a3890bce9e81579af94124c67ac3decdd0172ebcf29de39fcc3d64032d852406

Sharing

Copy URL

Twitter E-mail

General

Target

a3890bce9e81579af94124c67ac3decdd0172ebcf29de39fcc3d64032d852406
Size

46KB
MD5

59e146dec20f4a1ab30075a682e29e38
SHA1

390cc43e14888f1d5d7f730c13f64493fccdedc5
SHA256

a3890bce9e81579af94124c67ac3decdd0172ebcf29de39fcc3d64032d852406
SHA512

6a05483f97b1c2ede130a2154f8bc9d2421b7d1b11c498d0668d98a099c6906fa7f91a34f6c4010bfab8df6e2feaae13befdf5ef817a86d07fc9f6cea4b8dfcc
SSDEEP

768:pSexV5k7cXiL9eoF+0/3OKcf4bsKi/Dli+ezu07B1JK9hjYc:prc9L9eoA0/+14QKio7iKBrYRYc

Score

N/A

Malware Config

Signatures

Files

a3890bce9e81579af94124c67ac3decdd0172ebcf29de39fcc3d64032d852406
.exe windows x86

9517e4551d4da289fa771795acfe5a9a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

wcsrchr
RtlCreateRegistryKey
ZwQueryPortInformationProcess
ZwResetWriteWatch
ZwOpenSemaphore
NtAccessCheckByType
RtlTimeToTimeFields
ZwReadFile
NtQueryVirtualMemory
towupper
LdrSetAppCompatDllRedirectionCallback
ZwAllocateUuids
NtPrivilegedServiceAuditAlarm
ZwDebugActiveProcess
RtlNumberOfSetBits
NtTestAlert
ZwSetThreadExecutionState
RtlSetTimer
KiUserExceptionDispatcher
NtCreateSymbolicLinkObject
NtTranslateFilePath
wcsncpy
ZwFsControlFile
NtQueryInformationProcess
RtlUnwind
NtDeleteAtom
NtFreeVirtualMemory
RtlCreateTimer
NtCreateJobObject
NtQuerySystemEnvironmentValueEx
_alldvrm
ZwOpenProcessTokenEx
NtCreateMailslotFile
RtlIpv4StringToAddressW

ole32

SNB_UserUnmarshal
HBITMAP_UserMarshal
OleCreateStaticFromData
HMETAFILEPICT_UserUnmarshal
HBITMAP_UserSize
CoAllowSetForegroundWindow
PropStgNameToFmtId
CLSIDFromProgID
CoInitializeEx
OleCreateFromFile
OleQueryLinkFromData
HENHMETAFILE_UserMarshal
StgOpenStorageEx
OleSetContainedObject
OleLockRunning
CoTreatAsClass
CoResumeClassObjects
GetHGlobalFromStream
CoGetInterfaceAndReleaseStream
OleIsCurrentClipboard
CoDisconnectObject
StgConvertVariantToProperty
HACCEL_UserUnmarshal

cfgmgr32

CM_Get_Class_Registry_PropertyW
CM_Get_Device_ID_ExW
CM_Set_DevNode_Registry_PropertyW
CM_Unregister_Device_InterfaceA
CM_Is_Dock_Station_Present_Ex
CM_Request_Eject_PC_Ex
CM_Get_Device_Interface_AliasA
CMP_Init_Detection
CM_Test_Range_Available
CM_Enumerate_EnumeratorsA

kernel32

SetTimerQueueTimer
PrepareTape
GetLastError
AllocConsole
SetConsoleKeyShortcuts
EnumCalendarInfoA
FindNextVolumeW
ConvertDefaultLocale
SetProcessWorkingSetSize
FindActCtxSectionStringA
GetCurrentProcess
ClearCommError
GetProcessAffinityMask
OpenEventA
GetNumberFormatA
lstrcpynW
TlsFree
SetProcessShutdownParameters
LoadLibraryW
GetFileAttributesExW
GetLongPathNameW
RemoveDirectoryA
GetProfileStringA
HeapCompact
GetPrivateProfileSectionA
GetProcessShutdownParameters
GetNumberOfConsoleInputEvents
GetOEMCP
HeapSetInformation
GetCPInfoExW
InitializeCriticalSectionAndSpinCount
GetModuleHandleA
FindNextVolumeMountPointW

apphelp

GetPermLayers
ShimFlushCache
SdbGetTagFromTagID
SdbReadDWORDTagRef
SdbUnregisterDatabase
SdbReadStringTag
SdbFindNextTag
ApphelpCheckMsiPackage
SdbReadBYTETag
ApphelpCheckExe
SdbGrabMatchingInfoEx
ApphelpCheckRunApp
SdbFindNextTagRef
SdbCloseDatabase
SdbGetMsiPackageInformation
SdbFindFirstTag
SdbGetTagDataSize
SetPermLayers

crypt32

CryptInstallOIDFunctionAddress
CertAddEnhancedKeyUsageIdentifier
PFXExportCertStore
CertEnumPhysicalStore
CertResyncCertificateChainEngine
CertDuplicateCertificateChain
CertCreateCTLContext
CryptVerifyMessageSignatureWithKey
CryptMsgEncodeAndSignCTL
CertDeleteCRLFromStore
CertDuplicateCTLContext
CertRDNValueToStrW
CertRDNValueToStrA
CryptSetProviderU
CertEnumCRLsInStore
RegSetValueExU
RegEnumValueU

Sections

.text
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9517e4551d4da289fa771795acfe5a9a

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

ole32

cfgmgr32

kernel32

apphelp

crypt32

Sections

.text Size: 29KB - Virtual size: 29KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 172B

.rsrc Size: 8KB - Virtual size: 8KB

.text
Size: 29KB - Virtual size: 29KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 172B

.rsrc
Size: 8KB - Virtual size: 8KB