896e4fcbd049e3c483ef6b469695425adc75d00bb64e9e2f78e36282f629562b

Sharing

Copy URL Twitter E-mail

General

Target

896e4fcbd049e3c483ef6b469695425adc75d00bb64e9e2f78e36282f629562b
Size

1.0MB
MD5

8041f5b7ecafab4d7096cbbf0fa5e94f
SHA1

56ef9e7e3d9c3efbb6df4d255976af6347551181
SHA256

896e4fcbd049e3c483ef6b469695425adc75d00bb64e9e2f78e36282f629562b
SHA512

f1f0c245b2a80b9bbbcb136d6cea6de900c8773089ee81dcc3ee17e28ccb6c620782baeacc4dfd351bfedf535b60fcde71d4ac3cdb12a667bc20f8a4be894a3c
SSDEEP

24576:MqV6ElSNOUafiha2cNuCM919koUAXrcdRN8Vz+:56ElSNOUoiTkoUi685

Score

N/A

Malware Config

Signatures

Files

896e4fcbd049e3c483ef6b469695425adc75d00bb64e9e2f78e36282f629562b
.exe windows x86

7d2d66232108a5dff4e8d0d21ff84151

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

user32

CreateCaret
LoadKeyboardLayoutA
CallWindowProcW
CloseWindow
AdjustWindowRect
PeekMessageA
DefFrameProcW
CreateIcon
DrawTextW
SendMessageW
CharLowerBuffA
MessageBoxA
DlgDirListW
ShowCursor

msvcrt

_localtime64
_purecall
??1type_info@@UAE@XZ
isupper
toupper
memcpy
_wcslwr
_strtime
_chdrive

secur32

QuerySecurityPackageInfoW
TranslateNameW
LsaLookupAuthenticationPackage
LsaUnregisterPolicyChangeNotification
LsaDeregisterLogonProcess
LsaGetLogonSessionData
LsaRegisterPolicyChangeNotification
QueryContextAttributesW
LsaRegisterLogonProcess
AcceptSecurityContext

advapi32

RegUnLoadKeyW
RegCreateKeyExW
CloseServiceHandle
InitializeSecurityDescriptor
GetKernelObjectSecurity
ConvertStringSecurityDescriptorToSecurityDescriptorW
CreateProcessWithLogonW
RegisterServiceCtrlHandlerW
RegSetKeySecurity
EqualPrefixSid
AddAccessAllowedAce

kernel32

QueryInformationJobObject
lstrcmpA
CreateFiber
ReplaceFileW
SetVolumeLabelA
GetFullPathNameW
HeapUnlock
CreateConsoleScreenBuffer
Module32Next
BackupWrite
SetInformationJobObject
lstrcmpiA
EnumDateFormatsExW
VirtualAlloc
DosPathToSessionPathW
HeapCreate
GetPrivateProfileSectionW
lstrcmpW
GetCommTimeouts
LockResource
SetLocalTime

netapi32

NetServerEnum
NetUserModalsGet
NetShareCheck
NetServerDiskEnum
NetUserAdd
NetErrorLogWrite
NetShareGetInfo
NetpwPathType
NetUserDel

mprapi

MprConfigInterfaceTransportGetInfo
MprConfigInterfaceTransportEnum
MprAdminMIBEntryGetNext
MprConfigTransportSetInfo
MprAdminConnectionGetInfo
MprAdminGetErrorString
MprConfigGetFriendlyName
MprConfigInterfaceEnum
MprConfigInterfaceTransportRemove
MprAdminMIBEntryGet

Sections

.text
Size: 118KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 160KB - Virtual size: 307KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 360KB - Virtual size: 399KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 152KB - Virtual size: 322KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 115KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 121KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7d2d66232108a5dff4e8d0d21ff84151

Headers

File Characteristics

Imports

user32

msvcrt

secur32

advapi32

kernel32

netapi32

mprapi

Sections

.text Size: 118KB - Virtual size: 117KB

.idata Size: 160KB - Virtual size: 307KB

.edata Size: 360KB - Virtual size: 399KB

.rdata Size: 152KB - Virtual size: 322KB

.bss Size: 115KB - Virtual size: 154KB

.rsrc Size: 121KB - Virtual size: 121KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 118KB - Virtual size: 117KB

.idata
Size: 160KB - Virtual size: 307KB

.edata
Size: 360KB - Virtual size: 399KB

.rdata
Size: 152KB - Virtual size: 322KB

.bss
Size: 115KB - Virtual size: 154KB

.rsrc
Size: 121KB - Virtual size: 121KB

.reloc
Size: 1KB - Virtual size: 1KB