6fa6dea9a8f96599b172b3387b186d9686d2f59bc74ff178edff36086b060782

Sharing

Copy URL Twitter E-mail

General

Target

6fa6dea9a8f96599b172b3387b186d9686d2f59bc74ff178edff36086b060782
Size

137KB
MD5

a03f8f4eb7a496767ac8b47c894c4500
SHA1

153ae019a088b25d0a3c53e2bfb01f6e832374ca
SHA256

6fa6dea9a8f96599b172b3387b186d9686d2f59bc74ff178edff36086b060782
SHA512

b6e69f60b3e4eebe475cdc733e0dec93d8a42e5bda80bcfc10ebd83928ccb2c1b9afbb40447cfe0dfd6daacb01d9de1b70fe438844c3c391cc64aa5b79e6e2f7
SSDEEP

3072:qQCDFF0aBUyu+CUq7LsIkl0qs++zHBnGj7/Mdr9CP:qMcIUq7LsPg+aH9pR9C

Score

N/A

Malware Config

Signatures

Files

6fa6dea9a8f96599b172b3387b186d9686d2f59bc74ff178edff36086b060782
.exe windows x86

40c8aeca33016024a66860f8a35837c6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_putws
_wutime
_telli64
_fstat
_wcserror
?set_new_handler@@YAP6AXXZP6AXXZ@Z
_snwscanf
memcpy
_statusfp
_spawnvpe
_unlink
_set_sbh_threshold
_wstat64
_mbsnbicoll
_osver
_heapused
raise
_isctype
__p__mbctype
__p__amblksiz
_snprintf
rewind
_waccess
_wcsicoll
_rmtmp

advapi32

LsaSetForestTrustInformation
SetUserFileEncryptionKey
LsaStorePrivateData
AccessCheckByTypeResultListAndAuditAlarmW
CreateCodeAuthzLevel
WmiQuerySingleInstanceMultipleA
CredpDecodeCredential
LsaSetTrustedDomainInfoByName
AdjustTokenPrivileges
RegSaveKeyW
CryptSetProviderExA
UpdateTraceA
LsaQuerySecret
StopTraceA
InitiateSystemShutdownExA
RegCreateKeyExW
OpenTraceA
AddAce
LookupAccountSidA

mapistub

FBinFromHex@8
MAPILogonEx
MAPIDeleteMail
FreePadrlist@4
MAPIOpenFormMgr
WrapCompressedRTFStream
MAPIAllocateBuffer@8
FBadRglpszW@8
UNKOBJ_ScCOAllocate@12
FBadRestriction@4
__ValidateParameters@8
BMAPIDetails
HrSetOneProp@8
GetOutlookVersion@0
CchOfEncoding@4
HrAddColumns@16

kernel32

GetProcessId
GetFileAttributesExW
ReadConsoleOutputCharacterW
WideCharToMultiByte
RtlMoveMemory
BaseUpdateAppcompatCache
DisconnectNamedPipe
SetTermsrvAppInstallMode
AddLocalAlternateComputerNameA
GetTimeZoneInformation
FindVolumeClose
VirtualProtectEx
ReadProcessMemory
GetProfileSectionA
_lcreat
LoadLibraryA
RequestDeviceWakeup
ConsoleMenuControl
CopyFileExW
IsValidLocale
EndUpdateResourceA
VirtualAlloc

softpub

DriverInitializePolicy
SoftpubDumpStructure
SoftpubLoadDefUsageCallData
SoftpubCleanup
SoftpubLoadMessage
GenericChainCertificateTrust
OfficeCleanupPolicy
SoftpubCheckCert
FindCertsByIssuer
SoftpubDefCertInit
OfficeInitializePolicy
OpenPersonalTrustDBDialog
GenericChainFinalProv
SoftpubInitialize
AddPersonalTrustDBPages
SoftpubLoadSignature
DriverFinalPolicy
SoftpubFreeDefUsageCallData
SoftpubAuthenticode
HTTPSFinalProv
DriverCleanupPolicy
HTTPSCertificateTrust

user32

MessageBoxW
EndDialog

shell32

SHGetMalloc

Sections

.text
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.xxxdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.iiidata
Size: 57KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

40c8aeca33016024a66860f8a35837c6

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

advapi32

mapistub

kernel32

softpub

user32

shell32

Sections

.text Size: 73KB - Virtual size: 72KB

.xxxdata Size: 3KB - Virtual size: 3KB

.iiidata Size: 57KB - Virtual size: 212KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 560B

.text
Size: 73KB - Virtual size: 72KB

.xxxdata
Size: 3KB - Virtual size: 3KB

.iiidata
Size: 57KB - Virtual size: 212KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 560B