b1ff292ecf274e0834923791eda5558096d9ce97f121d4379187a10b3743fb85

Sharing

Copy URL Twitter E-mail

General

Target

b1ff292ecf274e0834923791eda5558096d9ce97f121d4379187a10b3743fb85
Size

83KB
MD5

83b0f975fc5917721b144cc6b658a230
SHA1

b0891926e2f6ddb8ef37a5ff8e6d38622106cf36
SHA256

b1ff292ecf274e0834923791eda5558096d9ce97f121d4379187a10b3743fb85
SHA512

e13ebfe4f1fbec910da51b914844b96b9e94058ed1989416e81fdf80f0ca37138fda5b675b177542af8083248b2f04185adef41357150c66ac38571ce27aa693
SSDEEP

1536:n+56mDrreRaJSbvZuo1r4m6offtfFTVfwEw5W:nzm3CnbvZjBRJnttTVfj

Score

N/A

Malware Config

Signatures

Files

b1ff292ecf274e0834923791eda5558096d9ce97f121d4379187a10b3743fb85
.exe windows x86

b5835305e2768d527690ea656b2018bf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
GetProcAddress
Sleep
VirtualAllocEx
ExitProcess
HeapReAlloc
HeapAlloc
GetStringTypeW
MultiByteToWideChar
LCMapStringW
HeapSize
RtlUnwind
HeapFree
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetCurrentProcess
TerminateProcess
IsDebuggerPresent
UnhandledExceptionFilter
LoadLibraryW
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetCommandLineA
HeapSetInformation
GetStartupInfoW
SetUnhandledExceptionFilter
GetModuleHandleW
DecodePointer
WriteFile
GetStdHandle
GetModuleFileNameW
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
GetLastError
InterlockedDecrement
HeapCreate
IsProcessorFeaturePresent

secur32

AcceptSecurityContext
DeleteSecurityContext
DecryptMessage
FreeCredentialsHandle
MakeSignature
ExportSecurityContext
CompleteAuthToken
EncryptMessage
ApplyControlToken
VerifySignature

wsnmp32

ord502
ord600
ord206
ord205
ord400
ord902
ord402
ord901
ord200
ord102
ord106
ord605
ord107
ord401

rpcrt4

RpcServerUseProtseqA

Sections

.lolas
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zdrjk
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b5835305e2768d527690ea656b2018bf

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

secur32

wsnmp32

rpcrt4

Sections

.lolas Size: 24KB - Virtual size: 24KB

.rdata Size: 18KB - Virtual size: 18KB

.data Size: 3KB - Virtual size: 80KB

.zdrjk Size: 26KB - Virtual size: 26KB

.rsrc Size: 10KB - Virtual size: 9KB

.lolas
Size: 24KB - Virtual size: 24KB

.rdata
Size: 18KB - Virtual size: 18KB

.data
Size: 3KB - Virtual size: 80KB

.zdrjk
Size: 26KB - Virtual size: 26KB

.rsrc
Size: 10KB - Virtual size: 9KB