f7ba379189ae9b2ea5c1126177ad895870dd43ec729179816fe69caf9a72b1e8

Sharing

Copy URL Twitter E-mail

General

Target

f7ba379189ae9b2ea5c1126177ad895870dd43ec729179816fe69caf9a72b1e8
Size

600KB
MD5

ad4a73182f3614ff8f3a5dcd571bd2d1
SHA1

21c0688bf95d2b2e7b028cd7e2c8ec1af30cfd79
SHA256

f7ba379189ae9b2ea5c1126177ad895870dd43ec729179816fe69caf9a72b1e8
SHA512

1d4f03ccccec2980884f36ce8f316bb9da0793cc1a28fbc7a07be23f2ae286970b8e2d5f6afb9cfc67a44f97df69f33ac40b0724795f33512f5d93436de7bdae
SSDEEP

12288:M968Tty1W4nu62ru2TcuQFCeCqC2TGZKdVOeAKeh08+z3KEiqW:MZ2uZTTcpKNZwOvyne

Score

N/A

Malware Config

Signatures

Files

f7ba379189ae9b2ea5c1126177ad895870dd43ec729179816fe69caf9a72b1e8
.exe windows x86

df6534e51eaa21168425c91d0214ff80

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wtsapi32

WTSSendMessageA
WTSSetUserConfigA
WTSSetSessionInformationA
WTSOpenServerA
WTSCloseServer
WTSVirtualChannelRead
WTSEnumerateSessionsA
WTSVirtualChannelClose
WTSVirtualChannelOpen
WTSVirtualChannelPurgeInput

msimg32

AlphaBlend
vSetDdrawflag
GradientFill
TransparentBlt

azroles

AzFreeMemory
AzGetProperty
AzCloseHandle
AzGroupCreate

kernel32

CreateEventW
lstrcpynA
CompareStringA
lstrcmpiA
GetStringTypeA
GetComputerNameW
GetAtomNameW
CreateMutexA
InterlockedExchange
GetShortPathNameA
GetLocalTime
DeviceIoControl
lstrcmpiA
DeleteFileA
lstrcmpiA
GetProcAddress
InterlockedDecrement
GetConsoleTitleW
lstrcmpA
GetModuleHandleA
GetBinaryTypeW
GetLogicalDrives
FindResourceA
TlsGetValue
GetStdHandle

authz

AuthzFreeContext
AuthzInitializeContextFromSid
AuthzFreeResourceManager
AuthzAddSidsToContext

user32

GetMessageW
DrawIcon
IsDialogMessageA
wsprintfA
GetCaretPos
LoadImageA
CharToOemA
PeekMessageA
DispatchMessageA
CreateWindowExA
GetWindowTextA
GetWindowLongA

shlwapi

PathCompactPathA
PathCommonPrefixA
UrlHashA
UrlCreateFromPathA
UrlGetPartA
UrlCombineA
UrlEscapeA
UrlGetLocationA
UrlIsA
UrlCanonicalizeA
UrlIsNoHistoryA
UrlIsOpaqueA
UrlUnescapeA
PathCombineA

certcli

CAEnumNextCA
CACloseCA

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 565KB - Virtual size: 788KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

df6534e51eaa21168425c91d0214ff80

Headers

File Characteristics

Imports

wtsapi32

msimg32

azroles

kernel32

authz

user32

shlwapi

certcli

Sections

.text Size: 27KB - Virtual size: 26KB

.data Size: 4KB - Virtual size: 8KB

.rsrc Size: 565KB - Virtual size: 788KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 27KB - Virtual size: 26KB

.data
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 565KB - Virtual size: 788KB

.reloc
Size: 2KB - Virtual size: 2KB