5c6d7df1dde0de156dd24d47c754a0d06aa2bc0d829d77050947e7b1d045d707

Sharing

Copy URL

Twitter E-mail

General

Target

5c6d7df1dde0de156dd24d47c754a0d06aa2bc0d829d77050947e7b1d045d707
Size

32KB
MD5

c4138d5074551d31733cd228a7393c30
SHA1

2163551a12a13f03cf659d4162d22fd07a65f480
SHA256

5c6d7df1dde0de156dd24d47c754a0d06aa2bc0d829d77050947e7b1d045d707
SHA512

488f0888722d4b7b11e45bbdadc49bdfa7775114f1e9199f2ffa7cade318c2d23facf3317af68c4206da1c8adef121966b8baf790a4aaef671901d9144fd391a
SSDEEP

384:p8ld4fp1pUDJVexjgmaJMgUHdpisBUrtd3FDhdrtjWPZP:p8l+fpK74tcMPrB+td3bs

Score

N/A

Malware Config

Signatures

Files

5c6d7df1dde0de156dd24d47c754a0d06aa2bc0d829d77050947e7b1d045d707
.exe windows x86

2b052a0a20da475d2d00e49386106aee

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wtsapi32

WTSVirtualChannelPurgeInput
WTSEnumerateServersA
WTSSendMessageA
WTSSetUserConfigA
WTSEnumerateSessionsA
WTSSetSessionInformationA
WTSQuerySessionInformationA
WTSVirtualChannelOpen
WTSLogoffSession
WTSVirtualChannelRead
WTSVirtualChannelWrite
WTSEnumerateProcessesA
WTSWaitSystemEvent
WTSQueryUserToken

crypt32

CertAddStoreToCollection
CertFindAttribute
CertDuplicateCRLContext
CertCreateCRLContext
CertCreateContext
CertDuplicateStore
CertSaveStore
CertFreeCRLContext
CertAlgIdToOID
CertGetNameStringA
CertFindCRLInStore
CryptEnumOIDInfo
CertControlStore

kernel32

SetErrorMode
CompareStringW
GetModuleHandleW
TlsGetValue
lstrcmpA
GetProcAddress
GetDiskFreeSpaceA
QueryDosDeviceA
FindFirstVolumeW
SetEnvironmentVariableW
GetPrivateProfileSectionA
DeleteFileA
FoldStringW
CreateEventW
InterlockedDecrement
GetVolumePathNameA
FindNextVolumeW
GetDriveTypeA
GetEnvironmentVariableW
DeviceIoControl
GetShortPathNameA
GetLocalTime
GetLocaleInfoA
GetPrivateProfileSectionA
WriteConsoleA
WaitForSingleObject
FileTimeToSystemTime
SetEnvironmentVariableA
lstrcpynW
ReplaceFileA
GetPrivateProfileSectionA
CopyFileW
SearchPathA
CreateSemaphoreW
GetCurrentProcess
GetPrivateProfileSectionA
IsValidCodePage
GetPrivateProfileSectionA
FindFirstFileA
CreateHardLinkA
GetCurrentDirectoryW
HeapAlloc

user32

SetFocus
EnumDesktopsA
wsprintfA
SetCursorPos
LoadImageA
GetMessageW
DialogBoxParamW
DrawTextA
DispatchMessageA
PostMessageW
CharToOemA
LoadCursorA

clbcatq

ComPlusMigrate
DowngradeAPL
CoRegCleanup
SetSetupOpen

dbnmpntw

ConnectionVer
ConnectionError
ConnectionRead

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2b052a0a20da475d2d00e49386106aee

Headers

File Characteristics

Imports

wtsapi32

crypt32

kernel32

user32

clbcatq

dbnmpntw

Sections

.text Size: 11KB - Virtual size: 10KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 7KB - Virtual size: 6KB

.rsrc Size: 10KB - Virtual size: 10KB

.text
Size: 11KB - Virtual size: 10KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 10KB - Virtual size: 10KB