f0a87d540937aafba5f83b8e7de2ab4ec2ca892189a2c7927465b87c4cd30960

Sharing

Copy URL Twitter E-mail

General

Target

f0a87d540937aafba5f83b8e7de2ab4ec2ca892189a2c7927465b87c4cd30960
Size

579KB
MD5

8d2d8ba0ca6994a7f311bb0b2b40bdc6
SHA1

a6263ad17e23acd4d7cc661f5a0160a660973bb6
SHA256

f0a87d540937aafba5f83b8e7de2ab4ec2ca892189a2c7927465b87c4cd30960
SHA512

701916996dcd188b54373edc5aa3c5a163046598dbf6971f3c4f34dbfdf58d09c9a22dfaa1522c6ba11fdc92e6211b0f97a3489766f0dd555414211e1cf64750
SSDEEP

12288:ii0HDCtds08rfETSeBAOlPEL+H04oKWBuSLU+BzTlp2EJ/:iBD5hfiHBRhEL+Deg2XBzTDF

Score

N/A

Malware Config

Signatures

Files

f0a87d540937aafba5f83b8e7de2ab4ec2ca892189a2c7927465b87c4cd30960
.exe windows x86

38877692a6a99f30a2965cedb8ec2e3c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareStringA
ReplaceFileW
GetFileType
GetComputerNameW
FormatMessageA
GetModuleHandleA
GetProcessTimes
GetFullPathNameA
SetStdHandle
DeviceIoControl
OpenFileMappingW
GetProcessHeap
PurgeComm
lstrcmpA
CreateEventW
CopyFileA
GetLogicalDrives
HeapValidate
SetFileAttributesA
GetAtomNameA
GetProcAddress
SetEndOfFile
GetBinaryTypeA
CreateMutexA
SetVolumeLabelW
GetCurrentDirectoryA
FileTimeToLocalFileTime
QueryDosDeviceA
GetCurrentThread
CreateNamedPipeA
InterlockedDecrement
GetLocalTime
InterlockedExchange
lstrcmpiA
CreateSemaphoreA
GetDiskFreeSpaceA
CloseHandle
TlsGetValue

wtsapi32

WTSVirtualChannelPurgeInput
WTSVirtualChannelRead
WTSFreeMemory
WTSEnumerateServersA
WTSQueryUserToken
WTSVirtualChannelClose
WTSLogoffSession
WTSEnumerateProcessesA
WTSSendMessageA
WTSVirtualChannelOpen
WTSQuerySessionInformationA
WTSEnumerateSessionsA
WTSSetUserConfigA
WTSOpenServerA
WTSSetSessionInformationA

shimeng

SE_ProcessDying
SE_IsShimDll
SE_DllLoaded
SE_InstallBeforeInit

user32

DialogBoxParamA
GetMessageA
SetCursorPos
GetCaretPos
CharToOemA
CreateWindowExA
PostMessageA
wsprintfA
IsZoomed
IsWindow
GetWindowTextA
LoadImageA
DrawIcon
DispatchMessageA
IsDialogMessageA
SetFocus

acledit

SedSystemAclEditor
EditOwnerInfo

crypt32

CertCompareCertificate
CertNameToStrA
CertOpenStore
CertDuplicateStore
CertAlgIdToOID
CertDuplicateCRLContext
CryptFindOIDInfo
CertGetNameStringA
CertFindChainInStore
CertFindAttribute
CryptEnumOIDInfo
CertFreeCRLContext
CertDeleteCRLFromStore
CertFindExtension
CertCreateContext
CertCreateCRLContext

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 456KB - Virtual size: 455KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

38877692a6a99f30a2965cedb8ec2e3c

Headers

File Characteristics

Imports

kernel32

wtsapi32

shimeng

user32

acledit

crypt32

Sections

.text Size: 43KB - Virtual size: 42KB

.rdata Size: 456KB - Virtual size: 455KB

.data Size: 70KB - Virtual size: 69KB

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 43KB - Virtual size: 42KB

.rdata
Size: 456KB - Virtual size: 455KB

.data
Size: 70KB - Virtual size: 69KB

.reloc
Size: 9KB - Virtual size: 9KB