70fc7e792196f8f8a87351fcffaf8e44335068b48f5786e682c798d0f19bd5e5

Sharing

Copy URL Twitter E-mail

General

Target

70fc7e792196f8f8a87351fcffaf8e44335068b48f5786e682c798d0f19bd5e5
Size

835KB
MD5

1151eeb32c75e8a3116289e6325ac636
SHA1

0dd07fb58504c87e097f1be2237d30e701f80fdb
SHA256

70fc7e792196f8f8a87351fcffaf8e44335068b48f5786e682c798d0f19bd5e5
SHA512

62cad83c918500cbb354d421206ce38f0f2fda4d71f40bc258c7af5f8322c381ce22cadd1e931408a6529da9b8043f5c66addb79f7d1fc35126f77fd45f3e8a9
SSDEEP

12288:ux24+dTaCzYspuH/3jBXeOBROsjint1GLA3SS2enEL/ha+6fOY8PaD4rwxJi17jE:uevvMHbxeOBJuntQEiS2LLwjk0xQDI

Score

N/A

Malware Config

Signatures

Files

70fc7e792196f8f8a87351fcffaf8e44335068b48f5786e682c798d0f19bd5e5
.exe windows x86

e0c9596f3ff18f1f4a7b7bab036a848f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

ColorMatchToTarget
PATHOBJ_vEnumStart
GetCharacterPlacementA
GetEnhMetaFileHeader
EngFillPath
DPtoLP
GetBkMode
CreateCompatibleDC
GetWindowExtEx
EngUnlockSurface
EngLoadModule
DdEntry1
EnumMetaFile
SetDCPenColor
Ellipse
XFORMOBJ_iGetXform
GdiSetLastError
FONTOBJ_pvTrueTypeFontFile
CreateBitmap
CombineTransform
DdEntry51
GdiGetSpoolMessage
GetTextExtentExPointWPri
CreatePatternBrush
EndPath
DdEntry52
GetPixelFormat
CloseEnhMetaFile
EngAssociateSurface
SetSystemPaletteUse

winscard

SCardListReadersA
SCardTransmit
SCardLocateCardsA
SCardIntroduceReaderGroupW
SCardListCardsA
SCardLocateCardsByATRW
SCardLocateCardsW
SCardIntroduceReaderW
g_rgSCardT1Pci
SCardListInterfacesA
SCardListReaderGroupsW
SCardDisconnect
SCardForgetCardTypeA
SCardControl
SCardReleaseNewReaderEvent
SCardListInterfacesW
SCardAddReaderToGroupA
SCardReconnect
SCardReleaseContext
SCardEndTransaction
SCardRemoveReaderFromGroupA
SCardForgetReaderGroupW
SCardGetProviderIdW
SCardCancel
SCardForgetReaderA
SCardForgetCardTypeW

kernel32

FreeEnvironmentStringsA
CloseHandle
SetFileShortNameW
Process32NextW
CreateProcessInternalW
SetConsoleInputExeNameW
GetFileAttributesExA
HeapUnlock
ReadConsoleOutputW
GetTimeZoneInformation
SetConsoleCursor
FreeResource
SetComputerNameExA
DeleteCriticalSection
SetConsoleCursorInfo
SetComputerNameA
GetFirmwareEnvironmentVariableW
GetConsoleKeyboardLayoutNameA
GetTickCount
GetCPInfoExA
CreateActCtxA
BuildCommDCBA
LeaveCriticalSection
EnumTimeFormatsW
lstrcat
ScrollConsoleScreenBufferW
ReleaseMutex
GetThreadLocale
EnumSystemLanguageGroupsA
RtlCaptureStackBackTrace
GetPrivateProfileSectionNamesA
CallNamedPipeA
GetFullPathNameA
GetSystemWow64DirectoryA
SetLastError
LoadLibraryW

esent

JetCloseTable@8
JetDelete
JetSetIndexRange
JetDeleteColumn2
JetRestore2
JetMakeKey@20
JetDeleteIndex
JetGetTruncateLogInfoInstance
JetCreateTableColumnIndex2
JetCloseDatabase

msvcirt

??0ofstream@@QAE@HPADH@Z
?tellp@ostream@@QAEJXZ
??_8stdiostream@@7Bostream@@@
?rdbuf@ios@@QBEPAVstreambuf@@XZ
??1filebuf@@UAE@XZ
?write@ostream@@QAEAAV1@PBEH@Z
??5istream@@QAEAAV0@AAD@Z
??6ostream@@QAEAAV0@C@Z
??6ostream@@QAEAAV0@G@Z
?delbuf@ios@@QAEXH@Z
??5istream@@QAEAAV0@P6AAAV0@AAV0@@Z@Z
?base@streambuf@@IBEPADXZ
??4istream_withassign@@QAEAAVistream@@ABV1@@Z
?get@istream@@QAEAAV1@AAD@Z
??0ostream_withassign@@QAE@ABV0@@Z
?opfx@ostream@@QAEHXZ
?cerr@@3Vostream_withassign@@A
?endl@@YAAAVostream@@AAV1@@Z

ntdll

NtCreateToken
RtlLengthSid
ZwQueryMutant
ZwQueryObject
LdrInitShimEngineDynamic
LdrUnloadAlternateResourceModule
RtlCutoverTimeToSystemTime
RtlDeleteSecurityObject
RtlApplicationVerifierStop
RtlSetAllBits
ZwResetWriteWatch
RtlIsGenericTableEmpty
strcpy
ZwCreateDirectoryObject
NtMapUserPhysicalPagesScatter
NtAccessCheckByTypeAndAuditAlarm
NtEnumerateSystemEnvironmentValuesEx
ZwIsProcessInJob
_vsnwprintf
NtPlugPlayControl
ZwWaitHighEventPair
NtOpenMutant
RtlConvertExclusiveToShared
RtlImpersonateSelf
NtQuerySystemInformation
RtlFindCharInUnicodeString

Sections

.text
Size: 362KB - Virtual size: 361KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 189KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 191KB - Virtual size: 191KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e0c9596f3ff18f1f4a7b7bab036a848f

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

winscard

kernel32

esent

msvcirt

ntdll

Sections

.text Size: 362KB - Virtual size: 361KB

.rdata Size: 90KB - Virtual size: 90KB

.data Size: 189KB - Virtual size: 1.6MB

.rsrc Size: 191KB - Virtual size: 191KB

.reloc Size: 1024B - Virtual size: 992B

.text
Size: 362KB - Virtual size: 361KB

.rdata
Size: 90KB - Virtual size: 90KB

.data
Size: 189KB - Virtual size: 1.6MB

.rsrc
Size: 191KB - Virtual size: 191KB

.reloc
Size: 1024B - Virtual size: 992B