4be76ea68702f15c5a5b29d7f8b96e76abdb662186906a7dbb1122f45fab1ae8

Sharing

Copy URL Twitter E-mail

General

Target

4be76ea68702f15c5a5b29d7f8b96e76abdb662186906a7dbb1122f45fab1ae8
Size

1.8MB
MD5

b0c26582cef9353b874d132672db6683
SHA1

a28e1769301d9e54d33d5bf4af08c517b68fb7e0
SHA256

4be76ea68702f15c5a5b29d7f8b96e76abdb662186906a7dbb1122f45fab1ae8
SHA512

20a632036312af8b9ed6ccaac60fa6ef7ee35288f78dabcee2b658c1f3d610365164283a1ff04c67b9e07c09478edb50991f72e60c1f9ce3fd4faecb1f20d819
SSDEEP

49152:G8R1E9vycSyJD8CWPGrQKlLDfta2T8/F84I0v6pRjda1+6JiQ:G87kvycJII0KlHft/I84jMRpa46p

Score

N/A

Malware Config

Signatures

Files

4be76ea68702f15c5a5b29d7f8b96e76abdb662186906a7dbb1122f45fab1ae8
.exe windows x86

6ccb385a03b901ee79ed20955ef8a086

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

SetCursorPos
PeekMessageA
LoadCursorA
wsprintfA
IsCharLowerW
GetPropA
IsZoomed
CharToOemA
DispatchMessageA
GetCaretPos
IsDialogMessageA
CreateWindowExA
GetWindowTextA
IsWindow
LoadImageA
GetWindowLongA

kernel32

GetGeoInfoA
GetTimeFormatA
lstrcmpiA
GetCurrentDirectoryA
WaitForSingleObject
GetConsoleTitleA
LoadLibraryA
GetPrivateProfileIntA
GetTickCount
ReadConsoleA
GetProcessHeap
GetProcAddress
GetAtomNameA
GetFullPathNameA
HeapValidate
GetNumberFormatW
GetLongPathNameA
GetComputerNameA
SetFilePointer

certcli

CAEnumNextCA
CAEnumFirstCA
CADeleteCA
CACloseCA

shlwapi

UrlGetPartA
UrlIsOpaqueA
UrlIsNoHistoryW
PathCompactPathA
UrlCombineA
UrlCreateFromPathA
UrlCompareA
UrlCanonicalizeA
UrlIsA
UrlHashA
UrlUnescapeA
PathCommonPrefixA
PathCombineA

rsaenh

CPDeriveKey
CPDecrypt

wtsapi32

WTSVirtualChannelWrite
WTSFreeMemory
WTSSetUserConfigW
WTSLogoffSession
WTSVirtualChannelRead
WTSVirtualChannelOpen
WTSEnumerateSessionsW
WTSQueryUserToken
WTSSendMessageA
WTSEnumerateServersA
WTSRegisterSessionNotification
WTSVirtualChannelClose
WTSEnumerateProcessesA
WTSVirtualChannelQuery

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6ccb385a03b901ee79ed20955ef8a086

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

certcli

shlwapi

rsaenh

wtsapi32

Sections

.text Size: 21KB - Virtual size: 21KB

.rdata Size: 1.8MB - Virtual size: 1.8MB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 27KB - Virtual size: 26KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 21KB - Virtual size: 21KB

.rdata
Size: 1.8MB - Virtual size: 1.8MB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 27KB - Virtual size: 26KB

.reloc
Size: 4KB - Virtual size: 4KB