efe1ac26144ed8b5008a22df61a3740b3ff1a819a6d34e264460d320fbcbb29c

Sharing

Copy URL Twitter E-mail

General

Target

efe1ac26144ed8b5008a22df61a3740b3ff1a819a6d34e264460d320fbcbb29c
Size

1.6MB
MD5

e12a6b7fac9fd44a98ce0458036b54eb
SHA1

fe75592f79ad3b399fa5d46a7c897f8ed8f7c0c7
SHA256

efe1ac26144ed8b5008a22df61a3740b3ff1a819a6d34e264460d320fbcbb29c
SHA512

c45402c8cba77a3c892be7e57d98e926fe71673cfd7a46f2a4c9ba198b2ed705127a7b9c3e548cb471b4bf1451d40f211e89984ed83c99142687827a47f4aad1
SSDEEP

24576:khs2RMeMZ/qQZLGnPSFrivQ2c9XM8Jei61Gg+3pKgltqr/A0u+6OI:D2RZY/qeLGnVYzcziMGjvYX

Score

N/A

Malware Config

Signatures

Files

efe1ac26144ed8b5008a22df61a3740b3ff1a819a6d34e264460d320fbcbb29c
.exe windows x86

f78b80040f71dc7cff387b68150cfbde

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathCombineA
UrlCompareA
UrlIsOpaqueA
UrlIsA
UrlGetLocationA
UrlIsNoHistoryW
UrlEscapeA
UrlCanonicalizeA
UrlCreateFromPathA
PathCommonPrefixA
UrlCombineA
UrlHashA
PathCompactPathA
UrlGetPartA

kernel32

CreateNamedPipeA
GetComputerNameA
GetPrivateProfileStructW
lstrcmpiA
GetPrivateProfileStructW
GetPrivateProfileStructW
GetLongPathNameA
HeapCreate
LoadLibraryA
GetSystemTimeAsFileTime
FindResourceA
GetCommandLineA
GetStringTypeA
WriteConsoleA
lstrcmpiA
UpdateResourceA
GetNumberFormatW
GetTickCount
GetShortPathNameW
GetProcessHeap
GetFullPathNameW
CloseHandle
SetCurrentDirectoryW
CreateFileA
WaitForSingleObject
TlsGetValue
lstrcpynA
QueryDosDeviceW
GetConsoleAliasW
GetEnvironmentVariableA
FormatMessageA
GetGeoInfoA
CreateDirectoryA
CompareStringA
GetVersionExA
ReadConsoleA

certcli

CACloseCertType
CACloseCA
CAEnumNextCA
CADeleteCA
CAEnumFirstCA

nddeapi

NDdeShareAddA
NDdeShareDelA

wtsapi32

WTSVirtualChannelPurgeInput
WTSVirtualChannelClose
WTSEnumerateSessionsW
WTSRegisterSessionNotification
WTSQueryUserToken
WTSLogoffSession
WTSSetSessionInformationW
WTSEnumerateServersA
WTSVirtualChannelQuery
WTSVirtualChannelRead
WTSSendMessageA
WTSEnumerateProcessesA
WTSOpenServerW
WTSSetUserConfigW

modemui

InvokeControlPanel
drvCommConfigDialogA
drvSetDefaultCommConfigA
drvGetDefaultCommConfigA

advapi32

RegFlushKey
RegCreateKeyA
RegQueryValueA
IsTextUnicode
CreateProcessAsUserA
RegSaveKeyA
IsValidAcl
CreateServiceA
RegEnumKeyA
IsValidSecurityDescriptor

user32

DrawIcon
DispatchMessageA
IsWindow
PeekMessageA
GetCaretPos
wsprintfA
LoadImageA
GetWindowLongA
GetPropA
IsZoomed
IsCharLowerW
GetMessageA
SetCursorPos
IsDialogMessageA
DialogBoxParamA
CreateWindowExA

Sections

.text
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f78b80040f71dc7cff387b68150cfbde

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

certcli

nddeapi

wtsapi32

modemui

advapi32

user32

Sections

.text Size: 81KB - Virtual size: 81KB

.data Size: 1.5MB - Virtual size: 1.5MB

.rsrc Size: 27KB - Virtual size: 26KB

.text
Size: 81KB - Virtual size: 81KB

.data
Size: 1.5MB - Virtual size: 1.5MB

.rsrc
Size: 27KB - Virtual size: 26KB