f0a9609674af65a81b8bf2a5dd4000d1410ac2bde658254d0dde16d4a6e13ba3

Sharing

Copy URL

Twitter E-mail

General

Target

f0a9609674af65a81b8bf2a5dd4000d1410ac2bde658254d0dde16d4a6e13ba3
Size

634KB
MD5

6f43fe744e35d0a3ea47d492ef0ee2e4
SHA1

e6c0909eb2a773881ede7fad4285fa13929ca69c
SHA256

f0a9609674af65a81b8bf2a5dd4000d1410ac2bde658254d0dde16d4a6e13ba3
SHA512

77ff8c040e261498e1a09b1634cdfe9ffad240b80d8dc26d86516a7a8d39e31f5f8b071795ab32f713899e5361605cf6f64ff879d09c80f6716ef788cc60607e
SSDEEP

12288:6/HzMUYE/6iXRdcZLMDtQjEVPf235IY/JkyPLUF7kpnZ85Ayw:6/TCEXR26tQjMu35EyPLUFUnZ85Ay

Score

N/A

Malware Config

Signatures

Files

f0a9609674af65a81b8bf2a5dd4000d1410ac2bde658254d0dde16d4a6e13ba3
.exe windows x86

ab27d6de4f0ad5ecc5d89a802e338769

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

libeay32

ord248
ord3212
ord549
ord109
ord378
ord1882
ord224
ord1308
ord957
ord206
ord624
ord625
ord52
ord654
ord298
ord281
ord575
ord907
ord57
ord657
ord1309
ord558
ord129
ord649
ord680
ord2442
ord1654
ord566
ord2431
ord9
ord653
ord1963
ord576
ord411
ord529
ord578
ord1002
ord1180
ord585
ord11
ord1018
ord567
ord648
ord402
ord2080
ord579
ord181
ord1958
ord366
ord1060
ord1870
ord82
ord1653
ord1304
ord67
ord1291
ord572
ord909
ord401
ord151
ord555
ord87
ord910
ord399
ord2596
ord66
ord904
ord965
ord202
ord395
ord485
ord3866
ord95
ord78
ord656
ord89
ord815
ord227
ord223
ord1846
ord128
ord486
ord641
ord247
ord497
ord754
ord252
ord484
ord363
ord2256
ord2572
ord3877
ord961
ord2970
ord3837
ord2708
ord3879
ord315
ord2821
ord222
ord2147
ord2492
ord2493
ord256
ord3165
ord3857
ord259
ord3844
ord2949
ord2502
ord3816
ord257
ord784
ord464
ord2490
ord3899
ord258
ord2399
ord964
ord3841
ord809
ord3873
ord269
ord267
ord2628
ord2747
ord2630
ord2784
ord268
ord316
ord3891
ord2485
ord2516
ord2504
ord3836
ord794
ord364

ssleay32

ord98
ord74
ord129
ord40
ord286
ord16
ord52
ord21
ord151
ord175
ord6
ord171
ord28
ord25
ord83
ord71
ord15
ord38
ord82
ord22
ord183
ord86
ord8
ord48
ord12
ord3
ord127
ord158
ord17
ord169
ord172
ord75
ord130
ord170
ord180
ord61
ord177
ord121
ord5

lzo2

__lzo_init_v2
lzo1x_1_15_compress
lzo1x_decompress_safe

libpkcs11-helper-1

pkcs11h_getMessage
pkcs11h_certificate_deserializeCertificateId
pkcs11h_setLogHook
pkcs11h_certificate_create
pkcs11h_forkFixup
pkcs11h_addProvider
pkcs11h_certificate_serializeCertificateId
pkcs11h_setProtectedAuthentication
pkcs11h_certificate_freeCertificateIdList
pkcs11h_certificate_freeCertificateId
pkcs11h_setPINPromptHook
pkcs11h_setForkMode
pkcs11h_engine_setSystem
pkcs11h_logout
pkcs11h_certificate_enumCertificateIds
pkcs11h_terminate
pkcs11h_setPINCachePeriod
pkcs11h_initialize
pkcs11h_setTokenPromptHook
pkcs11h_setLogLevel
pkcs11h_certificate_getCertificateBlob
pkcs11h_openssl_createSession
pkcs11h_openssl_session_getX509
pkcs11h_openssl_session_getRSA
pkcs11h_openssl_getX509
pkcs11h_certificate_freeCertificate
pkcs11h_openssl_freeSession

ws2_32

ntohl
WSAWaitForMultipleEvents
ioctlsocket
WSASetLastError
WSAAddressToStringA
WSAStringToAddressA
setsockopt
WSAGetLastError
htonl
listen
send
closesocket
recv
getsockname
ntohs
inet_ntoa
select
freeaddrinfo
WSASendTo
accept
getnameinfo
getsockopt
WSAGetOverlappedResult
socket
bind
WSARecvFrom
WSASend
WSARecv
getaddrinfo
connect
WSACleanup
WSAEventSelect
WSAEnumNetworkEvents
WSAStartup
htons

crypt32

CryptAcquireCertificatePrivateKey
CertFreeCertificateContext
CertFindCertificateInStore
CertCloseStore
CertOpenStore

iphlpapi

DeleteIpForwardEntry
GetIpForwardTable
GetInterfaceInfo
DeleteIPAddress
GetAdaptersInfo
GetAdapterIndex
IpReleaseAddress
AddIPAddress
GetPerAdapterInfo
FlushIpNetTable
IpRenewAddress
CreateIpForwardEntry

kernel32

ReadConsoleW
WideCharToMultiByte
GetConsoleMode
SetConsoleMode
ReadFile
GetStdHandle
GetFileType
FormatMessageA
GetLastError
LocalFree
SetFilePointer
CreateFileW
WaitForSingleObject
SetLastError
Sleep
SetConsoleOutputCP
DeleteFileW
GetCurrentProcessId
FreeLibrary
LoadLibraryW
GetProcAddress
SetEvent
ResetEvent
CreateFileA
GetOverlappedResult
DeviceIoControl
CancelIo
CloseHandle
GetNumberOfConsoleInputEvents
CreateProcessW
GetConsoleTitleA
ReadConsoleInputA
CreateEventA
GetExitCodeProcess
CreateSemaphoreA
CreateProcessA
GetEnvironmentVariableA
MultiByteToWideChar
GetTickCount
IsDebuggerPresent
IsProcessorFeaturePresent
EncodePointer
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
DecodePointer
GetStartupInfoW
ReleaseSemaphore
SetConsoleTitleA
GetStartupInfoA
GetModuleFileNameA
GetTempPathA
WriteFile

advapi32

CryptSetHashParam
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey
SetKernelObjectSecurity
RegOpenKeyExA
RegEnumKeyExA
RegQueryValueExA
CryptDestroyHash
CryptCreateHash
CryptSignHashA
CryptReleaseContext
CryptGetHashParam

msvcr110

isalnum
calloc
free
isspace
strchr
malloc
ispunct
strncpy
fgets
isalpha
isdigit
iscntrl
fclose
isxdigit
sscanf
isprint
strncmp
printf
memmove
_dup2
__iob_func
fflush
memset
fprintf
_open_osfhandle
exit
_fdopen
_stricmp
atoi
_errno
srand
strrchr
_difftime64
toupper
strerror
strstr
strtol
_time64
_ctime64
_wopen
_wfopen
_wstat64i32
_wchdir
_waccess
rand
strcspn
fgetc
fopen
_snwprintf
tolower
_vsnprintf
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
_XcptFilter
_amsg_exit
__wgetmainargs
__set_app_type
_exit
_cexit
_configthreadlocale
__setusermatherr
_initterm_e
_initterm
__winitenv
_fmode
_commode
?terminate@@YAXXZ
__crtSetUnhandledExceptionFilter
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
_invoke_watson
_except_handler4_common
_write
_read
_close
_strdup
_lseek
_chsize
memcpy
_controlfp_s

Sections

.text
Size: 428KB - Virtual size: 428KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 149KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 54KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ab27d6de4f0ad5ecc5d89a802e338769

Headers

DLL Characteristics

File Characteristics

Imports

libeay32

ssleay32

lzo2

libpkcs11-helper-1

ws2_32

crypt32

iphlpapi

kernel32

advapi32

msvcr110

Sections

.text Size: 428KB - Virtual size: 428KB

.rdata Size: 149KB - Virtual size: 148KB

.data Size: 512B - Virtual size: 27KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 54KB - Virtual size: 55KB

.text
Size: 428KB - Virtual size: 428KB

.rdata
Size: 149KB - Virtual size: 148KB

.data
Size: 512B - Virtual size: 27KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 54KB - Virtual size: 55KB