a2d24bd056514420c218a9ba0b66658b9efe3d7d4cc4974c2c2b36cdaf63b53c

Sharing

Copy URL Twitter E-mail

General

Target

a2d24bd056514420c218a9ba0b66658b9efe3d7d4cc4974c2c2b36cdaf63b53c
Size

242KB
MD5

ced5d9235bdaf7ab665e6484db30e04c
SHA1

c0974988d72dd9ade9403d19a2e08a99891f7604
SHA256

a2d24bd056514420c218a9ba0b66658b9efe3d7d4cc4974c2c2b36cdaf63b53c
SHA512

291796835cbcc5674f5d7b2026fc014700c60fa4eda6fe063633e4d0f4e38628744a68e71118b7547c54cd6a6ea4bcec5065350ddf3d75fdca7ee5421e9c96e3
SSDEEP

6144:t2WnFDMaL1Ia8BLu4QQEtY+yF3Oyo43M5u:hFDMaCVp1QdS+yF3OyC5u

Score

N/A

Malware Config

Signatures

Files

a2d24bd056514420c218a9ba0b66658b9efe3d7d4cc4974c2c2b36cdaf63b53c
.exe windows x86

8e81cd4550bb4563f66105a8771e4ffc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoUninitialize
CoInitializeEx

dnsapi

DnsQuery_W
DnsFree

ws2_32

htonl
inet_addr

user32

DispatchMessageW
TranslateMessage
PeekMessageW
MsgWaitForMultipleObjectsEx

advapi32

GetSidSubAuthority
SetEntriesInAclW
GetAce
GetTokenInformation
InitializeAcl
RegDeleteValueW
SetNamedSecurityInfoW
RegQueryInfoKeyW
RegOpenKeyExW
LookupAccountNameW
CryptReleaseContext
RegDeleteKeyW
InitializeSecurityDescriptor
GetLengthSid
CloseServiceHandle
GetSidSubAuthorityCount
OpenProcessToken
AllocateAndInitializeSid
AddAccessAllowedAce
StartServiceW
RegQueryValueExW
CryptGenRandom
SetSecurityDescriptorSacl
RegSetValueExW
CryptAcquireContextW
GetNamedSecurityInfoW
SetSecurityDescriptorDacl
ConvertSidToStringSidW
RegEnumValueW
GetSidIdentifierAuthority
GetSecurityDescriptorSacl
FreeSid
QueryServiceStatus
RegOpenKeyW
AddAce
RegEnumKeyExW
OpenSCManagerW
GetUserNameW
RegCreateKeyExW
OpenServiceW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetAclInformation
RegCloseKey

shell32

SHGetFolderPathW

kernel32

lstrcpyW
WriteFile
MoveFileExW
OutputDebugStringW
GetSystemTime
SizeofResource
SetUnhandledExceptionFilter
CloseHandle
GetSystemTimeAsFileTime
UnhandledExceptionFilter
GetTempPathW
VirtualQuery
lstrlenA
QueryPerformanceFrequency
SetCurrentDirectoryW
FindNextFileW
GetProcessHeap
DeleteCriticalSection
EnterCriticalSection
FindClose
SetLastError
CreateFileW
WaitForSingleObject
GetModuleHandleW
FindResourceW
SignalObjectAndWait
GlobalFree
CreateThread
WaitForMultipleObjectsEx
CreateDirectoryW
ReleaseMutex
WideCharToMultiByte
CreateMutexW
OpenProcess
LocalAlloc
LocalFree
FindFirstFileW
HeapAlloc
GetShortPathNameW
IsDebuggerPresent
SleepEx
MoveFileW
SystemTimeToFileTime
ResumeThread
HeapDestroy
lstrlenW
UnmapViewOfFile
LoadResource
HeapFree
CreateEventW
SetFilePointer
ReadFile
FreeLibrary
SetFileAttributesW
DeleteFileW
SetEndOfFile
MapViewOfFile
GetCurrentDirectoryW
TerminateThread
OpenFileMappingW
OpenEventW
ResetEvent
CopyFileW
CreateSemaphoreW
GlobalAlloc
WaitForMultipleObjects
lstrcatW
HeapSize
InitializeCriticalSectionAndSpinCount
GlobalMemoryStatus
OpenMutexW
CreateFileMappingW
FindResourceExW
SetThreadPriority
LeaveCriticalSection
HeapReAlloc
GetLocalTime
RaiseException
GetCurrentThreadId
LockResource
ReleaseSemaphore
GetFileSize
IsValidCodePage
VirtualAllocEx

shlwapi

StrCmpW
PathFindFileNameW
PathFileExistsA
StrStrIA
PathFileExistsW
SHDeleteEmptyKeyW

mscms

RegisterCMMA
UnregisterCMMW
CreateDeviceLinkProfile
GetStandardColorSpaceProfileW
GetColorDirectoryA
EnumColorProfilesA
InternalSetDeviceConfig

cryptdlg

DecodeRecipientID
CertTrustInit

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.gVx
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.i
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 212KB - Virtual size: 249KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Sk
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Ystvu
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.jSINBP
Size: 1024B - Virtual size: 850B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8e81cd4550bb4563f66105a8771e4ffc

Headers

DLL Characteristics

File Characteristics

Imports

ole32

dnsapi

ws2_32

user32

advapi32

shell32

kernel32

shlwapi

mscms

cryptdlg

Sections

.text Size: 16KB - Virtual size: 15KB

.gVx Size: 1024B - Virtual size: 1KB

.i Size: 2KB - Virtual size: 2KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 212KB - Virtual size: 249KB

.Sk Size: 2KB - Virtual size: 3KB

.Ystvu Size: 1024B - Virtual size: 1KB

.jSINBP Size: 1024B - Virtual size: 850B

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 16KB - Virtual size: 15KB

.gVx
Size: 1024B - Virtual size: 1KB

.i
Size: 2KB - Virtual size: 2KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 212KB - Virtual size: 249KB

.Sk
Size: 2KB - Virtual size: 3KB

.Ystvu
Size: 1024B - Virtual size: 1KB

.jSINBP
Size: 1024B - Virtual size: 850B

.rsrc
Size: 1KB - Virtual size: 1KB