41d920a2661fc7c05b5343679101c87a9dd550665d6a35d85ee93acd7fda4013

Sharing

Copy URL

Twitter E-mail

General

Target

41d920a2661fc7c05b5343679101c87a9dd550665d6a35d85ee93acd7fda4013
Size

594KB
MD5

abbc30d27d267e43ca2f97096271bd63
SHA1

e4755d82bb05d559fb32095836a70a64617c7a9e
SHA256

41d920a2661fc7c05b5343679101c87a9dd550665d6a35d85ee93acd7fda4013
SHA512

e9bc27635d49e20a948e122283c24dd8c04cb9251efa1bd663680d0326245503382fe0b98ea77c62e1f5fdcd06e33efa861927fe6a995e3e56e60b5887fbccce
SSDEEP

12288:0gEFDkRRRRRRRVEpWeoCsstcIStWP/mQkpZkBR62X3tId:h2POs+I9/mQid

Score

N/A

Malware Config

Signatures

Files

41d920a2661fc7c05b5343679101c87a9dd550665d6a35d85ee93acd7fda4013
.exe windows x86

392d754973201e39c00ec173235c473f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

azroles

AzGetProperty
AzCloseHandle

crypt32

CertAlgIdToOID
CertDuplicateStore
CertOpenStore
CertAddStoreToCollection
CertFindAttribute
CertCreateContext
CertSaveStore
CryptFindOIDInfo
CertFindExtension
CertGetNameStringA
CertDuplicateCRLContext
CertFindChainInStore
CertNameToStrA
CryptEnumOIDInfo
CertCloseStore
CertCompareCertificate

shlwapi

UrlGetPartA
PathCommonPrefixA
UrlCompareA
UrlCombineA
UrlIsOpaqueA
UrlIsNoHistoryA
UrlEscapeA
UrlCanonicalizeA
UrlGetLocationA
PathCompactPathA

user32

PeekMessageA
DialogBoxParamA
GetCaretPos
DrawIcon
CharToOemA
PostMessageA
IsZoomed
IsWindow
LoadCursorA
SetCursorPos
IsCharLowerW
GetWindowTextA
GetMessageW

wtsapi32

WTSWaitSystemEvent
WTSEnumerateSessionsA
WTSOpenServerA
WTSVirtualChannelPurgeInput
WTSQueryUserToken
WTSRegisterSessionNotification
WTSQuerySessionInformationA
WTSUnRegisterSessionNotification
WTSLogoffSession
WTSFreeMemory
WTSVirtualChannelRead
WTSVirtualChannelClose
WTSSetSessionInformationA
WTSSendMessageA

kernel32

GetEnvironmentVariableW
GetTickCount
CreateSemaphoreA
GetFileType
CopyFileA
CreateEventW
GetCurrentProcess
SetStdHandle
GetVersionExA
GetProcessHeap
TlsGetValue
OpenMutexA
lstrcmpiA
lstrcmpiA
GetComputerNameW
CreateNamedPipeW
GetLocaleInfoA
GetModuleHandleA
GetDiskFreeSpaceA
GetBinaryTypeW
VirtualQuery
GetCurrentDirectoryW
SetCurrentDirectoryA
InterlockedExchange
GetShortPathNameA
GetProcAddress
FormatMessageA
GetAtomNameW
DeleteFileA
lstrcmpA
GetLocalTime
lstrcpynA
GetLastError
GetFullPathNameA
GetStringTypeA
FindResourceA
CompareStringA
ResetEvent

certcli

CAEnumNextCA
CACloseCA

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 561KB - Virtual size: 792KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

392d754973201e39c00ec173235c473f

Headers

File Characteristics

Imports

azroles

crypt32

shlwapi

user32

wtsapi32

kernel32

certcli

Sections

.text Size: 25KB - Virtual size: 25KB

.data Size: 4KB - Virtual size: 8KB

.rsrc Size: 561KB - Virtual size: 792KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 25KB - Virtual size: 25KB

.data
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 561KB - Virtual size: 792KB

.reloc
Size: 2KB - Virtual size: 2KB