4b7a0dca86a32eb365764878224e340d4b7286de211aaeb3c2bcd8054fd50b03

Sharing

Copy URL

Twitter E-mail

General

Target

4b7a0dca86a32eb365764878224e340d4b7286de211aaeb3c2bcd8054fd50b03
Size

328KB
MD5

30ad6d946333878f4d52bb6be64fbd60
SHA1

6c8049b3424ad377d97da7e4ad6fb59dbc6e318e
SHA256

4b7a0dca86a32eb365764878224e340d4b7286de211aaeb3c2bcd8054fd50b03
SHA512

bd1360f23e7316d35363fec8e8c5a3cd6e22e322c0c03c76967a859622be9267be76e9115e8a7f9ba165cda6ba447bacb0a1c0e6a5a936b330c8afb8e1fb980c
SSDEEP

6144:wAUP/5P8145SmKapOTIen0MW5wxT9JgabUD6osOlbM8axHb2bapaXip:wPP/d81MKiOltWSxThoD6CbM8+2btM

Score

N/A

Malware Config

Signatures

Files

4b7a0dca86a32eb365764878224e340d4b7286de211aaeb3c2bcd8054fd50b03
.exe windows x86

b1ab657a2cf128a883db4ea9a4dd248f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsBadCodePtr
IsBadReadPtr
lstrlenW
CreateFileW
SetLastError
LocalFree
UnhandledExceptionFilter
GetTimeFormatW
GetComputerNameExW
GetModuleFileNameW
GetConsoleOutputCP
LocalAlloc
WriteConsoleW
QueryPerformanceCounter
ExitProcess
GetSystemDirectoryW
FreeLibrary
ReadFile
ReadConsoleW
HeapSize
GetProcessHeap
HeapValidate
WideCharToMultiByte
MultiByteToWideChar
CompareStringA
GetThreadLocale
lstrlenA
GetFileType
VerSetConditionMask
VerifyVersionInfoW
FileTimeToSystemTime
CloseHandle

user32

GetWindowTextLengthA
EndDialog
wsprintfW
LoadStringW
CharUpperW
GetCursor

advapi32

EqualPrefixSid
AddAccessDeniedObjectAce
FindFirstFreeAce
AddAccessDeniedAce
SetSecurityDescriptorControl
FreeSid
GetUserNameW
RegCreateKeyExA
AdjustTokenPrivileges
IsValidSecurityDescriptor
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
AllocateAndInitializeSid

ole32

CoTaskMemFree
CoTaskMemAlloc
CoInitializeEx
CoUninitialize

version

GetFileVersionInfoW
GetFileVersionInfoSizeW

msvcrt

wcslen
wcscpy
wcscmp
wcscat
wcschr
time
malloc
memmove
wcstol
wcstoul
fflush
fprintf
swprintf
wcsncpy
free

secur32

DeleteSecurityContext
QueryContextAttributesW
AcceptSecurityContext

crypt32

CertOpenStore
CertFindCertificateInStore
CertCloseStore
CertFreeCertificateContext
CertEnumCertificatesInStore
CertOpenSystemStoreW
CertCreateCertificateContext
CertAddEncodedCertificateToStore
CertVerifyTimeValidity
CertVerifySubjectCertificateContext
CertRDNValueToStrW
CertDeleteCertificateFromStore

shlwapi

StrChrIW
StrStrIW
StrStrW

rpcrt4

RpcStringFreeW
RpcBindingFree
UuidFromStringW
RpcStringBindingComposeW
RpcBindingSetAuthInfoExW
RpcMgmtInqServerPrincNameW
RpcImpersonateClient
RpcRevertToSelf
RpcCancelThread

Sections

.text
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.4
Size: 4KB - Virtual size: 986B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.6
Size: 4KB - Virtual size: 479B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 32KB - Virtual size: 320KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b1ab657a2cf128a883db4ea9a4dd248f

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

version

msvcrt

secur32

crypt32

shlwapi

rpcrt4

Sections

.text Size: 40KB - Virtual size: 37KB

.4 Size: 4KB - Virtual size: 986B

.6 Size: 4KB - Virtual size: 479B

.data Size: 32KB - Virtual size: 320KB

.rsrc Size: 16KB - Virtual size: 12KB

.text
Size: 40KB - Virtual size: 37KB

.4
Size: 4KB - Virtual size: 986B

.6
Size: 4KB - Virtual size: 479B

.data
Size: 32KB - Virtual size: 320KB

.rsrc
Size: 16KB - Virtual size: 12KB