e195bae48b43bff589945e24a125dd277652ffca3a1ef10c07db48eab57cc4ac

Sharing

Copy URL Twitter E-mail

General

Target

e195bae48b43bff589945e24a125dd277652ffca3a1ef10c07db48eab57cc4ac
Size

826KB
MD5

6db1d3f37e0358b58585cec25f1c89b9
SHA1

5fd18bdd71fcdfeb636017e5319da2a842d17814
SHA256

e195bae48b43bff589945e24a125dd277652ffca3a1ef10c07db48eab57cc4ac
SHA512

027763e8a89ec468178d4bc917ce46d7ca3ce072a30210a5c20fbca67edd806468d284fd26745cf0f0c868c83fbff1417e8abfb9d3cbcdc1e320b762803165b2
SSDEEP

24576:Zsd3Qed66ToUYvMd+nC4PZnTiB8710xoHPc3NO:Zsdged66ToZZCIT5SiPsO

Score

N/A

Malware Config

Signatures

Files

e195bae48b43bff589945e24a125dd277652ffca3a1ef10c07db48eab57cc4ac
.exe windows x86

234cff14d228cdd957b1604159f52792

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptDuplicateKey
GetNamedSecurityInfoA
SystemFunction015
CryptHashSessionKey
ConvertAccessToSecurityDescriptorA
SetEntriesInAccessListA
CreateProcessAsUserW
ElfDeregisterEventSource
BuildExplicitAccessWithNameA
LookupAccountNameW
CredDeleteA

imagehlp

ImageRemoveCertificate
SymEnumTypes
SymFindFileInPath
SymGetModuleInfo64
SetImageConfigInformation
SymGetLineFromName64
SymUnDName64
SymGetModuleBase
SymGetModuleBase64
ImageEnumerateCertificates
SymCleanup
UpdateDebugInfoFileEx
MapDebugInformation
SymGetLineNext64
SymInitialize
BindImage
SymFromAddr
SymGetSymPrev64
ImageGetDigestStream
FindFileInSearchPath
SymGetModuleInfoW
SymGetSymPrev
SymLoadModule
SymGetSymNext
SymGetSymFromAddr64
SymUnloadModule64
SymUnloadModule
ImageDirectoryEntryToDataEx

kernel32

SetEndOfFile
EnumerateLocalComputerNamesA
_lclose
RegisterWaitForSingleObjectEx
PrivCopyFileExW
CreateProcessInternalW
GetCommTimeouts
LocalLock
QueryPerformanceFrequency
FormatMessageA
LocalHandle
RemoveDirectoryW
GetGeoInfoW
FormatMessageW
GetThreadSelectorEntry
HeapValidate
FindFirstVolumeMountPointW
RegisterWowExec
WriteConsoleInputVDMA
UTUnRegister
CreateMutexA
DuplicateHandle
_llseek
CancelWaitableTimer
LoadLibraryW
GlobalLock
SetSystemTimeAdjustment
SetLocalPrimaryComputerNameA
CreatePipe
LZCopy
SetConsoleCursorMode
SetConsolePalette
SetConsoleIcon
OpenJobObjectW
GetOEMCP
HeapCreate
CreateMemoryResourceNotification
Heap32ListFirst
GetPrivateProfileIntA

esent

JetCloseFile
JetGetTableIndexInfo
JetDupSession
JetInit2
JetGetAttachInfo
JetEndExternalBackup
JetSetColumns
JetGetLogInfoInstance2
JetRetrieveColumns
JetCloseDatabase
ese
JetPrepareToCommitTransaction
JetMove@16
JetOpenTempTable2
JetUpdate@20
JetSetCurrentIndex2

winsta

WinStationBroadcastSystemMessage
_WinStationCallback
ServerLicensingOpenA
WinStationShadow
LogonIdFromWinStationNameW
_WinStationBeepOpen
WinStationIsHelpAssistantSession
_WinStationReInitializeSecurity
WinStationReset
ServerLicensingLoadPolicy
WinStationEnumerateLicenses
_WinStationFUSCanRemoteUserDisconnect
_WinStationUpdateClientCachedCredentials

ntdll

ZwNotifyChangeMultipleKeys
RtlIpv6StringToAddressW
RtlIpv4AddressToStringA
ZwAlertResumeThread
ZwQueryDirectoryObject
ZwFlushBuffersFile
RtlAppendAsciizToString
RtlAnsiCharToUnicodeChar
NtAdjustPrivilegesToken
islower
NtPlugPlayControl
ZwTerminateThread
ZwModifyBootEntry
ZwResumeThread
NtTerminateJobObject
strcmp
ZwEnumerateValueKey
ZwAccessCheckAndAuditAlarm
ZwSetSystemEnvironmentValueEx
RtlEnumerateGenericTableLikeADirectory
RtlSubtreePredecessor
RtlSecondsSince1980ToTime
RtlCreateHeap

Sections

.text
Size: 373KB - Virtual size: 372KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 138KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 197KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 836B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

234cff14d228cdd957b1604159f52792

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

imagehlp

kernel32

esent

winsta

ntdll

Sections

.text Size: 373KB - Virtual size: 372KB

.rdata Size: 138KB - Virtual size: 137KB

.data Size: 197KB - Virtual size: 1.5MB

.rsrc Size: 116KB - Virtual size: 115KB

.reloc Size: 1024B - Virtual size: 836B

.text
Size: 373KB - Virtual size: 372KB

.rdata
Size: 138KB - Virtual size: 137KB

.data
Size: 197KB - Virtual size: 1.5MB

.rsrc
Size: 116KB - Virtual size: 115KB

.reloc
Size: 1024B - Virtual size: 836B