4a3c13a3ebb1ea1c2769c4e5004f573bf8fcbcb1411ab3fa86936f4f8c2c6471

Sharing

Copy URL

Twitter E-mail

General

Target

4a3c13a3ebb1ea1c2769c4e5004f573bf8fcbcb1411ab3fa86936f4f8c2c6471
Size

69KB
MD5

6d1f0b3ffe28430618659ba734507177
SHA1

5b955c198c437ffd878dea86e1ffcbb58e060382
SHA256

4a3c13a3ebb1ea1c2769c4e5004f573bf8fcbcb1411ab3fa86936f4f8c2c6471
SHA512

9e157d04cb3b88176ab7a4a8f7f0b96e67b21199e8a1ac1e87d0527caa6cb2496b357481f775b5bab782e36a2020c77af586366b9c8526c9e0082800581766af
SSDEEP

1536:7I6C6jWHfhfWlLrPFZaXCtjWOeUeEsRha1SynPX2a:Ut/hfSQCtjfeUeuS0Ph

Score

N/A

Malware Config

Signatures

Files

4a3c13a3ebb1ea1c2769c4e5004f573bf8fcbcb1411ab3fa86936f4f8c2c6471
.exe windows x86

86b83ac4ba379345e50ce95bdbc49988

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

EnumProcessModules
GetMappedFileNameW
GetModuleInformation

advapi32

GetTokenInformation
CryptReleaseContext
RegOpenKeyW
CryptAcquireContextW
SetServiceStatus
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
OpenProcessToken
OpenThreadToken
AdjustTokenPrivileges
PrivilegeCheck
LookupPrivilegeValueW
StartServiceW
CloseServiceHandle
OpenServiceW
OpenSCManagerW
QueryServiceStatus
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
GetSecurityDescriptorDacl
CopySid
GetLengthSid
SetServiceObjectSecurity
AllocateAndInitializeSid
SetSecurityDescriptorDacl
AddAccessAllowedAceEx
AddAccessDeniedAceEx
InitializeAcl
InitializeSecurityDescriptor

wintrust

WTHelperGetProvCertFromChain
WTHelperProvDataFromStateData
WinVerifyTrust
WTHelperGetProvSignerFromChain

crypt32

CertEnumCertificatesInStore
CertNameToStrW
CertCompareCertificate
CertOpenStore
CertAddSerializedElementToStore

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
FindClose
FindFirstFileW
GetModuleHandleA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
VirtualProtect
GetProcAddress
GetModuleHandleW
GetVersion
GetLastError
DeviceIoControl
WaitForSingleObject
SetProcessWorkingSetSize
GetCurrentProcess
GetSystemDirectoryW
CloseHandle
CreateThread
CreateEventW
SetEvent
FreeLibrary
LoadLibraryA
GetCurrentThread
Sleep
CreateFileW
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
GetFileAttributesExW
GetSystemWindowsDirectoryW
EnterCriticalSection
QueryDosDeviceW
GetLogicalDriveStringsW
LoadLibraryW
GetVersionExW
OpenProcess
DeleteCriticalSection
InitializeCriticalSection
GetWindowsDirectoryW
GetEnvironmentVariableW
FileTimeToSystemTime
FileTimeToLocalFileTime
IsBadReadPtr
SetLastError
GetModuleFileNameW
InterlockedCompareExchange
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
GetCurrentThreadId
QueryPerformanceCounter
DebugBreak

msvcrt

wcschr
malloc
memset
free
_snwprintf
_purecall
wcsrchr
wcsncpy
printf
memcpy
_stricmp
_wcsnicmp
_wcsdup
_wcsicmp
_unlock
__dllonexit
_lock
_onexit
_cexit
_exit
_XcptFilter
exit
_initterm
_amsg_exit
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
?terminate@@YAXXZ
_controlfp
wcscpy
_errno
__wgetmainargs
wcscat

ntdll

RtlUnwind

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bldvar
Size: 512B - Virtual size: 19B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

86b83ac4ba379345e50ce95bdbc49988

Headers

DLL Characteristics

File Characteristics

Imports

psapi

advapi32

wintrust

crypt32

kernel32

msvcrt

ntdll

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 21KB - Virtual size: 22KB

.bldvar Size: 512B - Virtual size: 19B

.rsrc Size: 4KB - Virtual size: 4KB

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 21KB - Virtual size: 22KB

.bldvar
Size: 512B - Virtual size: 19B

.rsrc
Size: 4KB - Virtual size: 4KB