1f197e80fcbc160bc1e5ea930c5758bbc1afe1589f4b6a195efc0e90c871cf8a

Sharing

Copy URL Twitter E-mail

General

Target

1f197e80fcbc160bc1e5ea930c5758bbc1afe1589f4b6a195efc0e90c871cf8a
Size

39KB
MD5

1c607bd0595904d556919a798c23a460
SHA1

c250593fcb24cf03ac6d2d400de758ddc74d15f3
SHA256

1f197e80fcbc160bc1e5ea930c5758bbc1afe1589f4b6a195efc0e90c871cf8a
SHA512

323c3e9ae91da84ec5bdf469ae2c82901b85680b40e255981d5b65565366e5734e256ed155eac436822d0b239e0b3fa0ebed332fa664bd187929c4ef584baa7d
SSDEEP

768:tFN6MJ/4ICdTvTbIz0zmdtaR06PL74mV7K6Ri6AuSlsO/BdXbxv+O:tFNpwdTvfY5taRrzY6RiBuSXz9+O

Score

N/A

Malware Config

Signatures

Files

1f197e80fcbc160bc1e5ea930c5758bbc1afe1589f4b6a195efc0e90c871cf8a
.exe windows x86

88f5b8a224e2f6213bcef481dff428b6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

GetTokenInformation
OpenProcessToken
ConvertSidToStringSidW

kernel32

UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
GetModuleHandleA
GetStartupInfoA
InterlockedCompareExchange
Sleep
InterlockedExchange
GetTickCount
LocalAlloc
CloseHandle
GetCommandLineW
LocalFree
GetLastError
CreateMutexW
GetCurrentProcess
SetUnhandledExceptionFilter

msvcrt

_controlfp
_except_handler4_common
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_vsnwprintf
_wcsicmp

crypt32

CryptStringToBinaryW
CertFreeCertificateContext
CryptBinaryToStringW

shell32

CommandLineToArgvW

efsadu

EfsUIUtilKeyBackup
EfsUIUtilSelectCard
EfsUIUtilPromptForPin
EfsUIUtilEnrollEfsCertificate
EfsUIUtilInstallDra
EfsUIUtilEncryptMyDocuments
EfsUIUtilShowBalloonAndWait

efsutil

EfsUtilGetCurrentKey

ntdll

RtlAllocateHeap
RtlImageNtHeader
RtlFreeHeap

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

88f5b8a224e2f6213bcef481dff428b6

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

crypt32

shell32

efsadu

efsutil

ntdll

Sections

.text Size: 7KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 920B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 28KB - Virtual size: 29KB

.text
Size: 7KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 920B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 28KB - Virtual size: 29KB