56a5dfe870b97321288c7c31d589db2f2d1d0971fdae38c4470a0f609e29cd97

Sharing

Copy URL

Twitter E-mail

General

Target

56a5dfe870b97321288c7c31d589db2f2d1d0971fdae38c4470a0f609e29cd97
Size

331KB
MD5

a21afcbb38a68ba46e76d99dc2f82ec0
SHA1

a21106247d6d545158e66b739138301c0185b174
SHA256

56a5dfe870b97321288c7c31d589db2f2d1d0971fdae38c4470a0f609e29cd97
SHA512

8ecb28a2a24f91cf8f8d72bac6f8ea24a166f9d534d736de430ebd32b092f4f2762a6e23a5e79f533e0e1bd8c5e57bf6e13a02079249216a6e6235e2ce9474ae
SSDEEP

6144:+0gVC0TeKb8ug2h+guJE8BpImwxaRAaC6XrgIHYH:+0KFTNs2szJImfAaCSHYH

Score

N/A

Malware Config

Signatures

Files

56a5dfe870b97321288c7c31d589db2f2d1d0971fdae38c4470a0f609e29cd97
.exe windows x86

d8a0f897ff689ab0079b739bc22c3b34

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

msi

DllGetVersion
MsiCollectUserInfoW
MsiEvaluateConditionA
MsiGetLastErrorRecord
MsiViewFetch
MsiSourceListForceResolutionA
MsiGetFileHashW
MsiCreateTransformSummaryInfoA
MsiMessageBoxW
MsiViewExecute
MsiSummaryInfoGetPropertyW
MsiGetFeatureValidStatesA
MsiOpenDatabaseW
MsiDatabaseImportW
MsiSourceListClearAllA
MsiOpenDatabaseA
MsiConfigureProductW
MsiRecordSetStringA
MsiSummaryInfoSetPropertyA
MsiRecordReadStream
MsiViewGetColumnInfo
MsiIsProductElevatedA
MsiDatabaseIsTablePersistentA
MsiProvideQualifiedComponentExW

pdh

PdhEnumObjectItemsA
PdhVbAddCounter
PdhLookupPerfIndexByNameW
PdhVbGetDoubleCounterValue
PdhVbOpenLog
PdhOpenQueryH
PdhOpenQuery
PdhGetDefaultPerfObjectHW
PdhComputeCounterStatistics
PdhAddCounterA
PdhVerifySQLDBA
PdhSelectDataSourceW
PdhEnumObjectsHW
PdhVbGetOneCounterPath
PdhGetCounterTimeBase
PdhGetFormattedCounterArrayA
PdhGetDefaultPerfCounterHA
PdhVbOpenQuery
PdhLookupPerfNameByIndexW
PdhUpdateLogA
PdhRemoveCounter
PdhParseInstanceNameW
PdhAdd009CounterW
PdhEnumObjectItemsHA

iphlpapi

InternalCreateIpNetEntry
Icmp6ParseReplies
SetIfEntry
NotifyAddrChange
DisableMediaSense
IcmpParseReplies
SetTcpEntry
_PfMakeLog@4
InternalSetIpNetEntry
_PfGetInterfaceStatistics@16
NhpAllocateAndGetInterfaceInfoFromStack
NTTimeToNTPTime
InternalDeleteIpForwardEntry
AddIPAddress
IcmpSendEcho
InternalGetTcpTable
InternalSetIpStats

kernel32

IsValidLocale
SetVolumeMountPointW
FindNextFileA
GetConsoleInputExeNameW
GlobalFindAtomA
SetConsoleDisplayMode
SetCommTimeouts
RemoveDirectoryA
SizeofResource
DeleteFileW
LoadLibraryA
FillConsoleOutputAttribute
VirtualAlloc
GetCurrentProcessId
GetEnvironmentStringsA
CreateMailslotW
ReadConsoleInputW
GetTempPathA
GetNumberOfConsoleMouseButtons
GetHandleInformation
CreateMemoryResourceNotification
EnumSystemLocalesW
SetConsoleNumberOfCommandsW
DeleteFileA
SetSystemTimeAdjustment
RtlCaptureStackBackTrace
GetNumaAvailableMemoryNode
QueryInformationJobObject
GetConsoleAliasA
GetPrivateProfileIntA
LockFile

advapi32

LsaLookupPrivilegeDisplayName
OpenBackupEventLogA
ConvertSDToStringSDRootDomainA
CryptGenRandom
BuildTrusteeWithObjectsAndSidA
AddAuditAccessAceEx
UnlockServiceDatabase
FreeInheritedFromArray
GetAuditedPermissionsFromAclW
ElfChangeNotify
GetOldestEventLogRecord
GetSecurityInfoExW
WmiSetSingleInstanceA
GetSecurityDescriptorDacl
ConvertSidToStringSidW
SetPrivateObjectSecurity
CredRenameA
ElfRegisterEventSourceA

ntdll

_wcsupr
sin
ZwCreateTimer
RtlQueryHeapInformation
_CIlog
RtlAddAtomToAtomTable
RtlEnableEarlyCriticalSectionEventCreation
ZwMapUserPhysicalPagesScatter
RtlIsGenericTableEmptyAvl
ZwResetWriteWatch
RtlCreateAndSetSD
NtOpenTimer
RtlUnicodeToOemN
RtlEnumerateGenericTableWithoutSplayingAvl
NtCancelIoFile
RtlUnicodeStringToOemSize
memcpy
ZwSetVolumeInformationFile
RtlOemToUnicodeN
RtlUnicodeToMultiByteN
ZwSaveKeyEx

Sections

.text
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 208KB - Virtual size: 207KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 378KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d8a0f897ff689ab0079b739bc22c3b34

Headers

File Characteristics

Imports

msi

pdh

iphlpapi

kernel32

advapi32

ntdll

Sections

.text Size: 110KB - Virtual size: 109KB

.rdata Size: 208KB - Virtual size: 207KB

.data Size: 1024B - Virtual size: 378KB

.rsrc Size: 11KB - Virtual size: 10KB

.text
Size: 110KB - Virtual size: 109KB

.rdata
Size: 208KB - Virtual size: 207KB

.data
Size: 1024B - Virtual size: 378KB

.rsrc
Size: 11KB - Virtual size: 10KB