911f403955dc1ddd5246df32253fbe6cb3c62008bb31b24026340d876e35506e

Sharing

Copy URL Twitter E-mail

General

Target

911f403955dc1ddd5246df32253fbe6cb3c62008bb31b24026340d876e35506e
Size

596KB
MD5

0d43a27f1d1d87d3368a22ba9eec98f0
SHA1

f06aca147ec4e2660ffa5e23e6dff52d97f96f17
SHA256

911f403955dc1ddd5246df32253fbe6cb3c62008bb31b24026340d876e35506e
SHA512

488c52ffd78da0f224bace4b1b3d8bb888dfb05667c82c904f506b0feecf7bdab5bc92984c0215264e477fefe7aa476cb4b6cd3f4a916f75d6be051e8813ab83
SSDEEP

12288:BqFSWagVSBDHRjvCf+oXFVu6IJSgFrwXTRrslr9oA6cvWic:BYBMBDxrCf+0u6IJSoWNrs19owjc

Score

N/A

Malware Config

Signatures

Files

911f403955dc1ddd5246df32253fbe6cb3c62008bb31b24026340d876e35506e
.exe windows x86

18e90e5f57c213fcd032c04821058d65

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

shimeng

SE_IsShimDll
SE_InstallBeforeInit

kernel32

CreateNamedPipeA
GetModuleHandleA
QueryDosDeviceA
ReplaceFileA
FormatMessageA
FileTimeToSystemTime
GetProcAddress
CreateSemaphoreA
GetEnvironmentVariableA
FoldStringW
CopyFileA
GetComputerNameA
GetSystemInfo
SetVolumeLabelA
lstrcpynA
CreateTimerQueue
FindResourceA
SetCurrentDirectoryA
HeapValidate
GetDiskFreeSpaceA
CreateEventW

cabinet

Extract
FCIAddFile

shlwapi

PathCommonPrefixA
UrlCompareA
UrlEscapeA
UrlCombineA
PathCompactPathA
UrlHashA
UrlGetPartA
UrlCreateFromPathA
PathCombineA
UrlCanonicalizeA
UrlIsNoHistoryA
UrlIsA

onex

OneXInitialize
OneXAddTLV
OneXFreeMemory
OneXCopyAuthParams

wtsapi32

WTSVirtualChannelWrite
WTSQueryUserToken
WTSUnRegisterSessionNotification
WTSFreeMemory
WTSVirtualChannelRead
WTSVirtualChannelOpen
WTSQueryUserConfigA
WTSEnumerateSessionsA
WTSRegisterSessionNotification
WTSWaitSystemEvent
WTSSendMessageA
WTSSetUserConfigA
WTSQuerySessionInformationA
WTSOpenServerA
WTSCloseServer
WTSEnumerateServersA

crypt32

CertDuplicateCRLContext
CertFindExtension
CertDeleteCRLFromStore
CryptFindOIDInfo
CertFreeCRLContext
CertDuplicateStore
CertCloseStore
CryptEnumOIDInfo
CertFindAttribute
CertFindCRLInStore
CertFindChainInStore
CertOpenStore
CertSaveStore
CertControlStore
CertCompareCertificate
CertNameToStrA

msimg32

DllInitialize
TransparentBlt
vSetDdrawflag
AlphaBlend
GradientFill

Sections

.text
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 478KB - Virtual size: 478KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

18e90e5f57c213fcd032c04821058d65

Headers

File Characteristics

Imports

shimeng

kernel32

cabinet

shlwapi

onex

wtsapi32

crypt32

msimg32

Sections

.text Size: 29KB - Virtual size: 29KB

.rdata Size: 478KB - Virtual size: 478KB

.data Size: 80KB - Virtual size: 80KB

.text
Size: 29KB - Virtual size: 29KB

.rdata
Size: 478KB - Virtual size: 478KB

.data
Size: 80KB - Virtual size: 80KB