e04645cba6d3ecc5f13c5eeaf74e37bbd905e309576a4ac1e316caeeab077007

Sharing

Copy URL Twitter E-mail

General

Target

e04645cba6d3ecc5f13c5eeaf74e37bbd905e309576a4ac1e316caeeab077007
Size

660KB
MD5

66e1fd0beaf60ca961a3e8775c8a6747
SHA1

82c1aedb0899646779c8c7c042ff777739a03363
SHA256

e04645cba6d3ecc5f13c5eeaf74e37bbd905e309576a4ac1e316caeeab077007
SHA512

3d9b6fc2e97e33e95fb5f5277598617a75793da43ff1bf7bdfa40dc15240e073b5abb7c585f51c5647e9e85a5e2e72d511cac721f3b2a164426b39ce4207eecb
SSDEEP

12288:X+dEJaBBGbirxVaQd34vkUK/RhzD9xUe7i4k3Qdyu2ZwPOOvjkAnpcX:yECBGOrxVaQdovpK/Rhn9xUe7lksylwi

Score

N/A

Malware Config

Signatures

Files

e04645cba6d3ecc5f13c5eeaf74e37bbd905e309576a4ac1e316caeeab077007
.exe windows x86

05e7a9cb3d3b372e19a37c1d35fe03a3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

WmiOpenBlock
SystemFunction007
GetSidLengthRequired
SetEntriesInAclW
GetSidSubAuthorityCount
GetSidIdentifierAuthority
RegSetValueA
CommandLineFromMsiDescriptor
InitiateSystemShutdownA
StartTraceW
GetTokenInformation
RegQueryValueExA
SystemFunction036
RegSetValueExW
InitializeSecurityDescriptor
RegCreateKeyExA

rpcrt4

MesEncodeIncrementalHandleCreate
RpcStringFreeW
RpcBindingToStringBindingA
RpcMgmtEnableIdleCleanup
MesEncodeDynBufferHandleCreate
I_RpcBindingIsClientLocal

kernel32

SetMessageWaitingIndicator
LoadLibraryA
LoadLibraryW
_lwrite
SetPriorityClass
GetConsoleCP
GetTempPathW
SetUnhandledExceptionFilter
VirtualAlloc
lstrcpyA
IsBadStringPtrW
VerSetConditionMask
EnumSystemLocalesA
SetConsoleTitleA
VirtualQuery
GetVersionExW
CreateTimerQueueTimer
IsBadStringPtrA

tapi32

lineGetCallStatus
lineParkA
lineGetDevCapsA
lineInitialize
lineInitializeExW
lineGetDevCaps
lineGetDevCapsW
lineOpenA
lineDrop

Sections

.text
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: 252KB - Virtual size: 302KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 94KB - Virtual size: 243KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 243KB - Virtual size: 356KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

05e7a9cb3d3b372e19a37c1d35fe03a3

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

rpcrt4

kernel32

tapi32

Sections

.text Size: 30KB - Virtual size: 29KB

.bss Size: 252KB - Virtual size: 302KB

.bss Size: 94KB - Virtual size: 243KB

.data Size: 243KB - Virtual size: 356KB

.rsrc Size: 39KB - Virtual size: 38KB

.reloc Size: 1024B - Virtual size: 240B

.text
Size: 30KB - Virtual size: 29KB

.bss
Size: 252KB - Virtual size: 302KB

.bss
Size: 94KB - Virtual size: 243KB

.data
Size: 243KB - Virtual size: 356KB

.rsrc
Size: 39KB - Virtual size: 38KB

.reloc
Size: 1024B - Virtual size: 240B