5e5de0f5f41f4ced6e2da9ebfc9749ae7e877c8fe8306da2c7a2a0f96a88676c

Sharing

Copy URL Twitter E-mail

General

Target

5e5de0f5f41f4ced6e2da9ebfc9749ae7e877c8fe8306da2c7a2a0f96a88676c
Size

719KB
MD5

ff72df09aa0abb6fc34d487f5d2aa872
SHA1

ac575c0da693ed12a13aff47ead23903b4a39468
SHA256

5e5de0f5f41f4ced6e2da9ebfc9749ae7e877c8fe8306da2c7a2a0f96a88676c
SHA512

f39970c6551442ecc4bec5c74db070ca14efa1feb474005e15dffa9f20975af381c38dcbf5d821ef3c2dd6a98127fa3ac43f78c9e2921f6b4357c03ec7858066
SSDEEP

12288:8yyfNYj671Tw3QW68iM96tIm+GPFfCWil+/V5PW3Ndhz+itugWfiAzl9:87FYGN6QWJim6tRdxCWXV5+ciw

Score

N/A

Malware Config

Signatures

Files

5e5de0f5f41f4ced6e2da9ebfc9749ae7e877c8fe8306da2c7a2a0f96a88676c
.exe windows x86

a29e0e2769164bc4a7fba3f4b45e9634

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

crypt32

I_CertSrvProtectFunction

userenv

GetDefaultUserProfileDirectoryW
RsopSetPolicySettingStatus
RegisterGPNotification
DestroyEnvironmentBlock
ProcessGroupPolicyCompleted
LoadUserProfileW
DeleteProfileW
RsopResetPolicySettingStatus
GetUserProfileDirectoryA
UnregisterGPNotification
ExpandEnvironmentStringsForUserW
GetAppliedGPOListW
ProcessGroupPolicyCompletedEx
GetAllUsersProfileDirectoryW
ForceSyncFgPolicy
CreateEnvironmentBlock
GetProfileType
RefreshPolicy
EnterCriticalPolicySection
GetUserProfileDirectoryW
LeaveCriticalPolicySection
FreeGPOListW
GetProfilesDirectoryW
UnloadUserProfile

wintrust

CryptCATGetAttrInfo
CryptCATAdminEnumCatalogFromHash
IsCatalogFile
WintrustRemoveActionID
CryptCATGetCatAttrInfo
CryptCATAdminAddCatalog
WintrustLoadFunctionPointers
WTHelperGetProvSignerFromChain
CryptCATEnumerateCatAttr
CryptCATEnumerateMember
CryptCATClose
CryptCATAdminAcquireContext
WinVerifyTrustEx
WinVerifyTrust
CryptCATCatalogInfoFromContext
CryptCATOpen
CryptCATAdminReleaseContext
WTHelperGetFileHash
CryptCATAdminReleaseCatalogContext
CryptCATGetMemberInfo
CryptCATEnumerateAttr
WTHelperGetProvCertFromChain

shell32

SHUpdateRecycleBinIcon
Shell_NotifyIconA
ExtractAssociatedIconA
SHBindToParent
Shell_NotifyIconW
SHGetInstanceExplorer
ShellExecuteExW
SHGetSettings
SHChangeNotifySuspendResume
ShellAboutW
SHGetFileInfoW
ExtractAssociatedIconW
SheChangeDirExW
SHOpenFolderAndSelectItems
SHGetDataFromIDListW
CommandLineToArgvW
SHGetDesktopFolder
DuplicateIcon
SHGetFolderPathA
SHParseDisplayName
SHFormatDrive
SHGetIconOverlayIndexW
SHGetSpecialFolderPathA
SHGetFolderLocation
ExtractIconExW

oleaut32

SysFreeString
SafeArrayGetLBound
SafeArrayPtrOfIndex
VariantCopy
SafeArrayCreate
SysAllocStringByteLen
GetActiveObject
SysReAllocStringLen
SafeArrayGetUBound
VariantClear
VariantChangeType
SysAllocStringLen
SysStringLen
GetErrorInfo
VariantInit

msvcrt

strtok
_winminor
_wpopen
scanf
_ui64tow
_fpclass
memcpy
iswspace
_strlwr
_itow
atoi
_CIatan2
_cabs
wcspbrk
??1exception@@UAE@XZ
_wcsnset
_vsnwprintf
_Getmonths
_eof
ldiv
iswprint
clock
_mbsnbcpy
strchr
_wfindnext64

kernel32

GetUserDefaultLangID
SetVolumeLabelA
IsProcessorFeaturePresent
GetFileAttributesExW
GetModuleFileNameW
SetFilePointer
GetPrivateProfileStringW
GetDefaultCommConfigW
GetPrivateProfileStringA
GetCommModemStatus
VirtualUnlock
GetDateFormatA
FormatMessageW
SetTimeZoneInformation
TlsAlloc
IsBadCodePtr
Sleep
EnumTimeFormatsW
FindFirstChangeNotificationW
FormatMessageA
GetCurrentThread
CreateSemaphoreW
SetPriorityClass
VirtualAlloc
GetSystemWindowsDirectoryA
GetSystemTimeAsFileTime
PeekConsoleInputW
AllocConsole
OpenSemaphoreA
VirtualProtect
GetCurrentProcess
ClearCommError
GetFileAttributesA
GetComputerNameA
EnumResourceNamesA
EnterCriticalSection
GetCommandLineA

advapi32

AddAccessDeniedObjectAce
RegisterTraceGuidsW
CommandLineFromMsiDescriptor
LsaClose
RegQueryValueA
RegCreateKeyExA
SystemFunction036
SystemFunction009
OpenEncryptedFileRawW
CryptGetDefaultProviderW
BuildTrusteeWithSidW
FreeEncryptionCertificateHashList
RegSaveKeyW
CryptSignHashW
GetSidLengthRequired
IsValidSid
LsaQueryInformationPolicy
CreateServiceW
CryptHashData
ConvertStringSidToSidW
AccessCheckAndAuditAlarmA
SetKernelObjectSecurity
EqualDomainSid
RegOpenUserClassesRoot
RegEnumKeyExA
RegisterServiceCtrlHandlerA
TraceEvent
CryptCreateHash
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegEnumValueW
GetSidSubAuthority
GetSecurityDescriptorControl
LsaQueryDomainInformationPolicy
RegQueryMultipleValuesW
GetCurrentHwProfileA

winspool.drv

AddFormW
EnumPrinterDataW
EnumPrinterDriversA
XcvDataW
EnumFormsW
DocumentPropertiesA
DeviceCapabilitiesW
EndPagePrinter
SetPrinterDataW
GetFormW
WritePrinter
EnumPortsW
GetPrinterDataA
EnumPrintersA
SetPrinterW
EnumJobsW
FindClosePrinterChangeNotification
GetPrinterDriverDirectoryA
DevicePropertySheets
GetPrinterA
SetPrinterDataExW
EnumPrinterDataExW
GetPrintProcessorDirectoryW
GetJobA

Sections

.text
Size: 29KB - Virtual size: 484KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CRT
Size: 230KB - Virtual size: 398KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 200KB - Virtual size: 396KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 98KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a29e0e2769164bc4a7fba3f4b45e9634

Headers

DLL Characteristics

File Characteristics

Imports

crypt32

userenv

wintrust

shell32

oleaut32

msvcrt

kernel32

advapi32

winspool.drv

Sections

.text Size: 29KB - Virtual size: 484KB

CRT Size: 230KB - Virtual size: 398KB

.rdata Size: 200KB - Virtual size: 396KB

.data Size: 98KB - Virtual size: 187KB

.rsrc Size: 160KB - Virtual size: 159KB

.reloc Size: 1024B - Virtual size: 220B

.text
Size: 29KB - Virtual size: 484KB

CRT
Size: 230KB - Virtual size: 398KB

.rdata
Size: 200KB - Virtual size: 396KB

.data
Size: 98KB - Virtual size: 187KB

.rsrc
Size: 160KB - Virtual size: 159KB

.reloc
Size: 1024B - Virtual size: 220B