c683907e2cc10c83384518f10138d97e18777ade1e1fc9e8d1f21b58fc044428

Sharing

Copy URL Twitter E-mail

General

Target

c683907e2cc10c83384518f10138d97e18777ade1e1fc9e8d1f21b58fc044428
Size

598KB
MD5

eca53df87c27622a5150079fce962880
SHA1

15141291cbdde5820555fc0e293492b7ef1eceff
SHA256

c683907e2cc10c83384518f10138d97e18777ade1e1fc9e8d1f21b58fc044428
SHA512

3853ad065d72ada8e2ee3993cef0bb8cf589862df646920c6c89a12f69d3d505b8366d874b2f262c44bb185aa423957f5a4308227871f0cd665781b2d3e98aad
SSDEEP

12288:3VlW80iSkUOvZ6qGeFbmHqTa99JmR3aV/Gfz1Hc2YJ+r8xLwVTYO:FMwbZlgHqS7m3IkZYJ+RmO

Score

N/A

Malware Config

Signatures

Files

c683907e2cc10c83384518f10138d97e18777ade1e1fc9e8d1f21b58fc044428
.exe windows x86

f812a84a1f93b1bba884c9265ed69e83

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shimeng

SE_DllLoaded
SE_ProcessDying
SE_InstallAfterInit
SE_IsShimDll

acledit

EditOwnerInfo
EditAuditInfo
SedTakeOwnership

wtsapi32

WTSQuerySessionInformationA
WTSVirtualChannelOpen
WTSRegisterSessionNotification
WTSEnumerateProcessesA
WTSVirtualChannelWrite
WTSVirtualChannelClose
WTSQueryUserToken
WTSLogoffSession
WTSOpenServerA
WTSSendMessageA
WTSSetSessionInformationA
WTSUnRegisterSessionNotification
WTSWaitSystemEvent
WTSEnumerateSessionsA
WTSVirtualChannelRead
WTSFreeMemory
WTSVirtualChannelPurgeInput

kernel32

InterlockedDecrement
SetVolumeLabelW
CreateMutexA
GetLocalTime
GetModuleHandleA
lstrcmpiA
DeviceIoControl
InterlockedExchange
GetProcAddress
GetBinaryTypeA
GetTickCount
GetDiskFreeSpaceA
QueryDosDeviceA
VirtualQuery
SetFileAttributesA
GetProcessHeap
GetFullPathNameA
SetCurrentDirectoryA
TlsGetValue
GetFileType
CompareStringA
PurgeComm
GetAtomNameA

msimg32

AlphaBlend
DllInitialize

shlwapi

UrlGetPartA
PathCombineA
UrlUnescapeA
UrlGetLocationA
UrlCompareA
PathCommonPrefixA
UrlCombineA
UrlCreateFromPathA
PathCompactPathA
UrlHashA
UrlIsOpaqueA
UrlIsNoHistoryA

user32

IsCharLowerA
IsZoomed
SetFocus
DrawIcon
LoadCursorA
GetMessageA
wsprintfA
SetCursorPos
CreateWindowExA
GetWindowTextA
PostMessageA
GetCaretPos

crypt32

CryptFindOIDInfo
CertGetNameStringA
CertCompareCertificate
CertFindCRLInStore
CertDuplicateStore
CertCreateContext
CertFindExtension
CertFindChainInStore
CertOpenStore
CertFreeCRLContext
CertControlStore
CertSaveStore
CryptEnumOIDInfo
CertCloseStore
CertCreateCRLContext
CertNameToStrA
CertDeleteCRLFromStore

Sections

.text
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 522KB - Virtual size: 521KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f812a84a1f93b1bba884c9265ed69e83

Headers

File Characteristics

Imports

shimeng

acledit

wtsapi32

kernel32

msimg32

shlwapi

user32

crypt32

Sections

.text Size: 61KB - Virtual size: 61KB

.data Size: 3KB - Virtual size: 3KB

.rsrc Size: 522KB - Virtual size: 521KB

.reloc Size: 10KB - Virtual size: 9KB

.text
Size: 61KB - Virtual size: 61KB

.data
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 522KB - Virtual size: 521KB

.reloc
Size: 10KB - Virtual size: 9KB