bffb3c13335f0e8ead71f335d79cefbee075af73802c989a01d668f250ba35b0

Sharing

Copy URL

Twitter E-mail

General

Target

bffb3c13335f0e8ead71f335d79cefbee075af73802c989a01d668f250ba35b0
Size

63KB
MD5

479b4cc55ca995a351e88de51cc2c510
SHA1

5c83ce7e797ebb1e7e7464abaee298e7ea3f31c8
SHA256

bffb3c13335f0e8ead71f335d79cefbee075af73802c989a01d668f250ba35b0
SHA512

a0cafe713dab05923141c065950924cebf2d340d2e583613324216383c200ea7cb0c6d15626f3d3f3bdd8088845ef92333365eb12d1dc9a2c7fc98fbedf23f0a
SSDEEP

768:/shDQSMvyMeo2oliqSwuaAQCfE2zPCRLJ0Woui7jMl89ppaYuqzdz9Zpafq3tvtU:/GDQJeChdAFfDCNJ0WoDx9hHdzZJ5r

Score

N/A

Malware Config

Signatures

Files

bffb3c13335f0e8ead71f335d79cefbee075af73802c989a01d668f250ba35b0
.exe windows x86

fb92ef247e1be6be67cfa6625459427e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

EncryptFileW
DecryptFileW
AddUsersToEncryptedFile
RemoveUsersFromEncryptedFile
AddUsersToEncryptedFileEx
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
LookupAccountSidW
FreeEncryptedFileKeyInfo
FreeEncryptionCertificateHashList
QueryRecoveryAgentsOnEncryptedFile
QueryUsersOnEncryptedFile
EncryptedFileKeyInfo
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptGetUserKey
FlushEfsCache
SetUserFileEncryptionKey

kernel32

GetFullPathNameW
GetComputerNameW
ReadConsoleW
SetConsoleMode
VirtualFree
VirtualAlloc
CloseHandle
SetEndOfFile
SetFilePointer
CreateFileW
DeviceIoControl
GetVolumeNameForVolumeMountPointW
VerifyVersionInfoW
VerSetConditionMask
FindClose
FindNextFileW
WideCharToMultiByte
FindFirstFileW
GetFileAttributesW
QueryDosDeviceW
FindVolumeClose
FindNextVolumeW
GetVolumeInformationW
FindFirstVolumeW
SetErrorMode
RemoveDirectoryW
SetLastError
GetTempFileNameW
CreateDirectoryW
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetDriveTypeW
GetVolumePathNameW
GetCurrentDirectoryW
SetCurrentDirectoryW
HeapSetInformation
DelayLoadFailureHook
FreeLibrary
InterlockedCompareExchange
LoadLibraryExA
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
UnhandledExceptionFilter
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
Sleep
InterlockedExchange
LocalFree
WriteConsoleW
FlushFileBuffers
lstrlenW
WriteFile
HeapFree
GetProcessHeap
HeapAlloc
FormatMessageW
GetFileType
GetStdHandle
GetConsoleMode
GetModuleHandleW
GetLastError
GetProcAddress
lstrcmpW

msvcrt

__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
exit
_XcptFilter
__set_app_type
?terminate@@YAXXZ
_controlfp
_get_osfhandle
_vsnwprintf
_except_handler4_common
_exit
_cexit
__wgetmainargs
_putws
_wcsnicmp
memcpy
getchar
printf
memset
_iob
fgetws
towupper
wcschr
_wcsicmp

ntdll

RtlNtStatusToDosError

rpcrt4

UuidCreate
RpcStringFreeW
UuidToStringW

user32

MessageBoxW

ntdsapi

DsCrackNamesW
DsBindW
DsUnBindW
DsFreeNameResultW

crypt32

CertCloseStore
CertFindCertificateInStore
CertOpenStore
CryptStringToBinaryW
CertAddCertificateContextToStore
CertGetEnhancedKeyUsage
CertFreeCertificateContext
CryptQueryObject
PFXExportCertStoreEx
CertEnumCertificatesInStore
CertGetCertificateContextProperty

bcrypt

BCryptGenRandom
BCryptOpenAlgorithmProvider
BCryptGetProperty
BCryptGenerateSymmetricKey
BCryptEncrypt
BCryptDestroyKey
BCryptCloseAlgorithmProvider

netapi32

DsRoleFreeMemory
DsRoleGetPrimaryDomainInformation

efsutil

EfsUtilCreateSelfSignedCertificate
EfsUtilGetSmartcardProviderName
EfsUtilGetCurrentUserInformation

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

tgyevsr
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fb92ef247e1be6be67cfa6625459427e

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

ntdll

rpcrt4

user32

ntdsapi

crypt32

bcrypt

netapi32

efsutil

Sections

.text Size: 31KB - Virtual size: 31KB

.data Size: 512B - Virtual size: 9KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 29KB - Virtual size: 30KB

tgyevsr Size: - Virtual size: 4KB

.text
Size: 31KB - Virtual size: 31KB

.data
Size: 512B - Virtual size: 9KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 29KB - Virtual size: 30KB

tgyevsr
Size: - Virtual size: 4KB