0fc272ed408fc024c923720255adbc09bc7d65b36dd394b5cdcde28a3dc00669

Sharing

Copy URL

Twitter E-mail

General

Target

0fc272ed408fc024c923720255adbc09bc7d65b36dd394b5cdcde28a3dc00669
Size

639KB
MD5

d0a0d732c809b80ec484eed21deaf4b1
SHA1

4326d73c464a66449b63285b154eeaa0fd11e434
SHA256

0fc272ed408fc024c923720255adbc09bc7d65b36dd394b5cdcde28a3dc00669
SHA512

248fb2f096b65fd59ec0cf1d21764bca4adc8444a5dcb3f80b994d52027bcda3792dd9a7ddb0d913b7cd99d06530c2de952b9653a4640a2f05618735fab4b6b9
SSDEEP

12288:N+10uE0m6Rj79k91QCM8TR06R0zu+E7PQIAO5DNT8g9bOtwnU:E1+0mYf9ii097wo7lAO5DN4g9gwU

Score

N/A

Malware Config

Signatures

Files

0fc272ed408fc024c923720255adbc09bc7d65b36dd394b5cdcde28a3dc00669
.exe windows x86

45af779786c88e32b55be8933f04a215

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetProcessTimes
SetEndOfFile
GetProcessHeap
FileTimeToSystemTime
ReplaceFileA
FileTimeToLocalFileTime
FoldStringW
lstrcmpA
GetShortPathNameA
GetSystemInfo
GetFileSize
InterlockedExchange
GetEnvironmentVariableA
CreateTimerQueue
CreatePipe
HeapValidate
GetVolumePathNameW
TlsGetValue
GetDiskFreeSpaceA
lstrcmpiA
GetProcAddress
SetVolumeLabelA
GetAtomNameA
SetCurrentDirectoryA
GetModuleHandleA
PurgeComm
FindResourceA
SetFileAttributesA
lstrcpynA
CreateEventW
GetFullPathNameA
CompareStringA
FormatMessageA

acledit

EditPermissionInfo
EditOwnerInfo
SedSystemAclEditor
EditAuditInfo

user32

IsDialogMessageA
DispatchMessageA
DrawIcon
GetWindowLongA
IsWindow
SetCursorPos
SetFocus
wsprintfA
GetWindowTextA
PeekMessageA
CharToOemA
IsZoomed
GetMessageA
LoadImageA
GetCaretPos
CreateWindowExA

msimg32

TransparentBlt
AlphaBlend
DllInitialize

cabinet

FDIIsCabinet
FCIAddFile
FCICreate
Extract
FCIDestroy

shimeng

SE_ProcessDying
SE_InstallAfterInit

crypt32

CryptFindOIDInfo
CertDuplicateCRLContext
CertCloseStore
CertCreateContext
CertFindCRLInStore
CertDuplicateStore
CertCompareCertificate
CertFindExtension
CertAlgIdToOID
CertCreateCRLContext
CertFindChainInStore
CertSaveStore
CertDeleteCRLFromStore
CertControlStore

wtsapi32

WTSVirtualChannelClose
WTSWaitSystemEvent
WTSOpenServerA
WTSVirtualChannelPurgeInput
WTSQueryUserToken
WTSEnumerateSessionsA
WTSVirtualChannelWrite
WTSLogoffSession
WTSRegisterSessionNotification
WTSSetUserConfigA

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 543KB - Virtual size: 543KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

45af779786c88e32b55be8933f04a215

Headers

File Characteristics

Imports

kernel32

acledit

user32

msimg32

cabinet

shimeng

crypt32

wtsapi32

Sections

.text Size: 26KB - Virtual size: 25KB

.rdata Size: 543KB - Virtual size: 543KB

.data Size: 4KB - Virtual size: 20KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 26KB - Virtual size: 25KB

.rdata
Size: 543KB - Virtual size: 543KB

.data
Size: 4KB - Virtual size: 20KB

.rsrc
Size: 512B - Virtual size: 4KB