ed2fbaa19ac3ed07f65365bf0e33ca3c23427424686ccf1a81478e6d88d7c98c

Sharing

Copy URL Twitter E-mail

General

Target

ed2fbaa19ac3ed07f65365bf0e33ca3c23427424686ccf1a81478e6d88d7c98c
Size

69KB
MD5

e1fcaade160ff85d45d61974cc7b652f
SHA1

af0e3cede639ddda6111864c30ac0d4797469eff
SHA256

ed2fbaa19ac3ed07f65365bf0e33ca3c23427424686ccf1a81478e6d88d7c98c
SHA512

b99f2b023206c3a417a4c13cd62ec99bfd0c69a7e87c002ae77f2fea30fe57f6a19ae1da8a30672a98658c50ea7c5d73e07b32715622f8922af6e067be443371
SSDEEP

1536:0/fC0yhcxbqmrTdZw1EtYnEhdrw+OTLsZqWCJCP8MwpUuvO9/FFX:0n3y+xb/Tdy+Q84Ls7fw+uvOhFt

Score

N/A

Malware Config

Signatures

Files

ed2fbaa19ac3ed07f65365bf0e33ca3c23427424686ccf1a81478e6d88d7c98c
.exe windows x86

7b08381dba9b2b39e647b2fea458f951

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CryptSignCertificate
CryptRegisterOIDFunction
CryptAcquireContextU
PFXExportCertStoreEx
CryptFreeOIDFunctionAddress
CertVerifySubjectCertificateContext
CryptUnregisterOIDInfo
CertRegisterPhysicalStore
I_CryptUnregisterSmartCardStore
CryptMsgSignCTL
CertUnregisterSystemStore
CertEnumCertificatesInStore
CertEnumSystemStoreLocation
I_CryptCreateLruCache
CryptSetOIDFunctionValue
CertFreeCertificateChainEngine
CertOpenStore
CertStrToNameA
CryptUnregisterDefaultOIDFunction
CryptSetProviderU
CryptCreateAsyncHandle
I_CertSrvProtectFunction
RegOpenKeyExU

netapi32

I_NetlogonComputeServerDigest
DsGetDcNextA
NetValidateName
NetpAllocFtinfoEntry
NetGroupDelUser
NetAuditClear
NetUserGetGroups
RxNetAccessGetInfo
DsGetDcNameWithAccountW
I_BrowserQueryStatistics
NetDfsRemoveFtRoot
DsGetForestTrustInformationW
NetRegisterDomainNameChangeNotification
NetGroupGetInfo
DsRoleDnsNameToFlatName
RxNetAccessSetInfo
I_NetServerPasswordSet2
NetUserSetGroups

atmlib

ATMSetFlags
ATMBBoxBaseXYShowText
ATMFontAvailableA
ATMMakePFMA
ATMXYShowTextA
ATMMakePFM
ATMGetMenuName
ATMFontAvailableW
ATMGetGlyphList
ATMRemoveFontW
ATMEnumMMFontsA
ATMAddFontA
ATMGetMenuNameA
ATMRemoveFontA
ATMFontSelected
ATMFontStatusA
ATMGetFontPathsW
ATMFontAvailable
ATMRemoveSubstFontW
ATMGetVersionExA
ATMGetFontPathsA
ATMBeginFontChange

kernel32

SetConsoleInputExeNameA
LCMapStringW
GetBinaryType
TerminateThread
GetSystemDirectoryW
GetSystemTimeAdjustment
VirtualAlloc
CommConfigDialogA
GetSystemDefaultUILanguage
LockFile
WritePrivateProfileStructA
GetTimeZoneInformation
LoadLibraryA
QueryInformationJobObject
GetConsoleAliasA
GetPrivateProfileIntW
DebugBreakProcess
PeekConsoleInputW
GetFileAttributesW
GetCurrentThread
GetPrivateProfileIntA
CreateThread
WritePrivateProfileStructW
FillConsoleOutputCharacterW

iphlpapi

SetIpTTL
GetAdaptersInfo
GetIpStatistics
IcmpSendEcho
InternalDeleteIpForwardEntry
InternalCreateIpForwardEntry
_PfSetLogBuffer@28
GetUdpStatistics
InternalGetIpAddrTable
_PfDeleteLog@0
IpRenewAddress
Icmp6ParseReplies
GetAdaptersAddresses
DeleteIpNetEntry
GetIfTable

Sections

.text
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 194KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7b08381dba9b2b39e647b2fea458f951

Headers

File Characteristics

Imports

crypt32

netapi32

atmlib

kernel32

iphlpapi

Sections

.text Size: 39KB - Virtual size: 38KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 24KB - Virtual size: 194KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 39KB - Virtual size: 38KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 24KB - Virtual size: 194KB

.rsrc
Size: 1KB - Virtual size: 1KB