f62aec9371b3f9ec9a014d30b65b82862fd68fe355fbe288e66b1edfbac82137

Sharing

Copy URL Twitter E-mail

General

Target

f62aec9371b3f9ec9a014d30b65b82862fd68fe355fbe288e66b1edfbac82137
Size

482KB
MD5

2315b7b758b2755c862dcfc04b7ca100
SHA1

db50f50b2b8f15b6d5d197d0872729175279bd1c
SHA256

f62aec9371b3f9ec9a014d30b65b82862fd68fe355fbe288e66b1edfbac82137
SHA512

930584879fe768ff26002811173369e3e06f6d66e5590be0b3e2332186cff065ac3018a8b833cc0c95de8f1d79c732d772d7ef0deba57df43e3a684042c648ba
SSDEEP

12288:Ff6F5OLpdNIrd4Ds5OLpdNIrd4DEF1DPd:Ff6TmXIrdFmXIrdZl

Score

N/A

Malware Config

Signatures

Files

f62aec9371b3f9ec9a014d30b65b82862fd68fe355fbe288e66b1edfbac82137
.exe windows x86

4118834ae1918861b0f28d700aa947a8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExW
RegDeleteValueW
AllocateAndInitializeSid
FreeSid
CheckTokenMembership
RegCloseKey
RegSetValueExW
RegCreateKeyW
RegSetValueExA
RegQueryValueExA
RegQueryValueExW
RegDeleteKeyW
RegCreateKeyA
RegOpenKeyExA
RegEnumValueW
RegOpenKeyExW
CopySid
EqualSid
InitializeSecurityDescriptor
ConvertStringSidToSidW
SetSecurityDescriptorDacl
SetEntriesInAclW
CreateWellKnownSid
GetTraceEnableFlags
GetTraceLoggerHandle
TraceEvent
UnregisterTraceGuids
GetTraceEnableLevel
RegisterTraceGuidsW
GetKernelObjectSecurity
GetTokenInformation
OpenProcessToken
InitializeAcl
SetSecurityInfo
IsValidSid
GetSecurityDescriptorSacl
GetLengthSid
AddMandatoryAce
RegOverridePredefKey
RegOpenCurrentUser
GetSidSubAuthority
GetSidSubAuthorityCount
GetAce

kernel32

lstrcmpiA
GetProcAddress
EnterCriticalSection
SetFileAttributesA
GetExitCodeThread
lstrcmpiW
DeleteCriticalSection
DuplicateHandle
CloseHandle
DeleteFileW
DeleteFileA
CreateThread
lstrcmpA
CreateDirectoryExA
WideCharToMultiByte
CopyFileW
GetFileAttributesA
MultiByteToWideChar
lstrlenW
RemoveDirectoryA
FindClose
LocalAlloc
FindNextFileA
GetTempPathA
GetCurrentProcess
InterlockedCompareExchange
SetEvent
CreateEventW
HeapSetInformation
GetVersionExA
HeapAlloc
InterlockedIncrement
InterlockedDecrement
HeapFree
CreateFileW
GetFileAttributesW
LeaveCriticalSection
LoadLibraryW
OpenProcess
FindFirstFileA
InitializeCriticalSection
GetModuleFileNameW
DeactivateActCtx
ActivateActCtx
ReleaseActCtx
CreateActCtxW
SetLastError
ResumeThread
SuspendThread
VirtualProtect
VirtualAlloc
FlushInstructionCache
WaitForSingleObject
GetModuleHandleW
VirtualFree
VirtualQuery
SetThreadContext
GetThreadContext
GetCurrentThread
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetProcessHeap
InterlockedExchange
GetLastError
SetProcessShutdownParameters
lstrlenA
FreeLibrary
CreateProcessW
LoadLibraryExW
GetModuleHandleA
SetUnhandledExceptionFilter
GetStartupInfoW
Sleep
LocalFree

user32

LoadStringW
CharNextW
PostQuitMessage

msvcrt

memset
wcstok
__wgetmainargs
_cexit
_XcptFilter
exit
_wcmdln
_initterm
memcpy_s
_amsg_exit
__setusermatherr
__p__commode
_wcsnicmp
_vsnprintf
_vsnwprintf
wcsrchr
__p__fmode
__set_app_type
_unlock
__dllonexit
_lock
_onexit
?terminate@@YAXXZ
_except_handler4_common
_controlfp
_exit

psapi

GetModuleBaseNameW

ole32

CoRevokeClassObject
CoRegisterClassObject
CoCreateInstance
CoUninitialize
CoInitialize
CoRevertToSelf
CoTaskMemFree
CoImpersonateClient
CoTaskMemAlloc
CoGetCallContext
StringFromGUID2
CoInitializeSecurity
CoInitializeEx

oleaut32

RegisterTypeLi
UnRegisterTypeLi
RegisterTypeLibForUser
SysFreeString
SysStringLen
SysAllocString
UnRegisterTypeLibForUser

rpcrt4

RpcStringFreeW
UuidToStringW
UuidCreate

urlmon

CompatFlagsFromClsid
CoInternetSetFeatureEnabled
CoInternetCreateSecurityManager
ord107
Extract

wintrust

CryptCATAdminAddCatalog
CryptCATAdminReleaseContext
CryptCATAdminAcquireContext
CryptCATAdminReleaseCatalogContext

iertutil

ord658
ord650
ord201
ord200

ntdll

NtFreeVirtualMemory

Sections

.text
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 404KB - Virtual size: 403KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4118834ae1918861b0f28d700aa947a8

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

msvcrt

psapi

ole32

oleaut32

rpcrt4

urlmon

wintrust

iertutil

ntdll

Sections

.text Size: 43KB - Virtual size: 43KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 404KB - Virtual size: 403KB

.reloc Size: 33KB - Virtual size: 34KB

.text
Size: 43KB - Virtual size: 43KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 404KB - Virtual size: 403KB

.reloc
Size: 33KB - Virtual size: 34KB