c7246f4a265dab9479a84d5a2fcb214005e32a7c1b2a273f5f4c3f3fd032cee4

Sharing

Copy URL Twitter E-mail

General

Target

c7246f4a265dab9479a84d5a2fcb214005e32a7c1b2a273f5f4c3f3fd032cee4
Size

639KB
MD5

97a78a04c2039863d6dcaaf735268630
SHA1

ce0ff504ba254371ac20c66f4eda8a2439a61a79
SHA256

c7246f4a265dab9479a84d5a2fcb214005e32a7c1b2a273f5f4c3f3fd032cee4
SHA512

0aa1db3bb726ee0b9eff574930e1ed563f2cc99d131d5fd7b618432b2a3504b2c84691bdef721939e85c4a009f800a99eaef66b7626bb4f1b37de41d5339c359
SSDEEP

12288:Y+10uE0m6Rj79k91QCM8TR06R0zu+E7PQIAO5DNT8g9bOtwnU:R1+0mYf9ii097wo7lAO5DN4g9gwU

Score

N/A

Malware Config

Signatures

Files

c7246f4a265dab9479a84d5a2fcb214005e32a7c1b2a273f5f4c3f3fd032cee4
.exe windows x86

45af779786c88e32b55be8933f04a215

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetProcessTimes
SetEndOfFile
GetProcessHeap
FileTimeToSystemTime
ReplaceFileA
FileTimeToLocalFileTime
FoldStringW
lstrcmpA
GetShortPathNameA
GetSystemInfo
GetFileSize
InterlockedExchange
GetEnvironmentVariableA
CreateTimerQueue
CreatePipe
HeapValidate
GetVolumePathNameW
TlsGetValue
GetDiskFreeSpaceA
lstrcmpiA
GetProcAddress
SetVolumeLabelA
GetAtomNameA
SetCurrentDirectoryA
GetModuleHandleA
PurgeComm
FindResourceA
SetFileAttributesA
lstrcpynA
CreateEventW
GetFullPathNameA
CompareStringA
FormatMessageA

acledit

EditPermissionInfo
EditOwnerInfo
SedSystemAclEditor
EditAuditInfo

user32

IsDialogMessageA
DispatchMessageA
DrawIcon
GetWindowLongA
IsWindow
SetCursorPos
SetFocus
wsprintfA
GetWindowTextA
PeekMessageA
CharToOemA
IsZoomed
GetMessageA
LoadImageA
GetCaretPos
CreateWindowExA

msimg32

TransparentBlt
AlphaBlend
DllInitialize

cabinet

FDIIsCabinet
FCIAddFile
FCICreate
Extract
FCIDestroy

shimeng

SE_ProcessDying
SE_InstallAfterInit

crypt32

CryptFindOIDInfo
CertDuplicateCRLContext
CertCloseStore
CertCreateContext
CertFindCRLInStore
CertDuplicateStore
CertCompareCertificate
CertFindExtension
CertAlgIdToOID
CertCreateCRLContext
CertFindChainInStore
CertSaveStore
CertDeleteCRLFromStore
CertControlStore

wtsapi32

WTSVirtualChannelClose
WTSWaitSystemEvent
WTSOpenServerA
WTSVirtualChannelPurgeInput
WTSQueryUserToken
WTSEnumerateSessionsA
WTSVirtualChannelWrite
WTSLogoffSession
WTSRegisterSessionNotification
WTSSetUserConfigA

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 543KB - Virtual size: 543KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

45af779786c88e32b55be8933f04a215

Headers

File Characteristics

Imports

kernel32

acledit

user32

msimg32

cabinet

shimeng

crypt32

wtsapi32

Sections

.text Size: 26KB - Virtual size: 25KB

.rdata Size: 543KB - Virtual size: 543KB

.data Size: 4KB - Virtual size: 20KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 26KB - Virtual size: 25KB

.rdata
Size: 543KB - Virtual size: 543KB

.data
Size: 4KB - Virtual size: 20KB

.rsrc
Size: 512B - Virtual size: 4KB