a4ce66e3e03ce24fabd69fb5a287333d237706b335381fb62cd478180480ae74

Sharing

Copy URL Twitter E-mail

General

Target

a4ce66e3e03ce24fabd69fb5a287333d237706b335381fb62cd478180480ae74
Size

346KB
MD5

0655a9492295b177840241473ce7ce29
SHA1

c087e7291885b51bae827c553b3643d2b7261cb2
SHA256

a4ce66e3e03ce24fabd69fb5a287333d237706b335381fb62cd478180480ae74
SHA512

5cfb010d658a48a1834b1e1c4edf6a273923add4ab45494aa543038e6cf8bf53031d9639bc45a10e9f11941eb06a66111862ad6a15df962077c1aceed0d761ec
SSDEEP

6144:iaDcFbqnOBnf7R9OKvs2bLjEvpsKgUVCreWIY4AfZ9Yqa1+UGOAG:iWc4nOBnfdPE2vjEvpsK7oyWIYzPYqan

Score

N/A

Malware Config

Signatures

Files

a4ce66e3e03ce24fabd69fb5a287333d237706b335381fb62cd478180480ae74
.exe windows x86

f6291dd1639861b6a09b15bfa17844fd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MapViewOfFileEx
DuplicateHandle
LoadLibraryExW
GetVersion
RaiseException
FreeLibrary
GetProcAddress
GetModuleFileNameW
GetLastError
OutputDebugStringA
LoadLibraryW
GetModuleHandleW
GetModuleHandleA
SetLastError
GetFileAttributesW
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
SetFilePointer
LoadLibraryA
MoveFileExW
DeleteFileW
CloseHandle
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
InitializeCriticalSection
GetTempFileNameW
EnterCriticalSection
GetFileAttributesExW
LeaveCriticalSection
DeleteCriticalSection
CreateFileMappingW
MapViewOfFile
InterlockedIncrement
InterlockedExchange
InterlockedDecrement
UnmapViewOfFile
WideCharToMultiByte
Sleep
MultiByteToWideChar
GetProcessId
WaitForSingleObject
GetExitCodeProcess
CreateFileW
WriteFile
GetFileSizeEx
ReadFile
GetCurrentProcess
LocalFree
LocalAlloc
OpenProcess
TerminateProcess
GetSystemTimeAsFileTime
CreateProcessW
LCMapStringW
lstrlenW
CreateMutexW
CreateEventW
ReleaseMutex
OpenEventW
FindFirstFileW
FindNextFileW
FindClose
VerifyVersionInfoW
GetCurrentProcessId
VerSetConditionMask
GetTempPathW
FormatMessageW
GetSystemInfo
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetVersionExA
GetACP
GetLocaleInfoA
GetThreadLocale
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
VirtualProtect
VirtualAlloc
VirtualQuery
RtlUnwind
LCMapStringA
GetCPInfo
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
ExitProcess
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetOEMCP
IsValidCodePage
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetStringTypeA
GetStringTypeW

wintrust

WinVerifyTrust

advapi32

CryptVerifySignatureW
CryptHashData
CryptCreateHash
CryptAcquireContextW
RegNotifyChangeKeyValue
RegQueryInfoKeyW
RegCreateKeyExW
GetSidSubAuthorityCount
GetSidIdentifierAuthority
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
CopySid
CryptDestroyHash
CryptDestroyKey
RegEnumValueW
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
GetSecurityDescriptorControl
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegDeleteKeyW
RegQueryValueExW
RegSetValueExW
RegDeleteValueW
OpenProcessToken
GetTokenInformation
ConvertSidToStringSidW
InitializeAcl
IsValidSid
GetAclInformation
InitializeSecurityDescriptor
MakeAbsoluteSD
GetSidSubAuthority
AddAce
RegFlushKey
GetAce
MakeSelfRelativeSD
GetSecurityDescriptorLength
InitializeSid
GetSidLengthRequired
GetLengthSid
SetSecurityDescriptorDacl

ole32

CoInitialize
CoUninitialize
CoCreateInstance
StringFromGUID2
CoCreateGuid
OleRun

shell32

ord165
SHGetFolderPathW

shlwapi

PathIsDirectoryW
PathCombineW
PathAppendW
PathFileExistsW
PathCanonicalizeW

userenv

UnloadUserProfile

user32

UnregisterClassA

crypt32

CertFreeCertificateChain
CertGetNameStringW
CertVerifyCertificateChainPolicy
CertGetCertificateChain
CertCreateContext
CryptImportPublicKeyInfo
CertEnumCertificatesInStore
CryptQueryObject
CertNameToStrW
CertFreeCertificateContext
CertDuplicateCertificateContext

version

GetFileVersionInfoW
GetFileVersionInfoSizeW

msi

ord141
ord238
ord175

Sections

.text
Size: 178KB - Virtual size: 177KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 6KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.0rdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f6291dd1639861b6a09b15bfa17844fd

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

wintrust

advapi32

ole32

shell32

shlwapi

userenv

user32

crypt32

version

msi

Sections

.text Size: 178KB - Virtual size: 177KB

.rdata Size: 32KB - Virtual size: 32KB

.data Size: 6KB - Virtual size: 45KB

.rsrc Size: 40KB - Virtual size: 40KB

.reloc Size: 14KB - Virtual size: 14KB

.0rdata Size: 68KB - Virtual size: 68KB

.text
Size: 178KB - Virtual size: 177KB

.rdata
Size: 32KB - Virtual size: 32KB

.data
Size: 6KB - Virtual size: 45KB

.rsrc
Size: 40KB - Virtual size: 40KB

.reloc
Size: 14KB - Virtual size: 14KB

.0rdata
Size: 68KB - Virtual size: 68KB