79f382a016a200fd54df902bd603ca3e653aac60372e36596b0b8ef4fe2c5208

Sharing

Copy URL Twitter E-mail

General

Target

79f382a016a200fd54df902bd603ca3e653aac60372e36596b0b8ef4fe2c5208
Size

67KB
MD5

d82ad8e4e434e65e376e6335285cb569
SHA1

95025f58f13a68794710ec47e9bcea4e2c592a2a
SHA256

79f382a016a200fd54df902bd603ca3e653aac60372e36596b0b8ef4fe2c5208
SHA512

ea436ec28c5c06117df2d9e85cefcea67664f4d10ec669cbfdd152574ad4b40372b12d060a84161db1273b4afe6e5f38742cb0377a6344107be00b8db4b713cb
SSDEEP

768:C9kACrfTTnUCnDURSiBZCHHC4DCWoh+e8RtoHNaF6ayX+cCXkEGHTpEF7:CoHDgSssHC4GWQ+/RtoHxayNTEG9

Score

N/A

Malware Config

Signatures

Files

79f382a016a200fd54df902bd603ca3e653aac60372e36596b0b8ef4fe2c5208
.exe windows x86

221f9b45c3d95c687d29d276c31629f4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CryptSetOIDFunctionValue
CertEnumCTLsInStore
CertDuplicateStore
CryptVerifyDetachedMessageSignature
CryptMemAlloc
CertUnregisterSystemStore
CertGetCertificateChain
CryptUnprotectData
CertCloseStore
CryptSIPAddProvider
CryptUninstallDefaultContext
CryptMsgVerifyCountersignatureEncodedEx
CryptUnregisterOIDInfo
CertFindCTLInStore
CertGetCertificateContextProperty
CryptGetMessageSignerCount
CertCompareCertificateName
CertEnumSubjectInSortedCTL
CertAddSerializedElementToStore
CertFreeCRLContext
CertFindRDNAttr
CryptGetMessageCertificates
CryptQueryObject
CryptVerifyCertificateSignature
PFXExportCertStore
CertGetPublicKeyLength
CertFindCertificateInCRL
CryptImportPublicKeyInfo
CertGetIntendedKeyUsage
CryptMsgClose
CryptInstallOIDFunctionAddress
CryptSIPVerifyIndirectData
CryptExportPKCS8
CertCreateCRLContext
CryptEnumOIDInfo
PFXImportCertStore
CertGetNameStringW
CryptEnumKeyIdentifierProperties
CertCreateCertificateChainEngine
CertAddStoreToCollection
CryptSignAndEncodeCertificate
CertEnumCertificateContextProperties

clusapi

ClusterNodeOpenEnum
SetClusterNetworkPriorityOrder
ClusterNetworkCloseEnum
CloseClusterResource
GetClusterNetworkId
GetClusterNetworkKey
ClusterRegQueryValue
GetClusterGroupKey
ClusterGroupOpenEnum
ClusterRegEnumKey
ClusterNodeCloseEnum
GetClusterResourceKey
DeleteClusterGroup
SetClusterGroupName
ClusterResourceTypeControl
ClusterGroupEnum
SetClusterGroupNodeList
GetClusterFromNetwork
CloseClusterNotifyPort
ClusterNetInterfaceControl
ClusterGroupControl
GetClusterNotify
OpenCluster
ClusterNetworkControl
RemoveClusterResourceNode
SetClusterQuorumResource
CreateClusterNotifyPort
ClusterControl
RemoveClusterResourceDependency
ClusterResourceTypeCloseEnum
GetClusterGroupState
GetClusterNetInterfaceState
CloseClusterNetInterface
PauseClusterNode
BackupClusterDatabase
ChangeClusterResourceGroup
ClusterOpenEnum
CloseClusterGroup
ClusterRegDeleteValue
GetNodeClusterState
ClusterResourceEnum
ResumeClusterNode
OnlineClusterResource
ClusterResourceTypeOpenEnum
CreateClusterResource
ClusterEnum
ClusterRegOpenKey
AddClusterResourceDependency
GetClusterNodeKey
ClusterResourceCloseEnum
GetClusterFromResource
GetClusterNodeId
SetClusterNetworkName
ClusterNetworkOpenEnum
ClusterRegQueryInfoKey
GetClusterFromNode

user32

EndDialog
SendMessageW
DialogBoxParamA

wintrust

WVTAsn1SpcStatementTypeDecode
WintrustLoadFunctionPointers
WintrustAddDefaultForUsage
WinVerifyTrustEx
SoftpubDumpStructure
TrustOpenStores
WTHelperGetFileName
CryptCATGetAttrInfo
WVTAsn1SpcSpOpusInfoDecode
CryptCATAdminCalcHashFromFileHandle
CryptCATEnumerateCatAttr
SoftpubLoadSignature
WVTAsn1SpcIndirectDataContentDecode
CryptCATPutCatAttrInfo
CryptSIPRemoveSignedDataMsg
TrustFreeDecode
WTHelperGetProvCertFromChain
CryptCATOpen
OfficeCleanupPolicy
WintrustGetRegPolicyFlags
SoftpubCheckCert
WintrustGetDefaultForUsage
CryptSIPPutSignedDataMsg
WintrustAddActionID
CryptCATCDFEnumMembers
WintrustSetRegPolicyFlags
WTHelperIsInRootStore
WVTAsn1SpcLinkDecode
WVTAsn1SpcSpAgencyInfoEncode
CryptCATGetCatAttrInfo
CryptCATGetMemberInfo
CryptCATHandleFromStore
SoftpubInitialize
WVTAsn1SpcSigInfoEncode
MsCatConstructHashTag
WVTAsn1SpcFinancialCriteriaInfoDecode
WVTAsn1CatMemberInfoEncode
CryptCATAdminAddCatalog
WVTAsn1CatMemberInfoDecode
WVTAsn1SpcLinkEncode
CryptSIPGetSignedDataMsg
WVTAsn1CatNameValueEncode
WTHelperOpenKnownStores
WinVerifyTrust
SoftpubAuthenticode
CryptCATAdminReleaseContext
MsCatFreeHashTag
WTHelperGetFileHandle
WTHelperCertIsSelfSigned
WTHelperCheckCertUsage
CryptCATCDFClose
CryptCATPutAttrInfo
WTHelperGetAgencyInfo
DriverInitializePolicy
CryptSIPCreateIndirectData
mscat32DllRegisterServer
CryptCATAdminAcquireContext
CryptCATEnumerateMember
CryptCATAdminReleaseCatalogContext
WTHelperGetProvSignerFromChain
WVTAsn1SpcSigInfoDecode
CryptCATCatalogInfoFromContext
HTTPSFinalProv

kernel32

SetSystemTimeAdjustment
GetProcAddress
FileTimeToLocalFileTime

Sections

.text
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

221f9b45c3d95c687d29d276c31629f4

Headers

File Characteristics

Imports

crypt32

clusapi

user32

wintrust

kernel32

Sections

.text Size: 41KB - Virtual size: 41KB

.data Size: 8KB - Virtual size: 7KB

.rdata Size: 6KB - Virtual size: 5KB

.rsrc Size: 10KB - Virtual size: 12KB

.text
Size: 41KB - Virtual size: 41KB

.data
Size: 8KB - Virtual size: 7KB

.rdata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 10KB - Virtual size: 12KB