eaf55876fa9fe2d4c8711d1957f252a75dcc33ba9ea4c52fb86f38259ce1ad2b

General

Target

eaf55876fa9fe2d4c8711d1957f252a75dcc33ba9ea4c52fb86f38259ce1ad2b
Size

31KB
MD5

0bee8b9578b83d6c20aa2819b5b439a4
SHA1

a3fe623d50560d918d110e945e2f97c536f0e181
SHA256

eaf55876fa9fe2d4c8711d1957f252a75dcc33ba9ea4c52fb86f38259ce1ad2b
SHA512

4eba74c203f939e616fd8c6ad174f5f22be5fb3e489f71c30370a0d67497b5d72bb6ffae15f41f593a66e1f66c9ae380fe70d557b7590df2797b8e7cd714f1b2
SSDEEP

768:DnCjKKryf7TUpIQM1uQXzATA3RMNldWWr:DnWdiTUpItuQsTA

Score

N/A

Malware Config

Signatures

Files

eaf55876fa9fe2d4c8711d1957f252a75dcc33ba9ea4c52fb86f38259ce1ad2b
.exe windows x86

74d49dbdf79fffb86c888b081d4770e6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

kernel32

UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
GetStartupInfoA
InterlockedCompareExchange
Sleep
InterlockedExchange
GetModuleFileNameW
LocalAlloc
SetLastError
GlobalFree
GetLastError
LocalFree
GetCommandLineW
GetTickCount

msvcrt

_controlfp
_except_handler4_common
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_amsg_exit
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_wcsicmp

crypt32

CryptStringToBinaryW
CertFreeCertificateContext

efsadu

EfsUIUtilEnrollEfsCertificate
EfsUIUtilInstallDra
EfsUIUtilShowBalloonAndWait
EfsUIUtilSelectCard
EfsUIUtilpKeyBackup
EfsUIUtilPromptForPin
EfsUIUtilEncryptMyDocuments

ntdll

RtlAllocateHeap
RtlImageNtHeader
RtlFreeHeap

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 924B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

74d49dbdf79fffb86c888b081d4770e6

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

crypt32

efsadu

ntdll

Sections

.text Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 924B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 21KB - Virtual size: 21KB

.text
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 924B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 21KB - Virtual size: 21KB