332615b83e700ca5c615850b5b129cdf4e2f764893b2bf21a67cb7d873c2742e

Sharing

Copy URL Twitter E-mail

General

Target

332615b83e700ca5c615850b5b129cdf4e2f764893b2bf21a67cb7d873c2742e
Size

542KB
MD5

27366c50c7099577d223fcd45e2e7734
SHA1

f1564da994f4dc275fc45e30935d1293e0cef91b
SHA256

332615b83e700ca5c615850b5b129cdf4e2f764893b2bf21a67cb7d873c2742e
SHA512

53d76d8dd3602ab9ca8c747553380c1ad3a04502b1dac32b155ecce4d9af1b6f727a04eff477ab5702b1e2d270982d19a4719e04bc9a19c44ff1842da3f45c9c
SSDEEP

12288:LD2JGKX8OEMZ5Wkg4VJwrVgrk3kIvas8rcz+U+N16Eat/Fr968UtfHF/vs4:LD3Q1ZHHkgrk3LKcKStR9+fHF3

Score

N/A

Malware Config

Signatures

Files

332615b83e700ca5c615850b5b129cdf4e2f764893b2bf21a67cb7d873c2742e
.exe windows x64

c1c4d71a5d79034ef29c61d1b3f74e98

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

EncryptedFileKeyInfo
AddUsersToEncryptedFile
CryptAcquireContextW
FlushEfsCache
DecryptFileW
CryptReleaseContext
RegQueryValueExW
LookupAccountSidW
QueryRecoveryAgentsOnEncryptedFile
RegOpenKeyExW
CryptDestroyKey
SetUserFileEncryptionKey
AddUsersToEncryptedFileEx
FreeEncryptedFileKeyInfo
FreeEncryptionCertificateHashList
QueryUsersOnEncryptedFile
CryptGetUserKey
EncryptFileW
RegCloseKey
RemoveUsersFromEncryptedFile

kernel32

GetTempFileNameW
FindFirstFileW
FindVolumeClose
SetFilePointer
GetDriveTypeW
SetEndOfFile
SetErrorMode
VerSetConditionMask
CreateDirectoryW
GetComputerNameW
VirtualFree
ReadConsoleW
GetLastError
FindNextVolumeW
SetConsoleMode
GetFileAttributesW
CreateFileW
lstrcmpW
FlushFileBuffers
VerifyVersionInfoW
GetCurrentDirectoryW
SetLastError
GetFullPathNameW
GetDiskFreeSpaceW
FindClose
SetCurrentDirectoryW
RemoveDirectoryW
QueryDosDeviceW
DeviceIoControl
HeapSetInformation
FindNextFileW
GetDiskFreeSpaceExW
CloseHandle
FindFirstVolumeW
GetVolumeNameForVolumeMountPointW
GetVolumeInformationW
FreeLibrary
LoadLibraryExA
DelayLoadFailureHook
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep
LocalFree
GetFileType
VirtualAlloc
GetProcAddress
GetStdHandle
lstrlenW
WriteConsoleW
FormatMessageW
GetConsoleMode
WideCharToMultiByte
WriteFile
GetProcessHeap
GetModuleHandleW
HeapFree
HeapAlloc
GetVolumePathNameW
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter

msvcrt

_amsg_exit
_initterm
exit
_cexit
_exit
_XcptFilter
__C_specific_handler
__wgetmainargs
getchar
__setusermatherr
_fmode
__set_app_type
?terminate@@YAXXZ
memset
_commode
towupper
_putws
_iob
printf
fgetws
_wcsnicmp
_get_osfhandle
_vsnwprintf
_wcsicmp
wcschr
memcpy

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlNtStatusToDosError
RtlCaptureContext

rpcrt4

UuidCreate
RpcStringFreeW
UuidToStringW

user32

MessageBoxW

ntdsapi

DsCrackNamesW
DsFreeNameResultW
DsUnBindW
DsBindW

crypt32

CertOpenStore
CertGetEnhancedKeyUsage
CertFreeCertificateContext
CertAddCertificateContextToStore
CertFindCertificateInStore
CertCloseStore
CertGetCertificateContextProperty
CertEnumCertificatesInStore
CryptStringToBinaryW
PFXExportCertStoreEx
CryptQueryObject

bcrypt

BCryptGenerateSymmetricKey
BCryptCloseAlgorithmProvider
BCryptDestroyKey
BCryptOpenAlgorithmProvider
BCryptGenRandom
BCryptGetProperty
BCryptEncrypt

netapi32

DsRoleFreeMemory
DsRoleGetPrimaryDomainInformation

efsutil

EfsUtilGetCurrentUserInformation
EfsUtilCreateSelfSignedCertificate
EfsUtilGetSmartcardProviderName

Sections

.text
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 190B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vmp0
Size: 500KB - Virtual size: 1.8MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c1c4d71a5d79034ef29c61d1b3f74e98

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

ntdll

rpcrt4

user32

ntdsapi

crypt32

bcrypt

netapi32

efsutil

Sections

.text Size: 37KB - Virtual size: 36KB

.data Size: 512B - Virtual size: 10KB

.pdata Size: 1024B - Virtual size: 912B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 190B

.vmp0 Size: 500KB - Virtual size: 1.8MB

.text
Size: 37KB - Virtual size: 36KB

.data
Size: 512B - Virtual size: 10KB

.pdata
Size: 1024B - Virtual size: 912B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 190B

.vmp0
Size: 500KB - Virtual size: 1.8MB