af0810d67d2cd9ded8c2d24d854eb5922a11c46e7cc7746f267cb08dcb322f9f

Sharing

Copy URL Twitter E-mail

General

Target

af0810d67d2cd9ded8c2d24d854eb5922a11c46e7cc7746f267cb08dcb322f9f
Size

1.3MB
MD5

e8d1d3b354519a6362fdb4e31cef9173
SHA1

f78b88935f901d6cb5f18e749e94d45415c45713
SHA256

af0810d67d2cd9ded8c2d24d854eb5922a11c46e7cc7746f267cb08dcb322f9f
SHA512

6aa2c828ccc314d950ad62104519e2b6fd9570e8fde289f3fe71132db21a82823424ed339e0ffc71a96db56d40e228e704eaf100f61b02d6d44034b5423cca15
SSDEEP

24576:XQZ9pyiYShrMaTVS8VWN3hvoERnBCMMA+rKtTolb3fwOV2E/NH46GH3MWIUvT:Qbk8mhvFRBhMA0KFS3bptMHHj

Score

N/A

Malware Config

Signatures

Files

af0810d67d2cd9ded8c2d24d854eb5922a11c46e7cc7746f267cb08dcb322f9f
.exe windows x86

e2a99f8d9d05f7e68b57ece51ba8af7a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcess
HeapAlloc
FindResourceA
GetProcessId
SetEnvironmentVariableW
WaitForSingleObjectEx
CompareStringA
GetAtomNameA
GetModuleHandleA
UpdateResourceW
VirtualProtect
FormatMessageA
CreateNamedPipeA
GetGeoInfoW
LoadLibraryA

eappcfg

EapHostPeerGetMethods
EapHostPeerConfigBlob2Xml
EapHostPeerFreeMemory

wtsapi32

WTSQuerySessionInformationA
WTSQueryUserToken
WTSSetUserConfigW
WTSFreeMemory
WTSSetSessionInformationW
WTSVirtualChannelOpen
WTSOpenServerW
WTSRegisterSessionNotification
WTSSendMessageA
WTSVirtualChannelQuery
WTSEnumerateServersA
WTSUnRegisterSessionNotification
WTSVirtualChannelRead

crypt32

CertOpenStore
CertNameToStrA
CertCompareCertificate
CertCloseStore
CertControlStore
CryptEnumOIDInfo
CertSaveStore
CertDuplicateCRLContext
CertGetNameStringA
CertFindAttribute
CryptFindOIDInfo
CertFreeCRLContext
CertAlgIdToOID
CertFindExtension
CertCreateContext

cfgmgr32

CM_Add_Range
CMP_Report_LogOn

shell32

SHFree
ExtractIconA
DragFinish
SHCreateShellItem
ShellAboutA
DllUnregisterServer
SHGetDataFromIDListA
DragQueryPoint
SHChangeNotify
FindExecutableA
SHGetDesktopFolder
DuplicateIcon

uxtheme

GetThemeTextExtent
SetWindowTheme
GetThemeTextMetrics
CloseThemeData
GetThemeInt
GetThemeFilename
IsThemeActive
GetThemeColor
DrawThemeEdge
GetThemeSysSize
GetThemeBool
OpenThemeData
GetWindowTheme

esent

JetCloseTable
JetBeginTransaction

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e2a99f8d9d05f7e68b57ece51ba8af7a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

eappcfg

wtsapi32

crypt32

cfgmgr32

shell32

uxtheme

esent

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 12KB - Virtual size: 8KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 12KB - Virtual size: 8KB