7102012e8668b097f8b8e6d78705479b677acbf2fb6e702fea818149344730ef

Sharing

Copy URL Twitter E-mail

General

Target

7102012e8668b097f8b8e6d78705479b677acbf2fb6e702fea818149344730ef
Size

1.0MB
MD5

985f1b5809d3a6b2c8d911c9208f9155
SHA1

1eb3b4981dbaf8b06913357680f32138c51120e9
SHA256

7102012e8668b097f8b8e6d78705479b677acbf2fb6e702fea818149344730ef
SHA512

c2bd7614abc7306ca6595e4e3a8c1773b255bb266c10189cb9b5831f49a80f9adf8da6959df2e638c92d0bc749bd0ad86bcaf78a4be672f3fb5d26fb37734838
SSDEEP

24576:52NTHTkZWDLdntb22RhX1mvwbBnpY1wP4OeIJGD2yPgOMt8zH:KHTk0HVF2kF/dy+gOzW/I4

Score

N/A

Malware Config

Signatures

Files

7102012e8668b097f8b8e6d78705479b677acbf2fb6e702fea818149344730ef
.exe windows x86

41d082b7e27bf3c857cc5d85e11d6102

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcrt

_fullpath
??0exception@@QAE@ABQBD@Z
fputws
_wgetenv
difftime
_wcmdln
_endthread
_getpid
wcsspn
strcpy
_ultoa
_dup
_assert
fgetc
memchr
strftime
iswprint
_mbsicmp
sin
_unlock
_localtime64
_wfopen
tolower

mprapi

MprAdminUserServerConnect
MprConfigBufferFree
MprConfigTransportDelete
MprConfigInterfaceEnum
MprAdminBufferFree
MprConfigServerConnect
MprConfigInterfaceTransportGetInfo
MprAdminInterfaceDelete
MprAdminServerDisconnect
MprAdminUserRead
MprAdminConnectionGetInfo
MprAdminUserServerDisconnect
MprAdminUserSetInfo
MprInfoBlockRemove
MprAdminInterfaceCreate
MprAdminPortEnum
MprConfigInterfaceTransportRemove
MprConfigTransportGetHandle
MprAdminMIBServerConnect
MprAdminServerConnect
MprAdminUserGetInfo
MprConfigServerDisconnect
MprInfoCreate
MprConfigTransportSetInfo
MprConfigInterfaceTransportAdd
MprAdminInterfaceGetHandle

kernel32

FreeResource
QueryPerformanceCounter
SetThreadAffinityMask
SetProcessAffinityMask
LoadLibraryExA
TryEnterCriticalSection
EnumSystemLocalesW
GetCurrentThread
GetPrivateProfileStringW
FindNextChangeNotification
GlobalFlags
CopyFileExW
DeleteAtom
Process32First
ConvertDefaultLocale
SetFilePointer
AddAtomA
InterlockedCompareExchange
WritePrivateProfileSectionW
SetConsoleCP
VirtualAlloc
GetDriveTypeW
LockResource
GetProfileSectionW
GetCurrentDirectoryA
SetEndOfFile
GetDiskFreeSpaceW
PulseEvent
FlushInstructionCache
SetSystemTime
SetConsoleCursorPosition
DnsHostnameToComputerNameW
RaiseException
QueryDosDeviceA
IsBadCodePtr
CreateToolhelp32Snapshot
WritePrivateProfileStringA
FillConsoleOutputAttribute
Sleep

imm32

ImmGetConversionStatus
ImmSetCompositionStringW
ImmSetOpenStatus
ImmGetOpenStatus
ImmSetCandidateWindow
ImmGetHotKey
ImmGetImeMenuItemsW
ImmGetIMEFileNameA
ImmGetCandidateListW
ImmGetProperty
ImmAssociateContext
ImmGetIMCCSize
ImmCreateContext
ImmEnumRegisterWordW
ImmNotifyIME
ImmGetIMEFileNameW
ImmConfigureIMEW
ImmGetCompositionFontW
ImmGetDefaultIMEWnd
ImmSetConversionStatus
ImmRequestMessageW
ImmDestroyContext
ImmGetCompositionStringW
ImmLockIMCC
ImmRegisterWordW
ImmGetContext
ImmUnlockIMC
ImmSetHotKey
ImmReleaseContext
ImmSetCompositionFontW

shlwapi

wnsprintfW
UrlCompareW
StrCSpnW
PathGetDriveNumberA
SHCreateShellPalette
PathQuoteSpacesA
PathCommonPrefixW
PathRemoveBackslashW
PathCombineW
PathIsDirectoryA
PathFindFileNameW
SHRegQueryInfoUSKeyW
PathRemoveArgsW
PathUndecorateA
StrCatW
SHRegSetUSValueW
PathCanonicalizeA
StrCmpNA
ChrCmpIW
PathRenameExtensionW
SHGetValueA

advapi32

InitializeAcl
DeleteService
CheckTokenMembership
CryptDeriveKey
CreateServiceW
QueryRecoveryAgentsOnEncryptedFile
GetSidSubAuthorityCount
CloseEventLog
ControlTraceW
RegQueryValueExA
RegReplaceKeyW
RegisterServiceCtrlHandlerExA
MakeAbsoluteSD
GetLengthSid
GetUserNameA
GetEventLogInformation
ReadEncryptedFileRaw
LsaCreateTrustedDomainEx
LsaLookupSids
SetPrivateObjectSecurity
GetTokenInformation
EnumServicesStatusExA
LookupAccountNameA
LsaLookupPrivilegeValue
SetKernelObjectSecurity
RegSaveKeyW
RegSetValueW
NotifyBootConfigStatus

crypt32

CryptGetMessageCertificates

Sections

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 35KB - Virtual size: 461KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 306KB - Virtual size: 506KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 301KB - Virtual size: 484KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 181KB - Virtual size: 222KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 212KB - Virtual size: 211KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

41d082b7e27bf3c857cc5d85e11d6102

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

mprapi

kernel32

imm32

shlwapi

advapi32

crypt32

Sections

.data Size: 2KB - Virtual size: 1KB

.text Size: 35KB - Virtual size: 461KB

.edata Size: 306KB - Virtual size: 506KB

.rdata Size: 301KB - Virtual size: 484KB

.edata Size: 181KB - Virtual size: 222KB

.rsrc Size: 212KB - Virtual size: 211KB

.reloc Size: 512B - Virtual size: 428B

.data
Size: 2KB - Virtual size: 1KB

.text
Size: 35KB - Virtual size: 461KB

.edata
Size: 306KB - Virtual size: 506KB

.rdata
Size: 301KB - Virtual size: 484KB

.edata
Size: 181KB - Virtual size: 222KB

.rsrc
Size: 212KB - Virtual size: 211KB

.reloc
Size: 512B - Virtual size: 428B