708d91f9548cf4de0cbae1e08ea3e376bb5565b6a6e3bd62ba3e7e9bc2a91c4b

Sharing

Copy URL Twitter E-mail

General

Target

708d91f9548cf4de0cbae1e08ea3e376bb5565b6a6e3bd62ba3e7e9bc2a91c4b
Size

848KB
MD5

0fc5146871f2b4d613d204cff61af6a9
SHA1

3c7ae63e58bdbf285a545bda84e589408a427914
SHA256

708d91f9548cf4de0cbae1e08ea3e376bb5565b6a6e3bd62ba3e7e9bc2a91c4b
SHA512

fbf80184ad1382563f66757723d916cd0b09785dc93c9d4284d3dcbce02b51def1a8195e90eebd731fd9bf51e2b4e355a67e2bf45e4c94ca7f44d97886eacf59
SSDEEP

24576:lYFxwORXv9sfAYL9LMtBjZm4cE7vhRjtThqaozBZ5:uPwOF9sfAY1MtZUu1RhNqaozBT

Score

N/A

Malware Config

Signatures

Files

708d91f9548cf4de0cbae1e08ea3e376bb5565b6a6e3bd62ba3e7e9bc2a91c4b
.exe windows x86

4d0e55ccb979898adb791544e3b31fca

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlZombifyActivationContext
RtlPushFrame
NtSetEventBoostPriority
LdrGetDllHandle
NtSetVolumeInformationFile
ZwSetInformationJobObject
iscntrl
RtlAddActionToRXact
RtlNewSecurityObject
RtlDecompressBuffer
ZwSetDefaultLocale
NtDebugActiveProcess
RtlQueueApcWow64Thread
ZwReleaseSemaphore
RtlFreeHandle
strrchr
ZwCancelTimer

kernel32

GetModuleHandleExW
GetDiskFreeSpaceExA
IsValidCodePage
MultiByteToWideChar
InitializeCriticalSection
CreateMailslotW
CreateIoCompletionPort
SetLocalTime
PeekNamedPipe
BeginUpdateResourceW
VirtualAlloc
HeapValidate
GetProcessWorkingSetSize
FileTimeToDosDateTime
GetBinaryTypeA
LoadLibraryA
WriteProfileStringA
WritePrivateProfileSectionW
SetLastConsoleEventActive
EndUpdateResourceW
GetFileSize
QueueUserWorkItem
FormatMessageW
TransactNamedPipe

msvcrt

_wfopen
_wasctime
__p__environ
log10
_global_unwind2
_ismbclegal
fflush
_cabs
isupper
_aligned_offset_realloc
_execle
atan
wcsxfrm
_Strftime
_spawnl
??1__non_rtti_object@@UAE@XZ
_heapset

dbghelp

SymGetSymNext64
SymFunctionTableAccess64
srcfiles
ImageRvaToVa
SymUnloadModule64
SymEnumerateSymbols
SymEnumSourceFiles
MapDebugInformation
SymLoadModuleEx
SymGetSymPrev64
lmi
SymUnDName64
FindExecutableImage
omap
SymGetSymFromName
ImagehlpApiVersion
SymGetModuleInfo
ImageDirectoryEntryToData
SymEnumSym
FindFileInSearchPath
SymFromName

esent

JetCreateDatabase2
JetInit3
JetStopBackupInstance
JetTerm2
JetMakeKey
JetDupSession
JetResetCounter
JetCommitTransaction
JetUnregisterCallback
JetIdle
JetDBUtilities
JetGetCounter
JetCommitTransaction@8
JetReadFileInstance
JetRestore
JetGetIndexInfo

user32

RegisterClassW
DefWindowProcW
PostQuitMessage

Sections

.text
Size: 749KB - Virtual size: 749KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4d0e55ccb979898adb791544e3b31fca

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

msvcrt

dbghelp

esent

user32

Sections

.text Size: 749KB - Virtual size: 749KB

.rdata Size: 91KB - Virtual size: 90KB

.data Size: 4KB - Virtual size: 1.5MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 749KB - Virtual size: 749KB

.rdata
Size: 91KB - Virtual size: 90KB

.data
Size: 4KB - Virtual size: 1.5MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB