88563c6b5e9c4a4427b1f52aac17301279e6e89f733de99516d42ac4547d2547

Sharing

Copy URL Twitter E-mail

General

Target

88563c6b5e9c4a4427b1f52aac17301279e6e89f733de99516d42ac4547d2547
Size

45KB
MD5

b06c7d03f2a1f2ab2bf48a5229ad26e6
SHA1

97a4aedd29edca111436828ab1a22cd094599164
SHA256

88563c6b5e9c4a4427b1f52aac17301279e6e89f733de99516d42ac4547d2547
SHA512

9794ffb05ffc80953c86b23593729032b90718b5314bf115bf810a9f8674f0e5a5e85f43c2c83533c7d83e25ad4b2a7b51d89007bb0524f22847a98aa9b1ba1e
SSDEEP

768:YIqF1kZewS1T8uH9gwWRx4VB0hvrBJnfF3KIIdP0:YIC1SGRgwmst0

Score

N/A

Malware Config

Signatures

Files

88563c6b5e9c4a4427b1f52aac17301279e6e89f733de99516d42ac4547d2547
.exe windows x86

bb993a486057964d5a9655d0992159ef

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

olecli32

BmQueryBounds
BmRelease
BmSaveToStream
CheckNetDrive
ConnectDlgProc
DefCreate
DefCreateFromClip
DefCreateFromFile
DefCreateFromTemplate
DefCreateInvisible
DefLoadFromStream
DibChangeData
DibClone
DibCopy
DibDraw
DibEnumFormat

cryptui

ACUIProviderInvokeUI
CryptUIDlgCertMgr
CryptUIDlgFreeCAContext
CryptUIDlgSelectCA
CryptUIDlgSelectCertificateA
CryptUIDlgSelectCertificateFromStore
CryptUIDlgSelectCertificateW
CryptUIDlgSelectStoreA
CryptUIDlgSelectStoreW
CryptUIDlgViewCRLA
CryptUIDlgViewCRLW
CryptUIDlgViewCTLA
CryptUIDlgViewCTLW
CryptUIDlgViewContext
CryptUIDlgViewSignerInfoA
CryptUIDlgViewSignerInfoW

duser

DUserDeleteGadget
DUserCastClass

msvcrt

fread
fopen

rasman

RasConnectionEnum
RasConnectionEnum
RasConnectionEnum
RasConnectionEnum
RasConnectionEnum
RasConnectionEnum
RasConnectionEnum
RasConnectionEnum
IsRasmanProcess
RasActivateRoute
RasActivateRouteEx
RasAddConnectionPort
RasAddNotification
RasAllocateRoute
RasBundleClearStatistics
RasBundleClearStatisticsEx
RasBundleGetPort
RasBundleGetStatistics
RasBundleGetStatisticsEx
RasCompressionGetInfo
RasCompressionSetInfo
RasConnectionEnum
RasConnectionGetStatistics
RasCreateConnection
RasDeAllocateRoute
RasDestroyConnection
RasDeviceConnect

kernel32

QueryDosDeviceA
GetVersionExW
CreatePipe
EnumCalendarInfoW
GetOEMCP
ExitProcess
GetCommState
GetCommandLineA
GetWindowsDirectoryA

dnsapi

DnsQueryConfig
DnsQueryConfigAllocEx
DnsQueryConfigDword
DnsQueryExA
DnsQueryExUTF8
DnsQueryExW
DnsQueryConfig
DnsQueryConfigAllocEx
DnsQueryConfigDword
DnsQueryExA
DnsQueryExUTF8
DnsQueryExW
DnsQuery_A
DnsQuery_UTF8
DnsQuery_W
DnsRecordBuild_UTF8
DnsRecordBuild_W
DnsRecordCompare
DnsRecordCopyEx
DnsRecordListFree
DnsRecordSetCompare
DnsRecordSetCopyEx

fmifs

QueryDeviceInformation

pstorec

PStoreCreateInstance

regapi

RegBuildNumberQuery
RegCdCreateA
RegCdCreateW
RegCdDeleteA
RegCdDeleteW
RegCdEnumerateA
RegCdEnumerateW
RegCdQueryA
RegCdQueryW
RegCloseServer
RegConsoleShadowQueryA
RegConsoleShadowQueryW
RegDefaultUserConfigQueryA
RegDefaultUserConfigQueryW

lpk

LpkGetCharacterPlacement
LpkEditControl

mprapi

MprAdminInterfaceCreate

pdh

PdhCreateSQLTablesW
PdhEnumLogSetNamesA
PdhEnumLogSetNamesW
PdhEnumMachinesA
PdhEnumMachinesHA
PdhEnumMachinesHW
PdhEnumMachinesW
PdhEnumObjectItemsA
PdhEnumObjectItemsHA
PdhEnumObjectItemsHW
PdhEnumObjectItemsW
PdhEnumObjectsA
PdhEnumObjectsHA
PdhEnumObjectsHW
PdhEnumObjectsW
PdhExpandCounterPathA

quartz

AmpFactorToDB

Sections

code
Size: 2KB - Virtual size: 16KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.DAT
Size: 512B - Virtual size: 432B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

bb993a486057964d5a9655d0992159ef

Headers

File Characteristics

Imports

olecli32

cryptui

duser

msvcrt

rasman

kernel32

dnsapi

fmifs

pstorec

regapi

lpk

mprapi

pdh

quartz

Sections

code Size: 2KB - Virtual size: 16KB

.data Size: 11KB - Virtual size: 79KB

.rsrc Size: 26KB - Virtual size: 28KB

.reloc Size: 512B - Virtual size: 1KB

.DAT Size: 512B - Virtual size: 432B

code
Size: 2KB - Virtual size: 16KB

.data
Size: 11KB - Virtual size: 79KB

.rsrc
Size: 26KB - Virtual size: 28KB

.reloc
Size: 512B - Virtual size: 1KB

.DAT
Size: 512B - Virtual size: 432B