060a27c1ef5f5f559ba4253d959b57a72fea51522ca79f0d9b0094493ed9672e

Sharing

Copy URL

Twitter E-mail

General

Target

060a27c1ef5f5f559ba4253d959b57a72fea51522ca79f0d9b0094493ed9672e
Size

662KB
MD5

a2ea47d71458ce4e0c6e8bb740cc1f20
SHA1

a5501bc3b058e68bab03606bbc7789d970753082
SHA256

060a27c1ef5f5f559ba4253d959b57a72fea51522ca79f0d9b0094493ed9672e
SHA512

e76db164d5da475e8bad4c30a8359c753c0e91298c21a1139f97f3fb2b835ea0a60933fccb9e65ea5091977d4aec5c38ba85ce10ce05fe9767c852ceb3fdde13
SSDEEP

12288:E3gSutgx7oMVn4wFhrKrUMvw1SNxZN0Cu0lL9CstQIm0C0Rj4:BgxkMSfIMvSSNpL1ztQR0u

Score

N/A

Malware Config

Signatures

Files

060a27c1ef5f5f559ba4253d959b57a72fea51522ca79f0d9b0094493ed9672e
.exe windows x86

e3b436001f097744f8f431781392493c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

mscms

IsColorProfileValid
InstallColorProfileW
InternalGetPS2ColorRenderingDictionary
InternalGetPS2PreviewCRD
EnumColorProfilesW
TranslateBitmapBits
GetColorDirectoryA
CloseColorProfile
GetColorProfileHeader
InternalGetPS2ColorSpaceArray
GetColorProfileElement
DeleteColorTransform
CreateColorTransformA
GetStandardColorSpaceProfileW
EnumColorProfilesA
CreateColorTransformW
OpenColorProfileA
OpenColorProfileW
InternalGetPS2CSAFromLCS
UninstallColorProfileW

secur32

FreeCredentialsHandle
FreeContextBuffer
ApplyControlToken
DeleteSecurityContext
LsaFreeReturnBuffer
LsaLogonUser
InitializeSecurityContextW
GetUserNameExW
LsaRegisterPolicyChangeNotification
LsaCallAuthenticationPackage
InitSecurityInterfaceW
LsaUnregisterPolicyChangeNotification
QuerySecurityPackageInfoW
EnumerateSecurityPackagesW
QuerySecurityContextToken
DecryptMessage
LsaDeregisterLogonProcess
QueryContextAttributesW
AcceptSecurityContext
LsaGetLogonSessionData
LsaLookupAuthenticationPackage
LsaRegisterLogonProcess
EncryptMessage
LsaConnectUntrusted
AcquireCredentialsHandleW
GetComputerObjectNameW
TranslateNameW

shlwapi

SHOpenRegStream2W
StrCmpW
StrCmpNIW
PathIsURLA
ChrCmpIA
UrlCombineW
PathRenameExtensionW
StrStrW
PathGetCharTypeW
SHCreateStreamOnFileEx
SHRegSetPathW
PathQuoteSpacesA
PathAddBackslashA
AssocQueryStringW
SHRegGetUSValueA

advapi32

RegSetKeySecurity
SetFileSecurityA
GetSidSubAuthorityCount
SetSecurityDescriptorOwner
StartServiceCtrlDispatcherA
BuildExplicitAccessWithNameW
LsaOpenTrustedDomainByName
SetKernelObjectSecurity
GetCurrentHwProfileW
LsaEnumerateTrustedDomains
AddAuditAccessAceEx
GetSecurityDescriptorControl
CryptDecrypt
LsaClose
SetSecurityDescriptorSacl
CopySid
GetServiceKeyNameW
CryptImportKey
LsaRemoveAccountRights
RegEnumValueA
BuildExplicitAccessWithNameA
SystemFunction004
DecryptFileW
GetNamedSecurityInfoW
GetLengthSid
CreatePrivateObjectSecurity

odbc32

SearchStatusCode
LockHandle
CursorLibLockDesc
CursorLibLockDbc
ValidateErrorQueue
PostODBCComponentError
VFreeErrors
PostODBCError
CursorLibLockStmt
SQLNativeSql
CursorLibTransact
VRetrieveDriverErrorsRowCol

kernel32

VirtualAlloc
GetConsoleCP
QueryDosDeviceW
VerLanguageNameA
EnumResourceTypesA
WaitForSingleObjectEx
GetModuleFileNameA
GetPrivateProfileSectionNamesA
FileTimeToSystemTime
EnumResourceNamesA
SetComputerNameExW
InterlockedCompareExchange
EnumSystemCodePagesA
DeviceIoControl
LocalCompact
InterlockedExchangeAdd
FillConsoleOutputAttribute
EnumSystemLocalesW
GetDriveTypeW
InterlockedDecrement
SetMailslotInfo

msvcrt

ldexp
fgets
_splitpath
_CIfmod
_CIsin
_unlink
_fstat
setbuf
ldiv
iswxdigit
iswpunct
_wcsicoll
putchar
wprintf
fprintf
__winitenv
_iob
sprintf
_wunlink
memcmp
clearerr
_wchmod
_tzset
_mbsicmp

Sections

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 27KB - Virtual size: 351KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: 314KB - Virtual size: 548KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 273KB - Virtual size: 363KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 218B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e3b436001f097744f8f431781392493c

Headers

DLL Characteristics

File Characteristics

Imports

mscms

secur32

shlwapi

advapi32

odbc32

kernel32

msvcrt

Sections

.data Size: 3KB - Virtual size: 2KB

.text Size: 27KB - Virtual size: 351KB

.bss Size: 314KB - Virtual size: 548KB

.rdata Size: 273KB - Virtual size: 363KB

.rsrc Size: 43KB - Virtual size: 42KB

.reloc Size: 1024B - Virtual size: 218B

.data
Size: 3KB - Virtual size: 2KB

.text
Size: 27KB - Virtual size: 351KB

.bss
Size: 314KB - Virtual size: 548KB

.rdata
Size: 273KB - Virtual size: 363KB

.rsrc
Size: 43KB - Virtual size: 42KB

.reloc
Size: 1024B - Virtual size: 218B