2ed6d97c95fbd706daae257e2a340df3cfb99761e662f850ca973fb6294cc981

Sharing

Copy URL Twitter E-mail

General

Target

2ed6d97c95fbd706daae257e2a340df3cfb99761e662f850ca973fb6294cc981
Size

835KB
MD5

0f2f2debe454388a3b460faee0bfb014
SHA1

da646774f602d66b16ab93ad3ae8aba80974ce67
SHA256

2ed6d97c95fbd706daae257e2a340df3cfb99761e662f850ca973fb6294cc981
SHA512

3fd8f335c9fa45df29771f5d0acce1ada0267368c69a9751ddb5a3cf0b31004eaad0c96c60c9ce2aae4b2d898c5f4b89f4fbc80fccb5ea08802f8cef29a6e67d
SSDEEP

12288:po1uVKG8OnAEG8Iyt6O0s/CKHBWG6ifnTaxiPBb6n0vf6CFloxKrAe3ef9Ts:pOyiOnAEcy6Fu1HB1fnBzpdT09

Score

N/A

Malware Config

Signatures

Files

2ed6d97c95fbd706daae257e2a340df3cfb99761e662f850ca973fb6294cc981
.exe windows x86

86367613a4073f22d744e8e599689276

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

scrobj

DllInstall
DllRegisterServerExW
DllRegisterServerEx
GenerateTypeLibW
DllUnregisterServerEx
GenerateTypeLib
DllRegisterServerExA

kernel32

LoadLibraryA
GetSystemTimeAsFileTime
GetSystemDirectoryA
GetCurrentThread
GetStartupInfoA
_lopen
UnlockFile
RequestDeviceWakeup
GetConsoleInputWaitHandle
GetStringTypeW
BuildCommDCBW
IsValidCodePage
GetTimeZoneInformation
GetConsoleAliasA
WaitCommEvent
GetThreadSelectorEntry
GetFirmwareEnvironmentVariableW
LocalAlloc
EnumCalendarInfoExA
SetLastError

ntdll

RtlEnumerateGenericTableWithoutSplayingAvl
DbgUiConvertStateChangeStructure
NtCreatePort
NtOpenMutant
NtQueryIoCompletion
RtlCaptureStackBackTrace
NtCreateSymbolicLinkObject
RtlInitializeSid
NtFindAtom
RtlpNtEnumerateSubKey
ZwProtectVirtualMemory
RtlInitUnicodeString
RtlFindLastBackwardRunClear
NtSetDefaultUILanguage
NtQueryTimer
NtCreateSemaphore
RtlAddAuditAccessAce
RtlUpperChar
ZwCreateWaitablePort
LdrLoadAlternateResourceModule

rasman

RasSetCalledIdInfo
RasSecurityDialogSend
RasRpcRemoteRasDeleteEntry
RasPortGetInfo
RasRpcDeviceEnum
RasRpcConnect
RasPortSetFramingEx
RasRpcDisconnect
RasGetBuffer
RasRpcGetUserPreferences
RasLinkGetStatistics
RasServerPortClose
RasDeviceEnum
RasGetFramingCapabilities

certcli

CAFreeCertTypeExtensions
CACertTypeAccessCheck
CASetCAFlags
CAUpdateCA

Sections

.text
Size: 427KB - Virtual size: 427KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 181KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

86367613a4073f22d744e8e599689276

Headers

File Characteristics

Imports

scrobj

kernel32

ntdll

rasman

certcli

Sections

.text Size: 427KB - Virtual size: 427KB

.rdata Size: 152KB - Virtual size: 151KB

.data Size: 181KB - Virtual size: 1.5MB

.rsrc Size: 73KB - Virtual size: 72KB

.reloc Size: 1024B - Virtual size: 29KB

.text
Size: 427KB - Virtual size: 427KB

.rdata
Size: 152KB - Virtual size: 151KB

.data
Size: 181KB - Virtual size: 1.5MB

.rsrc
Size: 73KB - Virtual size: 72KB

.reloc
Size: 1024B - Virtual size: 29KB