5891d80bcf6d015c42f66906c3cb3b117d251cb591679e4aa897628868e5f161

Sharing

Copy URL Twitter E-mail

General

Target

5891d80bcf6d015c42f66906c3cb3b117d251cb591679e4aa897628868e5f161
Size

873KB
MD5

0eace95d2f40a272c06a79d49cffde66
SHA1

f6b5f932f8b5d698990458fc7307c36f3d3f841d
SHA256

5891d80bcf6d015c42f66906c3cb3b117d251cb591679e4aa897628868e5f161
SHA512

999c55f31c25001c02ad0b2d685198cfdeb4873ae3bb8773c9c8072da87b2c285dbab486a40b4e4cf50139c7f4c52a927c128c5633d3fde91b07ab7bf1fa3aad
SSDEEP

24576:5MFgEAO79FXUPVvjtdQ6Un1AejhTliVjeY3iWWt:5qXH9FKZjnQ3nWcliVjdz

Score

N/A

Malware Config

Signatures

Files

5891d80bcf6d015c42f66906c3cb3b117d251cb591679e4aa897628868e5f161
.exe windows x86

711adf7e756bc9bc75968a5ba8d25a64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

localeconv
_flushall
_adj_fdiv_m16i
__getmainargs
fscanf
setvbuf
_unlock
_setmode
exit
memchr
vwprintf
??0bad_cast@@QAE@ABV0@@Z
_CIlog10
__p__commode
_get_osfhandle
__iscsym
atan2
_mbsninc
??0exception@@QAE@ABQBD@Z
_fpreset
_wtmpnam
_setmaxstdio
_cexit
??4exception@@QAEAAV0@ABV0@@Z
_inp
_ecvt
strftime
vfprintf
_isatty
_ismbcspace
_except_handler3
__set_app_type

cryptext

CryptExtAddP7R
CryptExtAddCRL
CryptExtOpenCRL
CryptExtAddPFXW
CryptExtAddCERW
CryptExtAddCRLW
CryptExtOpenCAT
CryptExtOpenSTRW
CryptExtAddCER

kernel32

lstrcat
QueryActCtxW
IsDBCSLeadByteEx
ReadFileEx
GetThreadPriority
GlobalGetAtomNameA
GlobalFlags
GetOverlappedResult
InterlockedExchange
RegisterConsoleVDM
GetDefaultCommConfigW
SwitchToFiber
FreeLibrary
GetPrivateProfileStructA
LocalFileTimeToFileTime
LocalHandle
GetSystemInfo
QueryDosDeviceW
SetComputerNameExA
GetTickCount
ReadFileScatter
GetSystemPowerStatus
QueryMemoryResourceNotification
FindFirstFileA
ClearCommBreak
InterlockedPopEntrySList
WriteFileGather
SetThreadPriority
InitAtomTable
HeapSummary
HeapCreate
EnumUILanguagesA
GlobalUnlock
HeapFree
GetCommModemStatus
LoadLibraryW
SetFileTime
FindFirstVolumeA
SetVolumeMountPointA
lstrcpyW
OpenFileMappingW
GetBinaryType

secur32

AcquireCredentialsHandleW
SaslGetProfilePackageA
DecryptMessage
GetUserNameExA
QuerySecurityPackageInfoW
SaslInitializeSecurityContextW
LsaEnumerateLogonSessions
SecpTranslateNameEx
GetComputerObjectNameA
LsaGetLogonSessionData
SetContextAttributesA
QueryCredentialsAttributesW
InitSecurityInterfaceA
ImportSecurityContextA
EnumerateSecurityPackagesW
TranslateNameW
SealMessage
GetUserNameExW
GetSecurityUserInfo
CredUnmarshalTargetInfo
QuerySecurityPackageInfoA
LsaDeregisterLogonProcess
InitializeSecurityContextA
AddCredentialsA
SecpTranslateName
EnumerateSecurityPackagesA
UnsealMessage
LsaRegisterLogonProcess

advapi32

CryptSignHashW
InitializeAcl
FreeEncryptionCertificateHashList
GetManagedApplications
IsValidSecurityDescriptor
LsaCreateSecret
SystemFunction013
QueryTraceW
RegSetValueExW
CryptSignHashA
RegCreateKeyExW
CryptGenRandom
SetSecurityInfoExA
CryptDuplicateHash
LsaRetrievePrivateData
CryptSetProviderA

imagehlp

GetImageConfigInformation
SymEnumerateSymbolsW
ImageGetCertificateData
SymFunctionTableAccess64
SymEnumSymbols
SymSetContext
SymFromAddr
GetImageUnusedHeaderBytes
SymGetTypeInfo
SymGetSymNext
SymCleanup
SymGetLinePrev64

ir50_qcx

CompressQuery
CompressBegin
FreeInstanceData
SetCPUID
DllMain
CompressEnd
AllocInstanceData
Compress
SetScalability
CompressFramesInfo

user32

PostQuitMessage
DefWindowProcW
RegisterClassW

Sections

.text
Size: 442KB - Virtual size: 442KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 207KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

711adf7e756bc9bc75968a5ba8d25a64

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

cryptext

kernel32

secur32

advapi32

imagehlp

ir50_qcx

user32

Sections

.text Size: 442KB - Virtual size: 442KB

.rdata Size: 99KB - Virtual size: 98KB

.data Size: 207KB - Virtual size: 1.6MB

.rsrc Size: 122KB - Virtual size: 121KB

.reloc Size: 1024B - Virtual size: 936B

.text
Size: 442KB - Virtual size: 442KB

.rdata
Size: 99KB - Virtual size: 98KB

.data
Size: 207KB - Virtual size: 1.6MB

.rsrc
Size: 122KB - Virtual size: 121KB

.reloc
Size: 1024B - Virtual size: 936B