e358f158981999567ace1bbe2b452a7f1c5cd3906deeba97505fdd30663bb015

General

Target

e358f158981999567ace1bbe2b452a7f1c5cd3906deeba97505fdd30663bb015
Size

530KB
MD5

d33e72ac97f00abd66808d412c65e6e3
SHA1

9256fe193b95b240fa4159250ae0814327a8a7e9
SHA256

e358f158981999567ace1bbe2b452a7f1c5cd3906deeba97505fdd30663bb015
SHA512

1bd60f88e4f573d22fe6b0b39f402e19a9c014e4841f90623b091bdf8ed822a0521365d71b7f1e72240a2b42754fbc901edbc5c2ce33143e1e41ba594fefc8ab
SSDEEP

12288:8FmxnWGMqLizhnzupB/bATNQX+YVWBoExaJDxW8MABJLhyO0cCLA:qNNnzUB/uSX+YVWbX8MABt10dL

Score

N/A

Malware Config

Signatures

Files

e358f158981999567ace1bbe2b452a7f1c5cd3906deeba97505fdd30663bb015
.exe windows x86

acd0f45746d011fd19136d75db49c68b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wtsapi32

WTSQueryUserToken
WTSUnRegisterSessionNotification
WTSSendMessageA
WTSCloseServer
WTSEnumerateSessionsA
WTSWaitSystemEvent
WTSVirtualChannelWrite
WTSRegisterSessionNotification
WTSOpenServerA
WTSQuerySessionInformationA
WTSFreeMemory
WTSLogoffSession
WTSSetUserConfigA
WTSVirtualChannelClose
WTSVirtualChannelRead
WTSVirtualChannelOpen
WTSVirtualChannelPurgeInput

shimeng

SE_InstallBeforeInit
SE_IsShimDll
SE_InstallAfterInit
SE_DllLoaded

acledit

EditOwnerInfo
SedTakeOwnership

kernel32

lstrcpynA
GetAtomNameA
PurgeComm
GetProcAddress
GetCurrentDirectoryA
GetComputerNameW
InterlockedDecrement
GetLocalTime
GetLogicalDrives
VirtualQuery
DeviceIoControl
GetDriveTypeA
lstrcmpiA
FindResourceA
GetCurrentThread
GetShortPathNameA
SetCurrentDirectoryA
GetModuleHandleA
GetBinaryTypeA
CreateSemaphoreA
CreateNamedPipeA
CreateMutexA
GetSystemInfo
lstrcmpA
MoveFileW
CreateEventW
CompareStringA
SetVolumeLabelW
GetTickCount
GetFileType
HeapValidate
GetVolumePathNameW

user32

PeekMessageA
SetCursorPos
SetFocus
IsCharLowerA
DialogBoxParamA
GetWindowTextA
CharToOemA
CreateWindowExA
GetWindowLongA
IsZoomed
DrawIcon
DispatchMessageA

Sections

.text
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 456KB - Virtual size: 488KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

acd0f45746d011fd19136d75db49c68b

Headers

File Characteristics

Imports

wtsapi32

shimeng

acledit

kernel32

user32

Sections

.text Size: 60KB - Virtual size: 60KB

.data Size: 3KB - Virtual size: 2KB

.rsrc Size: 456KB - Virtual size: 488KB

.reloc Size: 10KB - Virtual size: 9KB

.text
Size: 60KB - Virtual size: 60KB

.data
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 456KB - Virtual size: 488KB

.reloc
Size: 10KB - Virtual size: 9KB