4a8690147be7bbdd8e1dcb3e7a3621887aac98f97d9e60076473ee8eeee004f0

Sharing

Copy URL Twitter E-mail

General

Target

4a8690147be7bbdd8e1dcb3e7a3621887aac98f97d9e60076473ee8eeee004f0
Size

411KB
MD5

44c44de9721ed3deefb0a555d51589e0
SHA1

01ab744cfd14c31df1d5389ee64c9d553eee689d
SHA256

4a8690147be7bbdd8e1dcb3e7a3621887aac98f97d9e60076473ee8eeee004f0
SHA512

c79ad57a7765e73da76977707123dce4bb373632ceef7d7f2e8edb3c61be8e281df94dcef551fccd8e6542354b6a72c2c0da8d15a6cd2e7cf9a0b0e07e5c2548
SSDEEP

6144:O9NZ52eNOLSU3v9gFELVwElrcqxyT7PZt9rJTS19na1osZ+tjv:O9jfgXG8VwimpJT89na5+d

Score

N/A

Malware Config

Signatures

Files

4a8690147be7bbdd8e1dcb3e7a3621887aac98f97d9e60076473ee8eeee004f0
.exe windows x86

2c5127ba4c69819889560c45e0a673a3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CryptMsgControl
CertFindCRLInStore
CryptFindLocalizedName
CryptEnumOIDFunction
CertCompareIntegerBlob
CryptEncodeObjectEx
CertCreateCertificateContext
CryptGetDefaultOIDFunctionAddress
CertUnregisterPhysicalStore

wmi

WmiExecuteMethodA
WmiQueryAllDataA
WmiNotificationRegistrationW
WmiQueryAllDataW
RegisterTraceGuidsA
WmiDevInstToInstanceNameW
StartTraceA
WmiFileHandleToInstanceNameW
WmiOpenBlock
SetTraceCallback
WmiQuerySingleInstanceA
WmiSetSingleItemW
WmiFileHandleToInstanceNameA
WmiSetSingleInstanceA
WmiMofEnumerateResourcesA
ControlTraceA
WmiDevInstToInstanceNameA
EnableTrace
GetTraceLoggerHandle

powrprof

MergeLegacyPwrScheme
GetPwrCapabilities
GetCurrentPowerPolicies
IsAdminOverrideActive
ReadProcessorPwrScheme
GetPwrDiskSpindownRange
IsPwrShutdownAllowed
LoadCurrentPwrScheme
SetActivePwrScheme
WriteGlobalPwrPolicy
ReadGlobalPwrPolicy
ReadPwrScheme
GetActivePwrScheme
CallNtPowerInformation
IsPwrHibernateAllowed
WritePwrScheme
IsPwrSuspendAllowed
CanUserWritePwrScheme
WriteProcessorPwrScheme
ValidatePowerPolicies
EnumPwrSchemes
DeletePwrScheme
SetSuspendState

kernel32

VerLanguageNameA
QueryDosDeviceW
GetConsoleAliasExesW
OpenWaitableTimerW
IsProcessInJob
SetThreadExecutionState
ReadFile
GetConsoleAliasW
GetVolumePathNamesForVolumeNameA
GetProcessShutdownParameters
ReadConsoleInputW
HeapCreate
WaitForSingleObjectEx
LoadLibraryA
FindFirstVolumeA
GetStartupInfoA
BackupRead

ddraw

D3DParseUnknownCommand
CompleteCreateSysmemSurface
DllGetClassObject
DDInternalLock
DSoundHelp
DDInternalUnlock
ReleaseDDThreadLock
DirectDrawCreate
DDGetAttachedSurfaceLcl
DirectDrawEnumerateA
DirectDrawEnumerateW
GetSurfaceFromDC
AcquireDDThreadLock
DirectDrawCreateEx
DirectDrawEnumerateExW
DllCanUnloadNow
GetOLEThunkData
GetDDSurfaceLocal
DirectDrawCreateClipper
DirectDrawEnumerateExA
RegisterSpecialCase

wldap32

ldap_cleanup
ldap_initW
ldap_value_freeW
ldap_modify_ext_s
ldap_rename_extA
ldap_init
ber_peek_tag
ldap_modifyW
ldap_searchA
ldap_extended_operation_sA
ldap_set_dbg_routine
ldap_sslinitA
ldap_modrdn2_s
ldap_compare
ldap_control_free
ber_free
ldap_close_extended_op

Sections

.text
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 167KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 107KB - Virtual size: 522KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 852B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2c5127ba4c69819889560c45e0a673a3

Headers

DLL Characteristics

File Characteristics

Imports

crypt32

wmi

powrprof

kernel32

ddraw

wldap32

Sections

.text Size: 117KB - Virtual size: 117KB

.rdata Size: 167KB - Virtual size: 166KB

.data Size: 107KB - Virtual size: 522KB

.rsrc Size: 17KB - Virtual size: 17KB

.reloc Size: 1024B - Virtual size: 852B

.text
Size: 117KB - Virtual size: 117KB

.rdata
Size: 167KB - Virtual size: 166KB

.data
Size: 107KB - Virtual size: 522KB

.rsrc
Size: 17KB - Virtual size: 17KB

.reloc
Size: 1024B - Virtual size: 852B