2c65882a736724962e640cab6223a15e5c0a37d2424f0e05c5023f2ba7cf23cc

Sharing

Copy URL Twitter E-mail

General

Target

2c65882a736724962e640cab6223a15e5c0a37d2424f0e05c5023f2ba7cf23cc
Size

133KB
MD5

97671c5af7c5e9466f8ff1ec5e5adcd5
SHA1

865344f1c2a7fd1b89323277cf5787cf6b402d27
SHA256

2c65882a736724962e640cab6223a15e5c0a37d2424f0e05c5023f2ba7cf23cc
SHA512

411d182c45c883a28d6f937c605595909a8aa5fc93ccea9dbc665d0f4f0309b9a97cd89c95e8fed05d865537744778870daa80815fb85a3fcb0f4dc5db9035fe
SSDEEP

3072:pGWOa7uMm43kHorWqRCIIsf+hyzXHfc1/6DrUxf/kB10dia:sE6ZOGc1RYsfayz3fI6DrQE8

Score

N/A

Malware Config

Signatures

Files

2c65882a736724962e640cab6223a15e5c0a37d2424f0e05c5023f2ba7cf23cc
.exe windows x86

9858994bce901d45e9dd4dc0d60b27aa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

_stricmp
NtAllocateUuids
ZwReplyWaitReplyPort
ZwQueryInformationAtom
strcspn
RtlIsValidIndexHandle
RtlTimeToSecondsSince1970
ZwSetSystemTime
RtlCreateActivationContext
ZwPowerInformation
ZwDeleteFile
wcscpy
ZwSetInformationKey
NtMakePermanentObject
memmove
RtlFirstFreeAce
RtlDeregisterWait
DbgPrintEx
NtCreateProfile
NtSetLowEventPair
RtlSetAttributesSecurityDescriptor
ZwQueryInformationToken
RtlNewInstanceSecurityObject
RtlAddCompoundAce

msvcirt

?open@filebuf@@QAEPAV1@PBDHH@Z
??0strstream@@QAE@PADHH@Z
??6ostream@@QAEAAV0@PBE@Z
??5istream@@QAEAAV0@AAG@Z
?dbp@streambuf@@QAEXXZ
?overflow@stdiobuf@@UAEHH@Z
?getline@istream@@QAEAAV1@PACHD@Z
??0ostream@@QAE@PAVstreambuf@@@Z
??0ostream_withassign@@QAE@XZ
?fail@ios@@QBEHXZ
?sbumpc@streambuf@@QAEHXZ
??0ostrstream@@QAE@ABV0@@Z
??5istream@@QAEAAV0@P6AAAVios@@AAV1@@Z@Z
??_Gstrstreambuf@@UAEPAXI@Z
??_Gifstream@@UAEPAXI@Z
?rdstate@ios@@QBEHXZ
??0istream@@IAE@XZ
??_8iostream@@7Bostream@@@
??_Dostream_withassign@@QAEXXZ
?attach@ofstream@@QAEXH@Z
??0ios@@IAE@ABV0@@Z
?seekp@ostream@@QAEAAV1@JW4seek_dir@ios@@@Z

cmcfg32

CMConfig
_CMConfig@8
CMConfigEx
CmstpExtensionProc

kernel32

GetNamedPipeHandleStateA
WriteConsoleOutputAttribute
GetNumaAvailableMemoryNode
VirtualAlloc
RequestWakeupLatency
IsSystemResumeAutomatic
GetTapeStatus
OutputDebugStringA
LoadLibraryA
lstrcatA
CreateSemaphoreW
PurgeComm
SetConsolePalette
GetStartupInfoW
FindNextVolumeA
IsValidLanguageGroup
Thread32First
SetCommBreak
SetNamedPipeHandleState

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.xxxdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.iiidata
Size: 60KB - Virtual size: 207KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9858994bce901d45e9dd4dc0d60b27aa

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

msvcirt

cmcfg32

kernel32

Sections

.text Size: 68KB - Virtual size: 67KB

.xxxdata Size: 2KB - Virtual size: 2KB

.iiidata Size: 60KB - Virtual size: 207KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 372B

.text
Size: 68KB - Virtual size: 67KB

.xxxdata
Size: 2KB - Virtual size: 2KB

.iiidata
Size: 60KB - Virtual size: 207KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 372B