b5869289a1f181d395efb68d69388850c70dc70c53272c502c711fb711f96c2b

Sharing

Copy URL Twitter E-mail

General

Target

b5869289a1f181d395efb68d69388850c70dc70c53272c502c711fb711f96c2b
Size

1.7MB
MD5

9373bb8b1fc3a9cc4bb13ac4c5ea62fe
SHA1

220200a3c821f9c1dfd3cecf2bdc6582cea1c5c7
SHA256

b5869289a1f181d395efb68d69388850c70dc70c53272c502c711fb711f96c2b
SHA512

e679b32523d7da9a9d187ecb3561c2ed481a470a419db4fd593718cde22e2a7dda80507d122c942bea953c9c155ad0d206593e7dc4f631deb9c9c5e3ee6cdb46
SSDEEP

24576:Ak09KENsRwkpF4DVgBWwNmoFUW9+0OHMPsrp5T3LKftC2ZNhqFzsK37v9O9pkiAG:YK7Rnpb92mr832t9ZGFzs8VOzkvX

Score

N/A

Malware Config

Signatures

Files

b5869289a1f181d395efb68d69388850c70dc70c53272c502c711fb711f96c2b
.exe windows x86

bf8c1edec036387e0256ccdfb43dd239

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetPrivateProfileIntA
GetComputerNameA
lstrcmpiA
GetLongPathNameA
CloseHandle
GetShortPathNameW
GetConsoleTitleA
CreateDirectoryA
GetAtomNameA
ReadConsoleA
GetFullPathNameW
HeapValidate
GetFullPathNameA
GetPrivateProfileSectionA
SetCurrentDirectoryW
TlsGetValue
FormatMessageA
WriteConsoleA
GetSystemTimeAsFileTime
QueryDosDeviceW
lstrcmpiA
GetModuleHandleA
FindResourceA
GetEnvironmentVariableA
GetCurrentDirectoryA
GetStringTypeA
GetDateFormatA
HeapCreate
GetProcessHeap
GetNumberFormatW
GetConsoleAliasW
SetEnvironmentVariableW
CompareStringA
GetCommandLineA
WaitForSingleObject
GetTickCount
UpdateResourceA
CreateFileA
GetProcessId
GetTimeFormatA

wtsapi32

WTSFreeMemory
WTSRegisterSessionNotification
WTSVirtualChannelPurgeInput
WTSEnumerateSessionsW
WTSEnumerateProcessesA
WTSOpenServerW
WTSUnRegisterSessionNotification
WTSQueryUserToken
WTSWaitSystemEvent
WTSVirtualChannelWrite
WTSSetSessionInformationW
WTSSendMessageA
WTSVirtualChannelRead
WTSSetUserConfigW
WTSVirtualChannelQuery
WTSEnumerateServersA
WTSQuerySessionInformationA

advapi32

InitializeSid
RegCloseKey
CreateProcessAsUserA
RegOpenKeyExA
CreateServiceA
ClearEventLogA
RegEnumValueA
IsValidSecurityDescriptor
RegFlushKey
IsValidAcl
ControlService

certcli

CAEnumNextCA
CACloseCertType
CACloseCA
CADeleteCA
CAEnumFirstCA

dhcpcsvc

McastGenUID
McastApiStartup

user32

CharToOemA
IsDialogMessageA
IsWindow
DrawIcon
GetMessageA
GetWindowLongA
GetWindowTextA
LoadCursorA
GetPropA
DialogBoxParamA
wsprintfA
IsCharLowerW
PeekMessageA
EnableWindow
IsWindowVisible
SetCursorPos
IsChild

msimg32

TransparentBlt
vSetDdrawflag
DllInitialize
GradientFill

Sections

.text
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bf8c1edec036387e0256ccdfb43dd239

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

wtsapi32

advapi32

certcli

dhcpcsvc

user32

msimg32

Sections

.text Size: 83KB - Virtual size: 83KB

.data Size: 1.6MB - Virtual size: 1.6MB

.rsrc Size: 26KB - Virtual size: 25KB

.text
Size: 83KB - Virtual size: 83KB

.data
Size: 1.6MB - Virtual size: 1.6MB

.rsrc
Size: 26KB - Virtual size: 25KB