54c2fe20e6ec703257a3d8703cde3c587ffc29ec8209625158285303bbf202d5

Sharing

Copy URL Twitter E-mail

General

Target

54c2fe20e6ec703257a3d8703cde3c587ffc29ec8209625158285303bbf202d5
Size

131KB
MD5

92a253ed378e0ab9e1fa3bcdf9f721ac
SHA1

f019c5deec8ce1cc80cfc55d4002767dbc7e92b8
SHA256

54c2fe20e6ec703257a3d8703cde3c587ffc29ec8209625158285303bbf202d5
SHA512

bd6c65703e121daa5658cd4e001582030e621caf27cb3f7a36bd3d8fc039e981f17fdb83a40bb58bdf9db093807892a00734c10d574f72ec8e1c3a548005a404
SSDEEP

3072:rivKQsMQVYdnW24awGcz6n6owHdjI7TQ9tufQ9tjVazNDD7:rivKQsMQVGWoZUHBbtufQ9wD

Score

N/A

Malware Config

Signatures

Files

54c2fe20e6ec703257a3d8703cde3c587ffc29ec8209625158285303bbf202d5
.exe windows x86

6a92afa90960a24639e338a2883886ed

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetEnvironmentStrings
VirtualAlloc
GlobalAlloc
GetConsoleFontSize
GetStartupInfoA
IsSystemResumeAutomatic
HeapReAlloc
GetFileAttributesExA
InvalidateConsoleDIBits
GetEnvironmentStringsW
SetConsoleKeyShortcuts
lstrlenA
CreateActCtxA
SetConsoleFont
EnumerateLocalComputerNamesW
GetConsoleAliasesA
ReadConsoleInputExA
GetLastError
GetCurrentThread
SetCommConfig
GetPrivateProfileSectionNamesW
LoadLibraryA

ntdll

NtQueryEvent
RtlExtendedLargeIntegerDivide
RtlAbortRXact
NtDeleteValueKey
DbgPrint
ZwMakeTemporaryObject
RtlRandom
ZwSetThreadExecutionState
RtlApplyRXact
strcspn
_wtoi
ZwQueryInstallUILanguage
RtlRandomEx
NtModifyBootEntry
RtlAddVectoredExceptionHandler
ZwWaitForMultipleObjects

avifil32

EditStreamSetNameW
AVIGetFromClipboard
AVIStreamLength
AVIStreamSetFormat
AVIStreamReadFormat
AVIFileGetStream
EditStreamCut
AVIFileInfoW
AVIFileWriteData
AVIFileRelease
AVIFileExit
AVIStreamOpenFromFileW
IID_IAVIFile
AVIStreamFindSample
AVIStreamSampleToTime
AVIBuildFilterA
AVIFileCreateStreamA
AVIStreamInfoA
AVIMakeStreamFromClipboard
AVIStreamOpenFromFile
EditStreamSetNameA
EditStreamSetInfoA
AVIStreamGetFrame
IID_IGetFrame
AVIFileOpen

msdart

?_ReadOrWriteUnlock@CLKRLinearHashTable@@ABEX_N@Z
mpFree
?IsReadLocked@CReaderWriterLock@@QBE_NXZ
SetMemHook
?_Contract@CLKRLinearHashTable@@AAE?AW4LK_RETCODE@@XZ
?_CmpExch@CReaderWriterLock2@@AAE_NJJ@Z
?ReadLock@CFakeLock@@QAEXXZ
?sm_lpOSVERSIONINFO@CMdVersionInfo@@0PAU_OSVERSIONINFOW@@A
?_ReadLockSpin@CReaderWriterLock@@AAEXXZ
?_CmpExch@CReaderWriterLock@@AAE_NJJ@Z
?WriteUnlock@CReaderWriterLock2@@QAEXXZ
?SetDefaultSpinAdjustmentFactor@CSmallSpinLock@@SGXN@Z
MpHeapSize
?SetDefaultSpinCount@CFakeLock@@SGXG@Z
?ConvertSharedToExclusive@CSmallSpinLock@@QAEXXZ
?_AddRefRecord@CLKRLinearHashTable@@ABEXPBXH@Z
?sm_wDefaultSpinCount@CFakeLock@@1GA
?IsWinNT@CMdVersionInfo@@SAHXZ
?_EqualKeys@CLKRLinearHashTable@@ABE_NKK@Z
?SetDefaultSpinCount@CCritSec@@SGXG@Z
?IsReadLocked@CReaderWriterLock2@@QBE_NXZ
?IsWriteUnlocked@CSpinLock@@QBE_NXZ
?IsEmpty@CSingleList@@QBE_NXZ
?IsWriteUnlocked@CCritSec@@QBE_NXZ

crypt32

CryptEncodeObject
CertNameToStrA
CertDeleteCTLFromStore
CryptMsgClose
CryptMsgCountersign
CertVerifyCTLUsage
RegQueryInfoKeyU
CryptHashCertificate
CertUnregisterSystemStore
CertFindCTLInStore
CryptDecodeObject
CryptVerifyDetachedMessageSignature
CertAddStoreToCollection
CertAddEncodedCRLToStore
CryptSIPCreateIndirectData

wininet

UnlockUrlCacheEntryFileA
HttpQueryInfoW
CreateUrlCacheContainerA
InternetQueryFortezzaStatus
InternetGoOnlineA
InternetLockRequestFile
HttpQueryInfoA
RetrieveUrlCacheEntryFileA
InternetSetStatusCallback
SetUrlCacheEntryInfoA
InternetTimeFromSystemTimeW
InternetGetCertByURLA
InternetGetCertByURL
InternetAttemptConnect
IsUrlCacheEntryExpiredA
SetUrlCacheGroupAttributeA

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 221KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6a92afa90960a24639e338a2883886ed

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ntdll

avifil32

msdart

crypt32

wininet

Sections

.text Size: 33KB - Virtual size: 33KB

Size: 41KB - Virtual size: 41KB

.data Size: 52KB - Virtual size: 221KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 140B

.text
Size: 33KB - Virtual size: 33KB

.data
Size: 52KB - Virtual size: 221KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 140B