c34cf3782b63ea103f3b20dd4f17934a894fc58b1605f6f4ca9ccbdab9210c5f

General

Target

c34cf3782b63ea103f3b20dd4f17934a894fc58b1605f6f4ca9ccbdab9210c5f
Size

820KB
MD5

0af7e18a76e4cc2a227c9c3f5524ef51
SHA1

4b098ac11dc3117bf98bf6b0bee9bddba3782ce9
SHA256

c34cf3782b63ea103f3b20dd4f17934a894fc58b1605f6f4ca9ccbdab9210c5f
SHA512

6be0184c15ee9b9838a9fd23c044721838ef011acfb8dc5722e39c2bdef4757e4cddc0cc303e110a380e8bfec3d1fdb05f6abca83015138327cb8531b6497ea8
SSDEEP

24576:F4MJbZM9bhk8xEGIBVvfVrrvozzT0qMzYi:F4cbZvG8vfxozzCz

Score

N/A

Malware Config

Signatures

Files

c34cf3782b63ea103f3b20dd4f17934a894fc58b1605f6f4ca9ccbdab9210c5f
.exe windows x86

b5ba694ef2dbff3f8d62f1d527241323

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msctf

TF_CreateLangBarMgr
TF_GetInputScope
TF_CreateThreadMgr
TF_InitSystem
TF_UninitSystem

kernel32

CreateMailslotA
GetModuleFileNameA
GetEnvironmentVariableA
IsBadStringPtrA
QueryDosDeviceA
EncodePointer
LoadLibraryA
lstrcmpiA
FileTimeToLocalFileTime
SetCurrentDirectoryA
VirtualProtectEx
CreateMutexA
IsBadWritePtr
FindResourceA
SetFileAttributesA
GetPrivateProfileSectionA
MoveFileA
ConnectNamedPipe
GetProcAddress
DecodeSystemPointer
lstrcmpA

dsprop

ReportError
ErrMsg
CheckADsError
MsgBox

uxtheme

GetThemeTextExtent
CloseThemeData
GetThemeBool
IsThemeActive
DrawThemeBackground
GetThemeTextMetrics
OpenThemeData

ntshrui

GetNetResourceFromLocalPathA
IsPathSharedA

crypt32

CertCompareCertificate
CertDuplicateStore
CertGetNameStringA
CryptEnumOIDInfo
CertFreeCRLContext
CertDeleteCRLFromStore
CertDuplicateCRLContext
CertOpenStore
CertFindCRLInStore
CertCreateContext

wtsapi32

WTSCloseServer
WTSSendMessageA
WTSOpenServerA
WTSEnumerateProcessesA
WTSVirtualChannelClose
WTSSetUserConfigA
WTSEnumerateSessionsA
WTSQueryUserToken
WTSRegisterSessionNotification
WTSLogoffSession

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 806KB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b5ba694ef2dbff3f8d62f1d527241323

Headers

DLL Characteristics

File Characteristics

Imports

msctf

kernel32

dsprop

uxtheme

ntshrui

crypt32

wtsapi32

Sections

.text Size: 13KB - Virtual size: 12KB

.rsrc Size: 806KB - Virtual size: 2.2MB

.text
Size: 13KB - Virtual size: 12KB

.rsrc
Size: 806KB - Virtual size: 2.2MB