e87f1cc09b4bd7632c1ccb4285516bf4d08cc728eaef22b5e26efc1b5795585f

Sharing

Copy URL Twitter E-mail

General

Target

e87f1cc09b4bd7632c1ccb4285516bf4d08cc728eaef22b5e26efc1b5795585f
Size

277KB
MD5

832a779ac3068511ca1f7e7fcf8c11d0
SHA1

1b7d943a11cf17cee0fd7698e16e2b0bc0dfb6f3
SHA256

e87f1cc09b4bd7632c1ccb4285516bf4d08cc728eaef22b5e26efc1b5795585f
SHA512

4dc95823837e77087ba2be879ea548a5291789bb9c9a85361521c9aa3a3abfa1037a098a1d01be0f516a0112b14b8f93177ca0b196119990587e15a4a8df1b64
SSDEEP

6144:/DQldJOxKXUb8Y3dPxQG43z5BhEeLljBeoOI8G1ioK9kc0JI/:/D2JOxKEb82y3z5B6eLljBeoGoK9R0JO

Score

N/A

Malware Config

Signatures

Files

e87f1cc09b4bd7632c1ccb4285516bf4d08cc728eaef22b5e26efc1b5795585f
.exe windows x64

c1c4d71a5d79034ef29c61d1b3f74e98

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

EncryptedFileKeyInfo
AddUsersToEncryptedFile
CryptAcquireContextW
FlushEfsCache
DecryptFileW
CryptReleaseContext
RegQueryValueExW
LookupAccountSidW
QueryRecoveryAgentsOnEncryptedFile
RegOpenKeyExW
CryptDestroyKey
SetUserFileEncryptionKey
AddUsersToEncryptedFileEx
FreeEncryptedFileKeyInfo
FreeEncryptionCertificateHashList
QueryUsersOnEncryptedFile
CryptGetUserKey
EncryptFileW
RegCloseKey
RemoveUsersFromEncryptedFile

kernel32

GetTempFileNameW
FindFirstFileW
FindVolumeClose
SetFilePointer
GetDriveTypeW
SetEndOfFile
SetErrorMode
VerSetConditionMask
CreateDirectoryW
GetComputerNameW
VirtualFree
ReadConsoleW
GetLastError
FindNextVolumeW
SetConsoleMode
GetFileAttributesW
CreateFileW
lstrcmpW
FlushFileBuffers
VerifyVersionInfoW
GetCurrentDirectoryW
SetLastError
GetFullPathNameW
GetDiskFreeSpaceW
FindClose
SetCurrentDirectoryW
RemoveDirectoryW
QueryDosDeviceW
DeviceIoControl
HeapSetInformation
FindNextFileW
GetDiskFreeSpaceExW
CloseHandle
FindFirstVolumeW
GetVolumeNameForVolumeMountPointW
GetVolumeInformationW
FreeLibrary
LoadLibraryExA
DelayLoadFailureHook
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep
LocalFree
GetFileType
VirtualAlloc
GetProcAddress
GetStdHandle
lstrlenW
WriteConsoleW
FormatMessageW
GetConsoleMode
WideCharToMultiByte
WriteFile
GetProcessHeap
GetModuleHandleW
HeapFree
HeapAlloc
GetVolumePathNameW
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter

msvcrt

_amsg_exit
_initterm
exit
_cexit
_exit
_XcptFilter
__C_specific_handler
__wgetmainargs
getchar
__setusermatherr
_fmode
__set_app_type
?terminate@@YAXXZ
memset
_commode
towupper
_putws
_iob
printf
fgetws
_wcsnicmp
_get_osfhandle
_vsnwprintf
_wcsicmp
wcschr
memcpy

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlNtStatusToDosError
RtlCaptureContext

rpcrt4

UuidCreate
RpcStringFreeW
UuidToStringW

user32

MessageBoxW

ntdsapi

DsCrackNamesW
DsFreeNameResultW
DsUnBindW
DsBindW

crypt32

CertOpenStore
CertGetEnhancedKeyUsage
CertFreeCertificateContext
CertAddCertificateContextToStore
CertFindCertificateInStore
CertCloseStore
CertGetCertificateContextProperty
CertEnumCertificatesInStore
CryptStringToBinaryW
PFXExportCertStoreEx
CryptQueryObject

bcrypt

BCryptGenerateSymmetricKey
BCryptCloseAlgorithmProvider
BCryptDestroyKey
BCryptOpenAlgorithmProvider
BCryptGenRandom
BCryptGetProperty
BCryptEncrypt

netapi32

DsRoleFreeMemory
DsRoleGetPrimaryDomainInformation

efsutil

EfsUtilGetCurrentUserInformation
EfsUtilCreateSelfSignedCertificate
EfsUtilGetSmartcardProviderName

Sections

.text
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 236KB - Virtual size: 460KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c1c4d71a5d79034ef29c61d1b3f74e98

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

ntdll

rpcrt4

user32

ntdsapi

crypt32

bcrypt

netapi32

efsutil

Sections

.text Size: 37KB - Virtual size: 36KB

.data Size: 512B - Virtual size: 10KB

.pdata Size: 1024B - Virtual size: 912B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 236KB - Virtual size: 460KB

.text
Size: 37KB - Virtual size: 36KB

.data
Size: 512B - Virtual size: 10KB

.pdata
Size: 1024B - Virtual size: 912B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 236KB - Virtual size: 460KB