a1840d84b58b259157c3895d2d8f9fcb7c62efa774e0a7a0a36a5fe9243dacea

Sharing

Copy URL Twitter E-mail

General

Target

a1840d84b58b259157c3895d2d8f9fcb7c62efa774e0a7a0a36a5fe9243dacea
Size

48KB
MD5

6292cdb671575c8434da9aa1c5ae22e4
SHA1

aaa040d6565b26d8aa10909876fa8c2355798822
SHA256

a1840d84b58b259157c3895d2d8f9fcb7c62efa774e0a7a0a36a5fe9243dacea
SHA512

81708b68e30bbd821098746b8ead1e993fa041218401d25b5e13875645320509c486580da31d7f0719a93d2337ec0fb2a1a7b6126935477c89bffb5872e3693e
SSDEEP

768:0DVLddtJz1Q97t85/SzWrH9KbxpxY/b4KbON1dYC4eM7tPiWsPEW3U8Ttfd1W94B:0xRHJz47656zwuvicKKdn2NsPjU8Ttqg

Score

N/A

Malware Config

Signatures

Files

a1840d84b58b259157c3895d2d8f9fcb7c62efa774e0a7a0a36a5fe9243dacea
.exe windows x86

a3b4fce28c32e1f4cf11373941bef2e3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlMoveMemory
RtlCopySecurityDescriptor
RtlInitializeCriticalSectionAndSpinCount
RtlDuplicateUnicodeString
NtPrivilegedServiceAuditAlarm
tolower
NtCreateToken
ZwDuplicateToken
RtlQueryProcessBackTraceInformation
RtlQueryAtomInAtomTable
NtCreateDirectoryObject
ceil
RtlInterlockedFlushSList
RtlPrefixUnicodeString
NtInitiatePowerAction
RtlNewSecurityObject
wcslen
NtResetWriteWatch
ZwPrivilegedServiceAuditAlarm
RtlMapGenericMask
NtPowerInformation
ZwFlushWriteBuffer
ZwQuerySystemEnvironmentValue
_itow
RtlUniform

kernel32

ProcessIdToSessionId
LZOpenFileW
SetSystemPowerState
FileTimeToDosDateTime
GetBinaryTypeW
GetStartupInfoW
VirtualProtectEx
GetConsoleWindow
GetTickCount
HeapSummary
GetStartupInfoA
FindActCtxSectionStringA
BackupWrite
GetModuleHandleW
SetProcessShutdownParameters
lstrlenA
lstrcpyn
lstrcpyW
LoadLibraryA
FormatMessageW
GetVolumePathNameA
GetCommandLineW
SetUnhandledExceptionFilter
GetCPInfoExA
GlobalAddAtomW
GetModuleHandleA
InterlockedDecrement
FindFirstFileA
VirtualQueryEx
VirtualAlloc
IsValidLocale
VerSetConditionMask
SetFilePointer
FindFirstFileW
GetVolumeNameForVolumeMountPointW

crypt32

CryptExportPublicKeyInfoEx
CertEnumCertificatesInStore
CertCreateCRLContext
I_CryptFindSmartCardCertInStore
CertGetPublicKeyLength
CertFreeCertificateContext
CryptSetKeyIdentifierProperty
CryptImportPKCS8
CryptGetMessageCertificates
CertFreeCertificateChain
CryptSIPAddProvider
CryptSignMessage
CryptMsgEncodeAndSignCTL
CertRegisterSystemStore
CertCompareCertificate
CertFindCertificateInStore
CertEnumPhysicalStore
CertGetCRLContextProperty
I_CryptEnableLruOfEntries
CryptSIPPutSignedDataMsg
CryptStringToBinaryA
CryptInstallOIDFunctionAddress
RegQueryValueExU
CertSaveStore
CryptMemFree
CertOpenSystemStoreW
I_CryptInstallAsn1Module
CryptExportPublicKeyInfo
PFXImportCertStore
CertAddEncodedCRLToStore
I_CryptCreateLruEntry
CertDuplicateCTLContext
CryptEnumOIDInfo
CertGetCRLFromStore
CryptSignHashU

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a3b4fce28c32e1f4cf11373941bef2e3

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

crypt32

Sections

.text Size: 39KB - Virtual size: 39KB

.rdata Size: 6KB - Virtual size: 5KB

.rsrc Size: 2KB - Virtual size: 1KB

.text
Size: 39KB - Virtual size: 39KB

.rdata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 2KB - Virtual size: 1KB