e52dec1667a6c71eb74ab8bac28b4ddf1a064a232197b928cb69a4d369861077

Sharing

Copy URL Twitter E-mail

General

Target

e52dec1667a6c71eb74ab8bac28b4ddf1a064a232197b928cb69a4d369861077
Size

49KB
MD5

23078b2fd59cb50873b664e74efe30f2
SHA1

54530b3f51d0b913d99f776a745a80dbef7e5d7b
SHA256

e52dec1667a6c71eb74ab8bac28b4ddf1a064a232197b928cb69a4d369861077
SHA512

1729b5b498248d57956c545ac9e08e539a372219589fe18e5cfb82a99c7b0da38fc5fc0634176c62480bb48b51f255084f53d280e10976d26738138dce4b957a
SSDEEP

768:VDdfI6XBBEHxINta9ES+jiqq1rFG60W/D7FiqsmBzmgANgDTbWrRQXhwIei:hTXHERINta9s01hDUq8gASDPAohwG

Score

N/A

Malware Config

Signatures

Files

e52dec1667a6c71eb74ab8bac28b4ddf1a064a232197b928cb69a4d369861077
.exe windows x86

0e71cd24f28a593894f808016b41b3df

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

FlushTraceA
WmiQuerySingleInstanceW
SetTraceCallback
I_ScGetCurrentGroupStateW
OpenProcessToken
GetSidLengthRequired
SaferRecordEventLogEntry
RegFlushKey
AddAccessDeniedAce
AccessCheckAndAuditAlarmA
QueryUsersOnEncryptedFile
CryptVerifySignatureW
LsaNtStatusToWinError
DeleteAce
WmiQueryAllDataMultipleW
AddAccessDeniedObjectAce

crypt32

CryptEnumKeyIdentifierProperties
CryptSIPAddProvider
CryptGetMessageCertificates
CertGetNameStringW
CryptGetOIDFunctionAddress
CertFindExtension
CryptInstallDefaultContext
CertSetStoreProperty
CryptRegisterOIDInfo
CertGetEnhancedKeyUsage
CryptUnregisterDefaultOIDFunction
CryptDecodeMessage
CertAlgIdToOID
PFXVerifyPassword
CryptMsgControl
I_CryptReleaseLruEntry
I_CryptInstallOssGlobal

ifsutil

?Verify@IO_DP_DRIVE@@QAEEVBIG_INT@@0@Z
??0READ_CACHE@@QAE@XZ
?CheckValidSecurityDescriptor@IFS_SYSTEM@@SGEKPAU_SECURITY_DESCRIPTOR@@@Z
?AddStart@NUMBER_SET@@QAEEVBIG_INT@@@Z
?GetMessageW@SUPERAREA@@QAEPAVMESSAGE@@XZ
?QueryNumber@NUMBER_SET@@QBE?AVBIG_INT@@V2@@Z
?QueryRecommendedMediaType@DP_DRIVE@@QBE?AW4_MEDIA_TYPE@@XZ
?AddNext@NUMBER_SET@@QAEEVBIG_INT@@@Z
?GetCannedSecurity@IFS_SYSTEM@@SGPAVCANNED_SECURITY@@XZ
?DeleteEntry@AUTOREG@@SGEPBVWSTRING@@0@Z
?QueryParents@DIGRAPH@@QBEEKPAVNUMBER_SET@@@Z
?SetAutochkTimeOut@VOL_LIODPDRV@@SGEK@Z
?ChkDsk@VOL_LIODPDRV@@QAEEW4FIX_LEVEL@@PAVMESSAGE@@KKGPAKPBVWSTRING@@@Z
?Initialize@NUMBER_SET@@QAEEXZ
?GetNext@TLINK@@QAEPAXPAX@Z
?FileSetAttributes@IFS_SYSTEM@@SGEPBVWSTRING@@KPAK@Z
?Initialize@DP_DRIVE@@QAEEPBVWSTRING@@PAVMESSAGE@@EEG@Z
??0INTSTACK@@QAE@XZ
?Read@IO_DP_DRIVE@@QAEEVBIG_INT@@KPAX@Z
?QueryDisjointRangeAndAssignBuffer@TLINK@@QAEPAXPAVBIG_INT@@PAG1PAXK2@Z
?GetData@TLINK@@QAEAAVBIG_INT@@PAX@Z

kernel32

GetPrivateProfileStructA
SetLastError
DeleteFileA
VirtualFreeEx
SetEvent
ReadConsoleInputExW
GetCurrentProcessId
InitializeSListHead
ExpandEnvironmentStringsW
GlobalFindAtomA
VirtualAlloc
GetCPInfo
HeapLock
LoadLibraryA
AddLocalAlternateComputerNameA
GetAtomNameA
GetModuleHandleA
GlobalCompact
SetFileApisToOEM
GetPrivateProfileStringA
SetThreadExecutionState
RemoveDirectoryA
GetEnvironmentStringsA
EnumTimeFormatsA
IsValidLocale

ntdll

RtlxOemStringToUnicodeSize
RtlLargeIntegerShiftLeft
ZwOpenObjectAuditAlarm
RtlGUIDFromString
NtQueryPortInformationProcess
NtAddBootEntry
NtCompareTokens
NtEnumerateSystemEnvironmentValuesEx
VerSetConditionMask
RtlSetTimeZoneInformation
NtQueryInformationJobObject
RtlDeleteAtomFromAtomTable
NtRaiseException
RtlNtStatusToDosErrorNoTeb
RtlValidateHeap
RtlIsValidIndexHandle
RtlDestroyEnvironment
RtlEnterCriticalSection
RtlGetAce

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0e71cd24f28a593894f808016b41b3df

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

crypt32

ifsutil

kernel32

ntdll

Sections

.text Size: 40KB - Virtual size: 39KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 3KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 40KB - Virtual size: 39KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB