13b5669d038ceb435f259851e98255499035e9710ecc8c04768fb79e1db92017

Sharing

Copy URL Twitter E-mail

General

Target

13b5669d038ceb435f259851e98255499035e9710ecc8c04768fb79e1db92017
Size

687KB
MD5

7810cf6ebac6470499631eb1af872590
SHA1

b0c849f00c7edb6f6a8dc985fb5e467ddcc2a70b
SHA256

13b5669d038ceb435f259851e98255499035e9710ecc8c04768fb79e1db92017
SHA512

2c19059bac6ee7f26bdd63aa6f6d29b9af29b2411f9ca94df79ec7d7867e331aeca9f51cc7622fc0e357f5287bd1ab0f09281632f0a9934da9bf849bfada7893
SSDEEP

12288:zeq1UFysMaOWjez6iLNVxRhXyZRjOc6RVp4QCeJZbqSwFV0DV2afvQGXG6NW00PH:zemwyVaEzrFnXaRCc6Rn4QJgSC80PGYB

Score

N/A

Malware Config

Signatures

Files

13b5669d038ceb435f259851e98255499035e9710ecc8c04768fb79e1db92017
.exe windows x86

ef8b310855717b651373545c3d1a4fa2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

tapi32

lineAccept
lineInitializeExA
lineSetCurrentLocation
lineGetTranslateCapsW
lineSetAppPriorityW
lineOpenW
lineNegotiateExtVersion
lineMakeCallA
lineOpen

mscms

OpenColorProfileA
InternalGetPS2PreviewCRD
OpenColorProfileW
EnumColorProfilesW
EnumColorProfilesA
GetStandardColorSpaceProfileW

advapi32

LookupAccountNameW
IsValidSecurityDescriptor
RegQueryMultipleValuesA
OpenSCManagerW
SetSecurityDescriptorSacl
RegSetKeySecurity
RegDeleteKeyW
AddAccessDeniedAce
RegOpenCurrentUser
GetTokenInformation

kernel32

LocalAlloc
CreateTapePartition
SetCommTimeouts
CancelDeviceWakeupRequest
WritePrivateProfileStringA
AddAtomA
SetConsoleLocalEUDC
VirtualAlloc
LockFileEx
InterlockedIncrement
LoadLibraryExW
CreateHardLinkW
OpenJobObjectW
AssignProcessToJobObject
LocalLock
lstrcpynA
FindCloseChangeNotification
GetShortPathNameW
GetCommandLineW

Sections

.text
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 383KB - Virtual size: 389KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 123KB - Virtual size: 322KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 98KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 101B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 42B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 854B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ef8b310855717b651373545c3d1a4fa2

Headers

DLL Characteristics

File Characteristics

Imports

tapi32

mscms

advapi32

kernel32

Sections

.text Size: 41KB - Virtual size: 40KB

INIT Size: 383KB - Virtual size: 389KB

INIT Size: 123KB - Virtual size: 322KB

.bss Size: 98KB - Virtual size: 181KB

.data Size: 512B - Virtual size: 101B

.data Size: 512B - Virtual size: 42B

.rsrc Size: 39KB - Virtual size: 38KB

.reloc Size: 1024B - Virtual size: 854B

.text
Size: 41KB - Virtual size: 40KB

INIT
Size: 383KB - Virtual size: 389KB

INIT
Size: 123KB - Virtual size: 322KB

.bss
Size: 98KB - Virtual size: 181KB

.data
Size: 512B - Virtual size: 101B

.data
Size: 512B - Virtual size: 42B

.rsrc
Size: 39KB - Virtual size: 38KB

.reloc
Size: 1024B - Virtual size: 854B