e70e4e2b8b32fe16a316c8c738e63fc57d10690d431c9f9146f0bd0ad5aaa5d3

Sharing

Copy URL Twitter E-mail

General

Target

e70e4e2b8b32fe16a316c8c738e63fc57d10690d431c9f9146f0bd0ad5aaa5d3
Size

439KB
MD5

fb69d984482765ed13ce73e6c41e2848
SHA1

fca842f4a12622eccf9b4a74d508cb459a968a66
SHA256

e70e4e2b8b32fe16a316c8c738e63fc57d10690d431c9f9146f0bd0ad5aaa5d3
SHA512

cad1368fad5ce3d8200a8cfd0cb1cc9bfe8c0fa5a79332328daf54d10b2c97d80b3a4a52d8a9ae0d1aff0c3a0015daf386f0311150e034ccacadfba8592d598a
SSDEEP

6144:5/IAL3rWWWRyrQV0io57lTt8IIOVbAWjil3wUhxOVJWb1cVLB8+eYPfe9h/7Xs+R:R/hWRysUTtbnjil5gjfW4Myxsf8O

Score

N/A

Malware Config

Signatures

Files

e70e4e2b8b32fe16a316c8c738e63fc57d10690d431c9f9146f0bd0ad5aaa5d3
.zip
Crypted.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 736B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HVMRuntm.dll
.dll windows x86

790a9ea28a746f3c6c07a3bd3a2b6020

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadFile
CreateFileA
WideCharToMultiByte
HeapFree
GetProcessHeap
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InterlockedDecrement
GetProcAddress
ExitProcess
FreeLibrary
LoadLibraryA
WaitForSingleObject
CloseHandle
CreateEventA
DisableThreadLibraryCalls
lstrcatA
IsBadReadPtr
lstrlenA
VirtualProtect
Sleep
SetEvent
SetEnvironmentVariableA
GetCurrentProcessId
GetModuleHandleA
InterlockedExchange
MultiByteToWideChar
GetLastError
InterlockedIncrement
SetFilePointer
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
IsBadWritePtr
GetStringTypeW
GetStringTypeA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
GetModuleFileNameA
GetCurrentProcess
VirtualQuery
LCMapStringW
LCMapStringA
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetConsoleMode
GetConsoleCP
HeapCreate
VirtualFree
GetStartupInfoA
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
GetCPInfo
SetStdHandle
HeapDestroy
HeapAlloc
HeapReAlloc
HeapSize
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
RaiseException
RtlUnwind
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
ResumeThread
CreateThread
VirtualAlloc
GetCurrentThreadId
GetCommandLineA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
WriteFile
GetStdHandle

user32

MessageBoxA
wsprintfA
UnregisterClassA

advapi32

RegQueryValueExA
RegCreateKeyExA
RegCloseKey
RegSetValueExA

oleaut32

SysStringByteLen
SysAllocStringByteLen
SafeArrayDestroy
SafeArrayCreate
VariantCopyInd
VariantChangeType
SysStringLen
SafeArrayUnlock
SafeArrayLock
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElement
SafeArrayDestroyDescriptor
VariantClear
VariantInit
SysFreeString
GetErrorInfo
SysAllocString

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Exports

Exports

CheckRuntime
DNG_Runtime
GetUserString
RunHVM

Sections

.text
Size: 168KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hvm
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hvm0
Size: 372KB - Virtual size: 369KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 15KB - Virtual size: 15KB

.rsrc Size: 1024B - Virtual size: 736B

.reloc Size: 5KB - Virtual size: 4KB

790a9ea28a746f3c6c07a3bd3a2b6020

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

version

Exports

Exports

Sections

.text Size: 168KB - Virtual size: 164KB

.rdata Size: 56KB - Virtual size: 52KB

.data Size: 16KB - Virtual size: 25KB

.hvm Size: 4KB - Virtual size: 8B

.hvm0 Size: 372KB - Virtual size: 369KB

.reloc Size: 24KB - Virtual size: 20KB

.rsrc Size: 4KB - Virtual size: 1KB

.text
Size: 15KB - Virtual size: 15KB

.rsrc
Size: 1024B - Virtual size: 736B

.reloc
Size: 5KB - Virtual size: 4KB

.text
Size: 168KB - Virtual size: 164KB

.rdata
Size: 56KB - Virtual size: 52KB

.data
Size: 16KB - Virtual size: 25KB

.hvm
Size: 4KB - Virtual size: 8B

.hvm0
Size: 372KB - Virtual size: 369KB

.reloc
Size: 24KB - Virtual size: 20KB

.rsrc
Size: 4KB - Virtual size: 1KB