30595a3390f0e4343a7cf9c4a1008801b6a81efc2b2b0c81d2bd99cea88d84fe

General

Target

30595a3390f0e4343a7cf9c4a1008801b6a81efc2b2b0c81d2bd99cea88d84fe
Size

59KB
MD5

e6f4e7ed3dca7431f6473922e9ab7d44
SHA1

ee176e62969c67b90a00168f718ae37d43d64ad0
SHA256

30595a3390f0e4343a7cf9c4a1008801b6a81efc2b2b0c81d2bd99cea88d84fe
SHA512

be5307cae0140db08258ddb2b1424572ff460e7f7b628f71419f6f9a674b1639212766aced36fbfde720c8ffded6a28ea764b7bc42f3a47154397db6b6e46c2e
SSDEEP

768:PnSlnv79S1szyJvQ7nFehWinLzb9qgy45ie/eViNMaW:onvX+CFQhzbZike8NM

Score

N/A

Malware Config

Signatures

Files

30595a3390f0e4343a7cf9c4a1008801b6a81efc2b2b0c81d2bd99cea88d84fe
.exe windows x86

e2a708c929ecc38cd241c34212bc7717

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
GetModuleHandleA
GetTickCount
GetProcessHeap
MoveFileW
GetProcAddress
HeapValidate
CreateNamedPipeA
ReadConsoleA
SetCurrentDirectoryA
CreateDirectoryA
GetCurrentProcess
GetShortPathNameA
CompareStringA
GetAtomNameA
GetDiskFreeSpaceW
GetDateFormatA
lstrcpynW
DeviceIoControl
lstrcmpiA
UpdateResourceA
ReadFile
GetStringTypeA
GetVolumePathNameW
lstrcmpA
GetPrivateProfileIntA
SetFilePointer
GetFullPathNameA
FindResourceW
GetTimeFormatA
SetFileAttributesA
VirtualQueryEx
GetSystemInfo
GetProcessTimes
FileTimeToLocalFileTime
OpenFileMappingW
GetComputerNameA

onex

OneXFreeMemory
OneXInitialize

advapi32

RegFlushKey
ClearEventLogA
InitializeSid
IsValidSid
IsTextUnicode
RegOpenKeyExA
RegCloseKey
RegDeleteValueA
CreateServiceA
RegQueryValueA
RegEnumValueA
RegSaveKeyA
OpenServiceA
IsValidSecurityDescriptor

ctl3d32

Ctl3dUnregister
Ctl3dGetVer
Ctl3dRegister
Ctl3dCtlColor

wtsapi32

WTSQueryUserToken
WTSUnRegisterSessionNotification
WTSEnumerateSessionsW
WTSSendMessageA
WTSSetSessionInformationA
WTSVirtualChannelQuery
WTSEnumerateServersA
WTSSetUserConfigW
WTSLogoffSession
WTSVirtualChannelClose
WTSFreeMemory
WTSEnumerateProcessesA

certcli

CACloseCA
CAEnumNextCA

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e2a708c929ecc38cd241c34212bc7717

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

onex

advapi32

ctl3d32

wtsapi32

certcli

Sections

.text Size: 19KB - Virtual size: 18KB

.data Size: 23KB - Virtual size: 22KB

.rsrc Size: 16KB - Virtual size: 15KB

.text
Size: 19KB - Virtual size: 18KB

.data
Size: 23KB - Virtual size: 22KB

.rsrc
Size: 16KB - Virtual size: 15KB