521dc2ba1c24c0e7a61e9168bfec8fdb5179473c9bdecf63ea83bd64fdd61061

Sharing

Copy URL Twitter E-mail

General

Target

521dc2ba1c24c0e7a61e9168bfec8fdb5179473c9bdecf63ea83bd64fdd61061
Size

594KB
MD5

f9d6a9c5aefc52f35a8b7a69c33beaba
SHA1

3f1ee1c089e4f5f453c9707a744ed8c03c23405c
SHA256

521dc2ba1c24c0e7a61e9168bfec8fdb5179473c9bdecf63ea83bd64fdd61061
SHA512

a6e8cb301b36d3d8437966ad6291ffaeeeaf76ca2c3f7199efee97d26d5c5c13714bcbc9260fb97b9c6e765c4ba9ff69aaa4388318ff74aeaad745b74a01ba02
SSDEEP

12288:6gEFDkRRRRRRRVEpWeoCsstcIStWP/mQkpZkBR62X3tId:f2POs+I9/mQid

Score

N/A

Malware Config

Signatures

Files

521dc2ba1c24c0e7a61e9168bfec8fdb5179473c9bdecf63ea83bd64fdd61061
.exe windows x86

392d754973201e39c00ec173235c473f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

azroles

AzGetProperty
AzCloseHandle

crypt32

CertAlgIdToOID
CertDuplicateStore
CertOpenStore
CertAddStoreToCollection
CertFindAttribute
CertCreateContext
CertSaveStore
CryptFindOIDInfo
CertFindExtension
CertGetNameStringA
CertDuplicateCRLContext
CertFindChainInStore
CertNameToStrA
CryptEnumOIDInfo
CertCloseStore
CertCompareCertificate

shlwapi

UrlGetPartA
PathCommonPrefixA
UrlCompareA
UrlCombineA
UrlIsOpaqueA
UrlIsNoHistoryA
UrlEscapeA
UrlCanonicalizeA
UrlGetLocationA
PathCompactPathA

user32

PeekMessageA
DialogBoxParamA
GetCaretPos
DrawIcon
CharToOemA
PostMessageA
IsZoomed
IsWindow
LoadCursorA
SetCursorPos
IsCharLowerW
GetWindowTextA
GetMessageW

wtsapi32

WTSWaitSystemEvent
WTSEnumerateSessionsA
WTSOpenServerA
WTSVirtualChannelPurgeInput
WTSQueryUserToken
WTSRegisterSessionNotification
WTSQuerySessionInformationA
WTSUnRegisterSessionNotification
WTSLogoffSession
WTSFreeMemory
WTSVirtualChannelRead
WTSVirtualChannelClose
WTSSetSessionInformationA
WTSSendMessageA

kernel32

GetEnvironmentVariableW
GetTickCount
CreateSemaphoreA
GetFileType
CopyFileA
CreateEventW
GetCurrentProcess
SetStdHandle
GetVersionExA
GetProcessHeap
TlsGetValue
OpenMutexA
lstrcmpiA
lstrcmpiA
GetComputerNameW
CreateNamedPipeW
GetLocaleInfoA
GetModuleHandleA
GetDiskFreeSpaceA
GetBinaryTypeW
VirtualQuery
GetCurrentDirectoryW
SetCurrentDirectoryA
InterlockedExchange
GetShortPathNameA
GetProcAddress
FormatMessageA
GetAtomNameW
DeleteFileA
lstrcmpA
GetLocalTime
lstrcpynA
GetLastError
GetFullPathNameA
GetStringTypeA
FindResourceA
CompareStringA
ResetEvent

certcli

CAEnumNextCA
CACloseCA

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 561KB - Virtual size: 792KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

392d754973201e39c00ec173235c473f

Headers

File Characteristics

Imports

azroles

crypt32

shlwapi

user32

wtsapi32

kernel32

certcli

Sections

.text Size: 25KB - Virtual size: 25KB

.data Size: 4KB - Virtual size: 8KB

.rsrc Size: 561KB - Virtual size: 792KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 25KB - Virtual size: 25KB

.data
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 561KB - Virtual size: 792KB

.reloc
Size: 2KB - Virtual size: 2KB