81363ed635c8c4d720db2817aad491b25c1161b6a0e7a09c325dd6994ab1f100

Sharing

Copy URL Twitter E-mail

General

Target

81363ed635c8c4d720db2817aad491b25c1161b6a0e7a09c325dd6994ab1f100
Size

1.8MB
MD5

d2b459eca0992af8dfdfdd7bbc771163
SHA1

b2c736a227ec954518131aa5ccd35c0e5d5cd40c
SHA256

81363ed635c8c4d720db2817aad491b25c1161b6a0e7a09c325dd6994ab1f100
SHA512

23f9e7befc17e8d090c8e279d56bc484a939dcfbfdcf04b93bfb8364d8ec096a37b4c10ec9303b3b3fdd337e39f72892879a41a7143bc796c8b2917cd7260237
SSDEEP

49152:XeXmDuv149j7IJK8Al+IDQqPIkXkzepYoFukzo17JIXO:XeXmDuvIj7IJrgdDvgk06pPukzo17X

Score

N/A

Malware Config

Signatures

Files

81363ed635c8c4d720db2817aad491b25c1161b6a0e7a09c325dd6994ab1f100
.exe windows x86

a56eb7f2a028e6fa0fc0ae902ecab469

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

UrlIsNoHistoryW
UrlEscapeA
UrlGetPartA
PathCompactPathA
UrlIsOpaqueA
UrlIsA
UrlCreateFromPathA
UrlCanonicalizeA
PathCommonPrefixA
PathCombineA
UrlGetLocationA

wtsapi32

WTSWaitSystemEvent
WTSVirtualChannelPurgeInput
WTSVirtualChannelWrite
WTSVirtualChannelOpen
WTSSendMessageA
WTSSetSessionInformationA
WTSEnumerateServersA
WTSQueryUserToken
WTSVirtualChannelRead
WTSRegisterSessionNotification
WTSEnumerateSessionsW
WTSVirtualChannelClose
WTSEnumerateProcessesA

certcli

CACloseCA
CACloseCertType
CAEnumFirstCA

rsaenh

CPCreateHash
CPDecrypt
CPGenKey

kernel32

GetProcAddress
QueryDosDeviceA
GetFullPathNameA
GetBinaryTypeA
GetCurrentDirectoryA
LoadLibraryA
FormatMessageA
SetFilePointer
WaitForSingleObject
GetAtomNameA
ReadConsoleA
CloseHandle
GetCurrentProcess
GetConsoleTitleA
GetTimeFormatA
GetEnvironmentVariableA
SetEnvironmentVariableW
GetConsoleAliasW
GetGeoInfoA
GetProcessId
CreateDirectoryA
CompareStringA
GetDateFormatA
WriteConsoleA
HeapValidate
lstrcpynA
GetStringTypeA
ReadFile

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a56eb7f2a028e6fa0fc0ae902ecab469

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

wtsapi32

certcli

rsaenh

kernel32

Sections

.text Size: 21KB - Virtual size: 21KB

.rdata Size: 1.8MB - Virtual size: 1.8MB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 27KB - Virtual size: 26KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 21KB - Virtual size: 21KB

.rdata
Size: 1.8MB - Virtual size: 1.8MB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 27KB - Virtual size: 26KB

.reloc
Size: 4KB - Virtual size: 3KB