0c02b144b3017ede514feb7bfd3654e77a6bea6b58ec0fef643e373b47160251

Sharing

Copy URL Twitter E-mail

General

Target

0c02b144b3017ede514feb7bfd3654e77a6bea6b58ec0fef643e373b47160251
Size

43KB
MD5

919493267c15484504c0c59f2fde85da
SHA1

a4907b4dd8518842d4a03862e9cf662b846bf9c1
SHA256

0c02b144b3017ede514feb7bfd3654e77a6bea6b58ec0fef643e373b47160251
SHA512

173670368e2d059a562ac96ef9427e0cb6b3c5aa4327981ab4c1c19789820da8af3526dc602b3e952b24b19f5414d34bccd021f57925ce4a8821be3c183d9c4e
SSDEEP

768:hC2ZeDMM29153LFv0PQTZeoSAk0nndcud1Koi4/4ykivfbb08TR61:cmeDMt91phcPQQoSBOndcCKoiA4yJDbK

Score

N/A

Malware Config

Signatures

Files

0c02b144b3017ede514feb7bfd3654e77a6bea6b58ec0fef643e373b47160251
.exe windows x86

c1b938334a2904e3376b1f5f08177819

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateActCtxW
Process32Next
PeekConsoleInputW
GetFileSize
LocalShrink
LoadLibraryA
DebugActiveProcessStop
OpenSemaphoreA
GetConsoleScreenBufferInfo
VirtualProtectEx
_lcreat
LZOpenFileA
VirtualAlloc
SetNamedPipeHandleState
GetVolumeInformationW
FindFirstFileA
GlobalDeleteAtom
InterlockedFlushSList
AddAtomW

gdi32

AnimatePalette
GetCurrentPositionEx
GetGlyphOutlineA
bMakePathNameW
SetTextAlign
EngPaint
StartPage
ResetDCA
EnumFontsA
DdEntry28
PlayEnhMetaFileRecord
GdiConvertFont
GetGlyphOutline
CopyMetaFileA
CreateCompatibleDC
SetPixel
EndPage
GetRelAbs

secur32

AddSecurityPackageA
QueryCredentialsAttributesW
EncryptMessage
SetContextAttributesW
FreeCredentialsHandle
DeleteSecurityPackageA
LsaEnumerateLogonSessions
SaslEnumerateProfilesA
SaslIdentifyPackageA
LsaLookupAuthenticationPackage
UnsealMessage
QuerySecurityContextToken
QueryContextAttributesA
CompleteAuthToken
AcquireCredentialsHandleW
SecpTranslateNameEx
LsaFreeReturnBuffer

msvcrt20

_getpid
wcscat
strstr
??1ofstream@@UAE@XZ
_tclen
_cwait
tan
_lfind
_cabs
__p__pctype
??_8ostream@@7B@
??0ofstream@@QAE@H@Z
?snextc@streambuf@@QAEHXZ
?is_open@filebuf@@QBEHXZ

msvcrt

clock
?raw_name@type_info@@QBEPBDXZ
_chkesp
__unguarded_readlc_active
wcsftime
qsort
_ultow
_setmaxstdio
_putw
_ismbbtrail
_mbsnbcnt
__p__osver
_getwche
fabs
_spawnlp
_ismbcl0
_adj_fptan
_isctype
??1type_info@@UAE@XZ
_safe_fprem1
_osplatform
__getmainargs
_environ
__p__commode
__CxxCallUnwindDtor
_ismbbprint
_endthread
_rmtmp
iswupper
bsearch
_wcsnicmp
_mbctoupper
_mbsnicmp
__set_app_type

advapi32

I_ScPnPGetServiceName
QueryServiceConfig2W
WmiFreeBuffer
LsaQueryForestTrustInformation
CryptEnumProvidersW
SetServiceStatus
ConvertStringSidToSidW
WmiDevInstToInstanceNameW
LsaICLookupSids
BuildSecurityDescriptorA
LookupPrivilegeValueW
CryptVerifySignatureW

comdlg32

ChooseColorW
GetFileTitleW
GetSaveFileNameA
PrintDlgW
PrintDlgA
GetOpenFileNameW
GetFileTitleA
LoadAlterBitmap
ChooseFontW
PrintDlgExA
WantArrows
dwOKSubclass

user32

DestroyWindow

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 962B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c1b938334a2904e3376b1f5f08177819

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

gdi32

secur32

msvcrt20

msvcrt

advapi32

comdlg32

user32

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: 6KB - Virtual size: 9KB

.rsrc Size: 1024B - Virtual size: 962B

.reloc Size: 512B - Virtual size: 244B

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 6KB - Virtual size: 9KB

.rsrc
Size: 1024B - Virtual size: 962B

.reloc
Size: 512B - Virtual size: 244B