edce4bfc57aab4c5b111b109407418d41cce226925105a5e10e56507a256fc5b

Sharing

Copy URL Twitter E-mail

General

Target

edce4bfc57aab4c5b111b109407418d41cce226925105a5e10e56507a256fc5b
Size

502KB
MD5

2c5a012eec0105213613f8c51ac05632
SHA1

8de5bd42ae67da85825e349baa617b8b31fff5b9
SHA256

edce4bfc57aab4c5b111b109407418d41cce226925105a5e10e56507a256fc5b
SHA512

50f422229b9e8cecad8a98ce3127b18ba2587176dd87db36f8615eaaafb0569778880a068a0436ffe0c367ea60a8b9d0a98951872c27272346c839c36a44f7f8
SSDEEP

12288:8zMrUGrTQ5BRXKojXI0fyQK1Fy/SmMpEr8G+YAfscRssjwcfT3lRlHlBWnz:q4l2V9r9+YQ6tcTlRlHGz

Score

N/A

Malware Config

Signatures

Files

edce4bfc57aab4c5b111b109407418d41cce226925105a5e10e56507a256fc5b
.exe windows x86

a988cffdc1f4f995ba306f05fcd974ad

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

wintrust

CryptCATAdminReleaseContext
WinVerifyTrust
CryptCATAdminAcquireContext
CryptCATAdminReleaseCatalogContext
CryptCATAdminEnumCatalogFromHash
CryptCATCatalogInfoFromContext
CryptCATAdminCalcHashFromFileHandle

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory
WTSQueryUserToken

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

psapi

GetModuleFileNameExW

winmm

timeGetTime
timeBeginPeriod
timeEndPeriod

shlwapi

PathRemoveFileSpecW

kernel32

CreateDirectoryW
CopyFileW
GetFileAttributesW
GetTempPathW
GetCurrentDirectoryW
CreateFileMappingW
SetCurrentDirectoryW
RemoveDirectoryW
GetFileAttributesExW
DeleteFileW
SetFileAttributesW
WideCharToMultiByte
MultiByteToWideChar
CreateProcessW
AssignProcessToJobObject
GetStdHandle
QueryPerformanceCounter
GetSystemTimeAsFileTime
QueryPerformanceFrequency
GetProcAddress
ExpandEnvironmentStringsW
GetNativeSystemInfo
GetModuleHandleW
GetVersionExW
SetFilePointer
GetTickCount
FormatMessageA
OutputDebugStringA
VirtualQuery
OpenFileMappingW
DuplicateHandle
SetEvent
IsDebuggerPresent
FreeLibrary
LoadLibraryW
GetUserDefaultLangID
FindFirstFileW
FindFirstFileExW
FindClose
FindNextFileW
MoveFileExW
FlushFileBuffers
GetFileSizeEx
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetSystemDirectoryW
GetWindowsDirectoryW
GetCurrentThread
RaiseException
CreateThread
TlsGetValue
TlsSetValue
TlsAlloc
TlsFree
GetQueuedCompletionStatus
InterlockedExchange
PostQueuedCompletionStatus
CreateIoCompletionPort
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
GetModuleHandleExW
GetModuleHandleExA
GetEnvironmentVariableW
SetEnvironmentVariableW
GetSystemInfo
EncodePointer
GetDriveTypeW
DecodePointer
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
GlobalAddAtomA
GlobalFindAtomA
UnmapViewOfFile
MapViewOfFile
GetCommandLineW
WTSGetActiveConsoleSessionId
ProcessIdToSessionId
OpenProcess
ResumeThread
OpenThread
TerminateProcess
GetCurrentProcess
WaitNamedPipeW
SetLastError
GetLastError
WriteFile
ReadFile
CreateFileW
LocalFree
CreateEventA
CreateMutexW
ReleaseMutex
GetCurrentThreadId
InterlockedCompareExchange
Sleep
SetErrorMode
SetUnhandledExceptionFilter
RtlCaptureContext
GetModuleFileNameW
GetCurrentProcessId
CreateEventW
WaitForSingleObject
CloseHandle
GetOEMCP
GetCPInfo
GetModuleFileNameA
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlUnwind
GetStringTypeW
GetTimeZoneInformation
WriteConsoleW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
OutputDebugStringW
SetEnvironmentVariableA
LoadLibraryExA
SetFilePointerEx
GetACP
IsValidCodePage
LoadLibraryExW
GetStartupInfoW
UnhandledExceptionFilter
GetConsoleMode
GetConsoleCP
GetFileType
SetStdHandle
GetFullPathNameW
GetCommandLineA
ExitProcess
IsProcessorFeaturePresent

advapi32

GetSecurityInfo
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
SystemFunction036
InitializeAcl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
StartServiceW
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerW
QueryServiceStatus
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
ChangeServiceConfig2W
ChangeServiceConfigW
LookupPrivilegeValueW
SetTokenInformation
RevertToSelf
ImpersonateLoggedOnUser
GetTokenInformation
DuplicateTokenEx
AdjustTokenPrivileges
OpenProcessToken
CreateProcessAsUserW
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
SetEntriesInAclW

ole32

CoTaskMemFree

user32

DestroyWindow
GetClassNameA
SetTimer
TranslateMessage
RegisterClassExW
PostQuitMessage
CallMsgFilterW
PeekMessageW
MsgWaitForMultipleObjectsEx
CreateWindowExW
DefWindowProcW
DispatchMessageW
wsprintfW
UnregisterClassW
PostMessageW
KillTimer
GetParent
WaitMessage
GetQueueStatus

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

Sections

.text
Size: 344KB - Virtual size: 344KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 7KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 81KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a988cffdc1f4f995ba306f05fcd974ad

Headers

DLL Characteristics

File Characteristics

Imports

wintrust

wtsapi32

version

psapi

winmm

shlwapi

kernel32

advapi32

ole32

user32

userenv

Sections

.text Size: 344KB - Virtual size: 344KB

.rdata Size: 60KB - Virtual size: 59KB

.data Size: 7KB - Virtual size: 22KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 81KB - Virtual size: 84KB

.text
Size: 344KB - Virtual size: 344KB

.rdata
Size: 60KB - Virtual size: 59KB

.data
Size: 7KB - Virtual size: 22KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 81KB - Virtual size: 84KB