b06a04685faa4ce4d95f88bd1ffa3f8d6e2f166e3c1a89d96f9438048a833b22

Sharing

Copy URL Twitter E-mail

General

Target

b06a04685faa4ce4d95f88bd1ffa3f8d6e2f166e3c1a89d96f9438048a833b22
Size

639KB
MD5

61e19cc4851bdb1299ab27d324d87eb9
SHA1

8c55d604b39de359d59b6252c2177b1d86c57a35
SHA256

b06a04685faa4ce4d95f88bd1ffa3f8d6e2f166e3c1a89d96f9438048a833b22
SHA512

7302ef876c139f44a017333bfc9111620eb3b93c72b6b92c61a1bd2eb824e3e12a8c242759bd6add10c1f0020ef94f22250a63de27f212dace09739152aae092
SSDEEP

12288:W+10uE0m6Rj79k91QCM8TR06R0zu+E7PQIAO5DNT8g9bOtwnU:P1+0mYf9ii097wo7lAO5DN4g9gwU

Score

N/A

Malware Config

Signatures

Files

b06a04685faa4ce4d95f88bd1ffa3f8d6e2f166e3c1a89d96f9438048a833b22
.exe windows x86

45af779786c88e32b55be8933f04a215

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetProcessTimes
SetEndOfFile
GetProcessHeap
FileTimeToSystemTime
ReplaceFileA
FileTimeToLocalFileTime
FoldStringW
lstrcmpA
GetShortPathNameA
GetSystemInfo
GetFileSize
InterlockedExchange
GetEnvironmentVariableA
CreateTimerQueue
CreatePipe
HeapValidate
GetVolumePathNameW
TlsGetValue
GetDiskFreeSpaceA
lstrcmpiA
GetProcAddress
SetVolumeLabelA
GetAtomNameA
SetCurrentDirectoryA
GetModuleHandleA
PurgeComm
FindResourceA
SetFileAttributesA
lstrcpynA
CreateEventW
GetFullPathNameA
CompareStringA
FormatMessageA

acledit

EditPermissionInfo
EditOwnerInfo
SedSystemAclEditor
EditAuditInfo

user32

IsDialogMessageA
DispatchMessageA
DrawIcon
GetWindowLongA
IsWindow
SetCursorPos
SetFocus
wsprintfA
GetWindowTextA
PeekMessageA
CharToOemA
IsZoomed
GetMessageA
LoadImageA
GetCaretPos
CreateWindowExA

msimg32

TransparentBlt
AlphaBlend
DllInitialize

cabinet

FDIIsCabinet
FCIAddFile
FCICreate
Extract
FCIDestroy

shimeng

SE_ProcessDying
SE_InstallAfterInit

crypt32

CryptFindOIDInfo
CertDuplicateCRLContext
CertCloseStore
CertCreateContext
CertFindCRLInStore
CertDuplicateStore
CertCompareCertificate
CertFindExtension
CertAlgIdToOID
CertCreateCRLContext
CertFindChainInStore
CertSaveStore
CertDeleteCRLFromStore
CertControlStore

wtsapi32

WTSVirtualChannelClose
WTSWaitSystemEvent
WTSOpenServerA
WTSVirtualChannelPurgeInput
WTSQueryUserToken
WTSEnumerateSessionsA
WTSVirtualChannelWrite
WTSLogoffSession
WTSRegisterSessionNotification
WTSSetUserConfigA

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 543KB - Virtual size: 543KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

45af779786c88e32b55be8933f04a215

Headers

File Characteristics

Imports

kernel32

acledit

user32

msimg32

cabinet

shimeng

crypt32

wtsapi32

Sections

.text Size: 26KB - Virtual size: 25KB

.rdata Size: 543KB - Virtual size: 543KB

.data Size: 4KB - Virtual size: 20KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 26KB - Virtual size: 25KB

.rdata
Size: 543KB - Virtual size: 543KB

.data
Size: 4KB - Virtual size: 20KB

.rsrc
Size: 512B - Virtual size: 4KB