5e773af13da0adc6c8a77ee0ad2f00e39a213d9ef386ea4110f0457c098d4132

Sharing

Copy URL Twitter E-mail

General

Target

5e773af13da0adc6c8a77ee0ad2f00e39a213d9ef386ea4110f0457c098d4132
Size

829KB
MD5

12577c034bb335a523cb1695c4138ec7
SHA1

d86fae765c8aec58480770320e10526f9f873aef
SHA256

5e773af13da0adc6c8a77ee0ad2f00e39a213d9ef386ea4110f0457c098d4132
SHA512

44872f26171f401bbda64564b05e4db3174294616ecb9292085fc6fc6e979b3918ce549d98606c6a6e95f965cc294125128f56ff17b68de0554f4d80d4c5b9a9
SSDEEP

24576:/XwTdA7fwAe03Fwx02SBVi7JQmNy9v7Ni:r1tm0nBVi7JQmNyJc

Score

N/A

Malware Config

Signatures

Files

5e773af13da0adc6c8a77ee0ad2f00e39a213d9ef386ea4110f0457c098d4132
.exe windows x86

f73ac55f540ed556f48c7ee3e8eee816

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

inetcomm

EssReceiptDecodeEx
HrAttachDataFromBodyPart
EssReceiptEncodeEx
MimeOleCreateHeaderTable
MimeOleGetCodePageCharset
HrGetDisplayNameWithSizeForFile
MimeOleSMimeCapGetHashAlg
HrGetLastOpenFileDirectoryW
GetDllMajorVersion
MimeOleGetCodePageInfo
MimeOleSetDefaultCharset
MimeOleCreateSecurity
EssContentHintDecodeEx
EssReceiptRequestEncodeEx
MimeOleCreateMessageParts

kernel32

SetDefaultCommConfigW
GetDiskFreeSpaceA
CreateMutexW
SetupComm
DebugSetProcessKillOnExit
LoadLibraryW
SetErrorMode
FillConsoleOutputAttribute
HeapCreate
DosPathToSessionPathA
GetDateFormatA
GetVolumePathNamesForVolumeNameA
PrivMoveFileIdentityW
DebugBreak
GetCommMask
LockFile
SetProcessPriorityBoost
LoadModule
GetCurrentActCtx
GetCurrentConsoleFont
CreateEventA
LocalLock
GetOEMCP
GetUserDefaultLangID
GetConsoleTitleA
GetCurrencyFormatW
GetProcessPriorityBoost
GetDevicePowerState
GetVolumePathNameW
ShowConsoleCursor
WriteProfileSectionW
GetLocaleInfoW
GetFirmwareEnvironmentVariableA
RemoveDirectoryW
RtlZeroMemory
ChangeTimerQueueTimer
PeekNamedPipe
GetConsoleAliasExesA
GetVolumeInformationA
EnumTimeFormatsA
DeleteFiber
GetNumberOfConsoleMouseButtons
SetConsoleMenuClose
lstrcmpiA
FindFirstVolumeMountPointA
lstrcpyW
CreateFileMappingW
ResetEvent

wshrm

WSHGetSocketInformation
WSHGetWildcardSockaddr
WSHSetSocketInformation
WSHIoctl
WSHGetSockaddrType
WSHGetBroadcastSockaddr
WSHStringToAddress
WSHGetWinsockMapping
WSHGetWSAProtocolInfo
WSHOpenSocket2
WSHEnumProtocols
WSHNotify
WSHAddressToString
WSHGetProviderGuid
WSHJoinLeaf

security

ImpersonateSecurityContext
SealMessage
EncryptMessage
EnumerateSecurityPackagesW
AcquireCredentialsHandleA
FreeCredentialsHandle
InitSecurityInterfaceW
AddSecurityPackageW
ExportSecurityContext
QueryCredentialsAttributesA
RevertSecurityContext
QueryContextAttributesA
AddSecurityPackageA
DeleteSecurityContext
DeleteSecurityPackageW
AcquireCredentialsHandleW

imagehlp

SymGetLineNext64
SymEnumSymbols
UnmapDebugInformation
SymGetTypeFromName
SymGetSymFromName64
GetTimestampForLoadedLibrary
SymGetSymFromAddr64
ImageAddCertificate
ImageUnload
UnMapAndLoad
SymGetSymFromAddr
SymCleanup
StackWalk64
SymUnDName64
SymUnloadModule64
SymGetModuleInfo64
UpdateDebugInfoFileEx
SymFindFileInPath
MapFileAndCheckSumW
SymGetLineFromName64
FindFileInSearchPath
BindImageEx
SymRegisterFunctionEntryCallback
SymSetContext
RemovePrivateCvSymbolicEx
TouchFileTimes

advapi32

SystemFunction017
SystemFunction007
CryptSetProviderExA
DeleteService
IsWellKnownSid
FreeEncryptionCertificateHashList
RegisterEventSourceW
CreateServiceW
SaferiChangeRegistryScope
SystemFunction014
RegOpenKeyA
StartServiceA
WmiQuerySingleInstanceMultipleA

Sections

.text
Size: 400KB - Virtual size: 400KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 157KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 162KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 852B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f73ac55f540ed556f48c7ee3e8eee816

Headers

DLL Characteristics

File Characteristics

Imports

inetcomm

kernel32

wshrm

security

imagehlp

advapi32

Sections

.text Size: 400KB - Virtual size: 400KB

.rdata Size: 107KB - Virtual size: 106KB

.data Size: 157KB - Virtual size: 1.6MB

.rsrc Size: 162KB - Virtual size: 161KB

.reloc Size: 1024B - Virtual size: 852B

.text
Size: 400KB - Virtual size: 400KB

.rdata
Size: 107KB - Virtual size: 106KB

.data
Size: 157KB - Virtual size: 1.6MB

.rsrc
Size: 162KB - Virtual size: 161KB

.reloc
Size: 1024B - Virtual size: 852B