9e3a77650bfd73c73c92a1f3a185ecb5b8d7d1677b81819750e70bcaefe0ddaf

Sharing

Copy URL Twitter E-mail

General

Target

9e3a77650bfd73c73c92a1f3a185ecb5b8d7d1677b81819750e70bcaefe0ddaf
Size

65KB
MD5

8146d3729f685015354f6460ded859f0
SHA1

5842a7b45a5191536acaee3cc7a2eabd8f128a04
SHA256

9e3a77650bfd73c73c92a1f3a185ecb5b8d7d1677b81819750e70bcaefe0ddaf
SHA512

c931b95926596aaf441ee711948cdaf7a534a9270e3074d9341c157ca8f777ec6e8242fe9dd5ff8eeb868caf9a5ce8b2f356483a2d9ce55a10b445dab81026f9
SSDEEP

1536:sffCV0ogHgH0Eap52hebxRAm+KdKcNjTddyKFvfi2tjSw8:sfqm9AH8p52h2bpQcFpdyUvK2t2r

Score

N/A

Malware Config

Signatures

Files

9e3a77650bfd73c73c92a1f3a185ecb5b8d7d1677b81819750e70bcaefe0ddaf
.exe windows x86

84cbaa457a13f7f7dcc14c7e9297f66a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

EncryptedFileKeyInfo
AddUsersToEncryptedFile
CryptAcquireContextW
FlushEfsCache
DecryptFileW
EqualSid
CryptReleaseContext
RegQueryValueExW
ConvertStringSidToSidW
LookupAccountSidW
QueryRecoveryAgentsOnEncryptedFile
RegOpenKeyExW
CryptDestroyKey
SetUserFileEncryptionKey
AddUsersToEncryptedFileEx
FreeEncryptedFileKeyInfo
FreeEncryptionCertificateHashList
QueryUsersOnEncryptedFile
CryptGetUserKey
EncryptFileW
RegCloseKey
RemoveUsersFromEncryptedFile

kernel32

SetFilePointer
GetDriveTypeW
SetEndOfFile
SetErrorMode
VerSetConditionMask
CreateDirectoryW
GetComputerNameW
VirtualFree
ReadConsoleW
GetVolumePathNameW
FindNextVolumeW
SetConsoleMode
GetLastError
CreateFileW
lstrcmpW
FlushFileBuffers
VerifyVersionInfoW
GetCurrentDirectoryW
SetLastError
VirtualAlloc
GetDiskFreeSpaceW
FindClose
SetCurrentDirectoryW
FindVolumeClose
QueryDosDeviceW
DeviceIoControl
HeapSetInformation
FindNextFileW
GetDiskFreeSpaceExW
CloseHandle
FindFirstVolumeW
GetVolumeNameForVolumeMountPointW
GetVolumeInformationW
ResolveDelayLoadedAPI
DelayLoadFailureHook
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleA
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Sleep
FindFirstFileW
GetFullPathNameW
GetTempFileNameW
LocalFree
GetFileType
RemoveDirectoryW
GetProcAddress
GetStdHandle
lstrlenW
WriteConsoleW
FormatMessageW
GetConsoleMode
WideCharToMultiByte
WriteFile
GetProcessHeap
GetModuleHandleW
HeapFree
HeapAlloc
GetFileAttributesW

msvcrt

_initterm
?terminate@@YAXXZ
_controlfp
_except_handler4_common
memcpy
memcmp
__setusermatherr
__p__fmode
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
getchar
towupper
_putws
_iob
printf
_wcsnicmp
_get_osfhandle
_vsnwprintf
_wcsicmp
wcschr
fgetws
memset

ntdll

RtlNtStatusToDosError

rpcrt4

UuidToStringW
UuidCreate
RpcStringFreeW

user32

MessageBoxW

ntdsapi

DsCrackNamesW
DsBindW
DsUnBindW
DsFreeNameResultW

crypt32

CertOpenStore
CertGetEnhancedKeyUsage
CertFreeCertificateContext
CertAddCertificateContextToStore
CertFindCertificateInStore
CertCloseStore
CertGetCertificateContextProperty
CertEnumCertificatesInStore
CryptStringToBinaryW
PFXExportCertStoreEx
CryptQueryObject

bcrypt

BCryptGetProperty
BCryptDestroyKey
BCryptCloseAlgorithmProvider
BCryptGenerateSymmetricKey
BCryptOpenAlgorithmProvider
BCryptGenRandom
BCryptEncrypt

netapi32

DsRoleGetPrimaryDomainInformation
DsRoleFreeMemory

efsutil

EfsUtilGetCurrentUserInformation
EfsUtilCreateSelfSignedCertificate
EfsUtilGetSmartcardProviderName

feclient

EfsClientQueryProtectors
EfsClientFreeProtectorList

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

zkzikik
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

84cbaa457a13f7f7dcc14c7e9297f66a

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

ntdll

rpcrt4

user32

ntdsapi

crypt32

bcrypt

netapi32

efsutil

feclient

Sections

.text Size: 26KB - Virtual size: 26KB

.data Size: 512B - Virtual size: 9KB

.idata Size: 5KB - Virtual size: 4KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 30KB - Virtual size: 31KB

zkzikik Size: - Virtual size: 4KB

.text
Size: 26KB - Virtual size: 26KB

.data
Size: 512B - Virtual size: 9KB

.idata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 30KB - Virtual size: 31KB

zkzikik
Size: - Virtual size: 4KB