cae3f272333b409d12f2be34366ffc2e073fa7023ef79fa923910b0ee9743f43

Sharing

Copy URL Twitter E-mail

General

Target

cae3f272333b409d12f2be34366ffc2e073fa7023ef79fa923910b0ee9743f43
Size

57KB
MD5

498f9e9406f82e11b5201ccec1ef1790
SHA1

5e6fe48a503f5e3e495b7c86f96d0f8fd447fc82
SHA256

cae3f272333b409d12f2be34366ffc2e073fa7023ef79fa923910b0ee9743f43
SHA512

6e53d2f67e16f813e2afdedcf79a9a41d6acc1255244b9044e0656190ba5c14e7ee82d45195ab90ffadeff3098d0ae9dfe0ff65ddbbc332ba849c4ec8758698d
SSDEEP

768:kxqFh+VThh2ZEtQHf6RSp3rVL/OpFK1+3pIbIy70K7CWOELGIwLLLsGY+1N:kQhkThAevRSp3rVKK1eHg0REXGY0

Score

N/A

Malware Config

Signatures

Files

cae3f272333b409d12f2be34366ffc2e073fa7023ef79fa923910b0ee9743f43
.exe windows x86

ef16b0fbaa538503a74d4f490e240a53

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CryptDecryptAndVerifyMessageSignature
CryptCloseAsyncHandle
CryptMsgDuplicate
CryptSignAndEncodeCertificate
CryptDecryptMessage
CertVerifyValidityNesting
CryptMsgSignCTL
CryptMsgGetAndVerifySigner
CryptEnumOIDInfo
CertAddCTLContextToStore
CryptEnumKeyIdentifierProperties
CryptSignMessage
CertGetEnhancedKeyUsage
CryptSetKeyIdentifierProperty
CryptSIPRetrieveSubjectGuid
CertAddCertificateLinkToStore
CertStrToNameA
CryptVerifyMessageSignature
CryptMsgVerifyCountersignatureEncoded
CryptVerifyCertificateSignature
CertAddEncodedCertificateToSystemStoreW
CryptHashToBeSigned
CertCreateCertificateContext
CertEnumCRLsInStore
CryptDecodeObjectEx
CertCompareCertificateName
CertEnumCertificateContextProperties
CertSaveStore
CryptProtectData
CertCompareCertificate
CertCompareIntegerBlob
PFXIsPFXBlob
CryptUninstallDefaultContext
CertEnumCTLsInStore
CertFindCertificateInCRL
CertOpenStore
CertFindCTLInStore
CertFindAttribute
CryptMsgGetParam

ntdsapi

DsAddSidHistoryA
DsMakeSpnA
DsBindWithSpnA
DsFreePasswordCredentials
DsReplicaDelW

oleacc

GetOleaccVersionInfo

wtsapi32

WTSQueryUserConfigA
WTSEnumerateProcessesW
WTSFreeMemory
WTSEnumerateProcessesA
WTSDisconnectSession
WTSVirtualChannelPurgeOutput
WTSSetUserConfigA
WTSQuerySessionInformationA
WTSEnumerateServersW
WTSQueryUserConfigW
WTSVirtualChannelQuery
WTSLogoffSession
WTSTerminateProcess
WTSVirtualChannelWrite
WTSSetSessionInformationW
WTSVirtualChannelRead
WTSEnumerateSessionsA
WTSQuerySessionInformationW
WTSEnumerateSessionsW

kernel32

GetProcAddress
ExitProcess
InitializeCriticalSection
GetComputerNameExW

user32

DialogBoxParamA
SendMessageA
EndDialog

ws2_32

WSAAccept
WSAGetServiceClassNameByClassIdA
WSADuplicateSocketW
WSAEnumNetworkEvents
WSALookupServiceBeginA
WSCInstallNameSpace
WSAAsyncGetHostByName
WSCInstallProvider
inet_ntoa
WSCGetProviderPath
WSACloseEvent
WSAAsyncGetServByName
WSALookupServiceEnd
WSAInstallServiceClassW
WSAUnhookBlockingHook
WSAAsyncGetProtoByNumber
WSADuplicateSocketA
WSAEnumNameSpaceProvidersW
WSASocketW
send
WSAConnect
WSAAsyncGetHostByAddr
WSAEnumProtocolsA
WSALookupServiceNextA
gethostbyname
ntohs
WSACancelBlockingCall
bind
WSAJoinLeaf
WSAAsyncGetServByPort
recv
WSASetServiceA
gethostbyaddr
WSAEnumNameSpaceProvidersA
WSAStringToAddressW
inet_addr
WSAGetServiceClassInfoW
WSASend
WPUCompleteOverlappedRequest
WSANtohs
WSAEventSelect
WSACleanup
WSASetEvent
WSAAsyncGetProtoByName
WSASendDisconnect
WSAIoctl
listen
socket
getprotobyname
__WSAFDIsSet
WSACancelAsyncRequest
htonl
setsockopt
WSAIsBlocking
WSAProviderConfigChange
WSAHtonl
WSALookupServiceBeginW
htons
recvfrom
WEP
WSAAddressToStringA
WSCEnumProtocols

secur32

EnumerateSecurityPackagesW
FreeContextBuffer
GetUserNameExW
LsaRegisterPolicyChangeNotification
SaslEnumerateProfilesA
VerifySignature
CompleteAuthToken
QuerySecurityPackageInfoA
TranslateNameA
ApplyControlToken
LsaLookupAuthenticationPackage
AcquireCredentialsHandleW
InitSecurityInterfaceW
ImpersonateSecurityContext
GetUserNameExA
SaslEnumerateProfilesW
QuerySecurityPackageInfoW
SaslIdentifyPackageA
DeleteSecurityPackageA
SaslInitializeSecurityContextA
SaslAcceptSecurityContext
FreeCredentialsHandle
LsaDeregisterLogonProcess
GetComputerObjectNameW
LsaCallAuthenticationPackage
GetComputerObjectNameA
SaslIdentifyPackageW
QueryCredentialsAttributesW
InitializeSecurityContextW
LsaLogonUser

Sections

.text
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: 1024B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ef16b0fbaa538503a74d4f490e240a53

Headers

File Characteristics

Imports

crypt32

ntdsapi

oleacc

wtsapi32

kernel32

user32

ws2_32

secur32

Sections

.text Size: 33KB - Virtual size: 32KB

.bss Size: 1024B - Virtual size: 7KB

.xdata Size: 4KB - Virtual size: 3KB

.rdata Size: 5KB - Virtual size: 5KB

.rsrc Size: 13KB - Virtual size: 16KB

.text
Size: 33KB - Virtual size: 32KB

.bss
Size: 1024B - Virtual size: 7KB

.xdata
Size: 4KB - Virtual size: 3KB

.rdata
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 13KB - Virtual size: 16KB