fT7+/XQ5mmVX9KYZl61pSmghH+TA1iUEJuD01X+O1jO4hps0HsIUz:hGrWUV9fT7+/XfmlvepdghH7pEJuDgCt

Score

N/A

Malware Config

Signatures

Files

0ca2159210ecf8401b2dde32841d9bc078303832658bb882fddb1065508451bb
.exe windows x86

461bd5ba93c7225aa692af109e784385

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW
FreeSid
AllocateAndInitializeSid
CloseServiceHandle
StartServiceW
RegisterEventSourceW
ReportEventW
DeregisterEventSource
RegSetKeySecurity
RegCreateKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegSetValueExW
StartServiceCtrlDispatcherW
OpenSCManagerW
OpenServiceW
QueryServiceStatus
ChangeServiceConfigW
ControlService
CreateServiceW
ChangeServiceConfig2W
RegisterServiceCtrlHandlerW
SetServiceStatus
QueryServiceConfigW
DeleteService
CheckTokenMembership
RegQueryInfoKeyW
RegEnumKeyW
RegDeleteKeyW
LsaClose
LsaOpenPolicy
LsaQueryInformationPolicy
LsaFreeMemory
CryptReleaseContext
CryptAcquireContextW
DuplicateTokenEx
SetTokenInformation
CreateProcessAsUserW
CryptGenRandom
TraceMessage

kernel32

GetLastError
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetProcAddress
ExpandEnvironmentStringsW
GetSystemDirectoryW
GetSystemDefaultUILanguage
LocalAlloc
LocalFree
InterlockedDecrement
InterlockedIncrement
SetEnvironmentVariableW
HeapSetInformation
GetCommandLineW
GetModuleHandleExW
InterlockedCompareExchange
EncodePointer
FreeLibrary
FileTimeToSystemTime
GetDateFormatW
GetTimeFormatW
CloseHandle
CreateFileW
DeviceIoControl
MultiByteToWideChar
HeapFree
DecodePointer
WideCharToMultiByte
GetCurrentProcess
LoadLibraryW
GetModuleHandleW
SetLastError
CreateEventW
CreateTimerQueueTimer
GetVersionExW
VirtualProtect
SleepEx
Sleep
GetFileAttributesW
InitializeCriticalSectionAndSpinCount
DeleteTimerQueueTimer
WaitForSingleObject
GetCurrentThreadId
SetEvent
GetSystemTimeAsFileTime
GetModuleFileNameW
lstrlenW
VirtualQuery
ReleaseSemaphore
RaiseException
FreeLibraryAndExitThread
GetCurrentThread
SetThreadPriority
CreateThread
CreateSemaphoreW
DeleteFileW
MoveFileExW
WriteFile
LoadLibraryExW
GetTempFileNameW
FindResourceExW
LoadResource
LockResource
SizeofResource
ResetEvent
GetTempPathW
UnregisterWaitEx
InterlockedExchange
GlobalFree
GetNativeSystemInfo
RegisterWaitForSingleObject
GetTimeZoneInformation
GetUserDefaultLCID
WaitForMultipleObjects
ReadFile
GetFileSizeEx
SetFilePointerEx
IsWow64Process
CreateTimerQueue
DeleteTimerQueueEx
EnumUILanguagesW
GetSystemInfo
VirtualAlloc
VirtualFree
GetVersion
UnhandledExceptionFilter
TerminateProcess
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
GetProcessHeap
OutputDebugStringA
GetStartupInfoA
HeapAlloc
GetVersionExA

msvcrt

__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
wcstombs
_acmdln
exit
memset
__pioinfo
memcpy
?terminate@@YAXXZ
_controlfp
free
calloc
isdigit
_snprintf
iswctype
_unlock
malloc
_ismbblead
_XcptFilter
mbtowc
__mb_cur_max
isleadbyte
isxdigit
localeconv
_iob
realloc
__badioinfo
ungetc
_isatty
_write
_lseeki64
_fileno
_read
_exit
_cexit
__getmainargs
__dllonexit
_lock
ferror
_onexit
wctomb
_itoa
_initterm
_wcslwr
_errno
towupper
wcsrchr
_stricmp
wcschr
_purecall
memmove
_wcsnicmp
_wcsicmp
wcsstr
_vsnwprintf

shell32

CommandLineToArgvW

ole32

CoCreateInstance
CoInitializeEx
CoUninitialize
CoRegisterClassObject
CoResumeClassObjects
CoRevokeClassObject
CoSuspendClassObjects
CoInitializeSecurity
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CoSetProxyBlanket
CoRegisterPSClsid

rpcrt4

CStdStubBuffer_DebugServerRelease
CStdStubBuffer_Invoke
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_CountRefs
CStdStubBuffer_DebugServerQueryInterface
I_RpcMapWin32Status
UuidCreate
UuidToStringW
RpcStringFreeW
UuidFromStringW
CStdStubBuffer_Disconnect
CStdStubBuffer_Connect
CStdStubBuffer_AddRef
CStdStubBuffer_QueryInterface
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
NdrOleFree
NdrOleAllocate
NdrDllGetClassObject
NdrCStdStubBuffer_Release

oleaut32

VariantInit
SysAllocString
SysStringLen
SysAllocStringLen
LoadTypeLi
VariantClear
SysFreeString
UnRegisterTypeLi
RegisterTypeLi

wintrust

CryptCATAdminAcquireContext
WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
CryptCATAdminReleaseCatalogContext
WinVerifyTrust
CryptCATCatalogInfoFromContext
CryptCATAdminEnumCatalogFromHash
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminReleaseContext

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

crypt32

CertVerifyCertificateChainPolicy

winhttp

WinHttpCrackUrl
WinHttpReadData
WinHttpQueryHeaders
WinHttpDetectAutoProxyConfigUrl
WinHttpReceiveResponse
WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpConnect
WinHttpOpen
WinHttpSetStatusCallback
WinHttpSetOption
WinHttpOpenRequest
WinHttpCloseHandle
WinHttpSendRequest

ntdll

NtQuerySymbolicLinkObject
RtlUnwind
NtQuerySystemInformation
NtCreateEvent
NtResetEvent
NtDeviceIoControlFile
NtWaitForSingleObject
NtQueryValueKey
NtOpenKey
RtlFreeHeap
RtlAllocateHeap
NtOpenSymbolicLinkObject
RtlInitUnicodeString
NtClose
NtOpenFile

wtsapi32

WTSEnumerateSessionsW
WTSQueryUserToken
WTSFreeMemory

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 1024B - Virtual size: 1005B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 201KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

PACK
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

461bd5ba93c7225aa692af109e784385

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

shell32

ole32

rpcrt4

oleaut32

wintrust

version

crypt32

winhttp

ntdll

wtsapi32

userenv

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.orpc Size: 1024B - Virtual size: 1005B

.data Size: 201KB - Virtual size: 200KB

.rsrc Size: 18KB - Virtual size: 18KB

.reloc Size: 29KB - Virtual size: 28KB

PACK Size: 144KB - Virtual size: 380KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.orpc
Size: 1024B - Virtual size: 1005B

.data
Size: 201KB - Virtual size: 200KB

.rsrc
Size: 18KB - Virtual size: 18KB

.reloc
Size: 29KB - Virtual size: 28KB

PACK
Size: 144KB - Virtual size: 380KB