a511763e0efe6b4064139974e218e10bbc106ee825adaded509e0fe55ece200d

Sharing

Copy URL

Twitter E-mail

General

Target

a511763e0efe6b4064139974e218e10bbc106ee825adaded509e0fe55ece200d
Size

852KB
MD5

0acd43ecfe9c7188fdd4a169c66e67d7
SHA1

6c91a6824d9bbbb5ff00fb8a618c9fc79f7a052c
SHA256

a511763e0efe6b4064139974e218e10bbc106ee825adaded509e0fe55ece200d
SHA512

61e49d442468aa0bf3c7e7e47d9e56ec37b43b96135f4312f78980fdf40098ad9830fe7cc7fc68d34d6095606ff098ed6b78dee034dc4fccd6c3b53cf442381a
SSDEEP

24576:XnGv0YpakZTbokdDAzq5bRl5OWyzV64ErTPtL8/1zEYdBJlgZ:3GMYpxfokWq5bn5IVREPPtGzEYdBJaZ

Score

N/A

Malware Config

Signatures

Files

a511763e0efe6b4064139974e218e10bbc106ee825adaded509e0fe55ece200d
.exe windows x86

b03cf728746b18d7b543f1571617f692

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
LoadLibraryA
UnregisterWaitEx
GetFirmwareEnvironmentVariableW
IsValidCodePage
MoveFileExW
SetUnhandledExceptionFilter
IsBadHugeReadPtr
IsBadCodePtr
SetThreadIdealProcessor
GetExitCodeThread
GlobalFix
GlobalLock
ShowConsoleCursor
VirtualAlloc
LZCloseFile
GetStringTypeA
WriteFileEx
GetTempPathA
lstrcmpiW
GetProcessPriorityBoost

cfgmgr32

CM_Connect_MachineA
CM_Set_DevNode_Problem
CM_Get_Hardware_Profile_InfoA
CM_Add_ID_ExA
CM_Get_Hardware_Profile_Info_ExA
CM_Move_DevNode
CM_Get_Device_ID_List_SizeA
CM_Get_Child_Ex
CM_Create_DevNodeA
CM_Free_Res_Des_Handle
CM_Unregister_Device_InterfaceA
CM_Get_Device_ID_List_ExW
CMP_Report_LogOn
CM_Request_Eject_PC
CM_Get_Device_Interface_List_ExA
CM_Get_Device_Interface_ListA
CM_Add_Res_Des_Ex
CM_Setup_DevNode
CM_Get_Res_Des_Data_Size_Ex
CM_Get_DevNode_Registry_PropertyA
CM_Free_Resource_Conflict_Handle
CM_Open_Class_Key_ExW
CM_Create_DevNode_ExA
CM_Get_Class_NameA

wshrm

WSHAddressToString
WSHSetSocketInformation
WSHGetWildcardSockaddr
WSHStringToAddress
WSHEnumProtocols
WSHOpenSocket2
WSHGetWinsockMapping
WSHNotify
WSHJoinLeaf
WSHGetSocketInformation
WSHOpenSocket
WSHGetWSAProtocolInfo
WSHGetBroadcastSockaddr
WSHIoctl
WSHGetProviderGuid
WSHGetSockaddrType

mapi32

UlRelease@4
MNLS_CompareStringW@24
FBadPropTag@4
ScRelocNotifications@20
ScLocalPathFromUNC@12
HrDispatchNotifications@4
HrSetOmiProvidersFlagsInvalid
cmc_act_on
HrGetOmiProvidersFlags@8
HrGetOneProp@12
UNKOBJ_ScAllocateMore@16
MAPISaveMail
MAPIAllocateBuffer@8
EncodeID@12
MAPIInitialize@4
MAPIAdminProfiles
FEqualNames@8
HrValidateParameters@8
WrapCompressedRTFStream@12

gdi32

GdiConvertBrush
DdEntry24
GetOutlineTextMetricsW
GetTextExtentExPointA
GetTextExtentExPointI
FONTOBJ_pxoGetXform
DdEntry47
GetTextExtentPointI
GetPolyFillMode
CreateFontW
SetTextColor
GdiConsoleTextOut
GdiConvertEnhMetaFile
EngFreeModule
SetMiterLimit
EnumFontFamiliesExA

winsta

_WinStationShadowTargetSetup
WinStationSendMessageW
ServerLicensingGetPolicyInformationA
ServerLicensingClose
ServerLicensingOpenW
WinStationConnectA
WinStationQueryLogonCredentialsW
WinStationRenameA
WinStationQueryInformationW
WinStationInstallLicense
ServerLicensingGetAvailablePolicyIds
ServerLicensingOpenA
WinStationRenameW
WinStationShadowStop
_WinStationUpdateSettings

Sections

.text
Size: 752KB - Virtual size: 752KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b03cf728746b18d7b543f1571617f692

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

cfgmgr32

wshrm

mapi32

gdi32

winsta

Sections

.text Size: 752KB - Virtual size: 752KB

.rdata Size: 91KB - Virtual size: 90KB

.data Size: 5KB - Virtual size: 1.4MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 752KB - Virtual size: 752KB

.rdata
Size: 91KB - Virtual size: 90KB

.data
Size: 5KB - Virtual size: 1.4MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB