832eda85624cee1d5d0172fdd7695ef94263eb805f3ed95067ef896d2b930280

Sharing

Copy URL Twitter E-mail

General

Target

832eda85624cee1d5d0172fdd7695ef94263eb805f3ed95067ef896d2b930280
Size

847KB
MD5

ab118dfa78d349a9bc65d241f28b7e36
SHA1

720aaa0c0f623290338a2119009a324400dc184a
SHA256

832eda85624cee1d5d0172fdd7695ef94263eb805f3ed95067ef896d2b930280
SHA512

84ddc1eda828eb3a4ef7623e9abe955d5188ad18ae192955d6ba4b56f747a3b7e0b0f6a0bf38e8d42a5460d8d13a8f5c23be03f5da7c189686290a892fca1301
SSDEEP

24576:hzlUCCTGUoqRVWzv/sboFVrVsM42rz+Z76aIU:HUNF5X2ksFVrt42rq6aIU

Score

N/A

Malware Config

Signatures

Files

832eda85624cee1d5d0172fdd7695ef94263eb805f3ed95067ef896d2b930280
.exe windows x86

063b99eddecf3663de8c6b93dcdd712a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

OleRun
CoIsHandlerConnected
HMETAFILEPICT_UserUnmarshal
HkOleRegisterObject
GetErrorInfo
HENHMETAFILE_UserFree
StgCreatePropStg
HICON_UserUnmarshal
OleQueryCreateFromData
OleCreateDefaultHandler
CoUninitialize
CoRegisterMallocSpy
ReadClassStm
UtConvertDvtd16toDvtd32
CoQueryAuthenticationServices

kernel32

InitializeCriticalSection
SetDefaultCommConfigA
DeleteFiber
OpenProfileUserMapping
LoadLibraryA
GetTapeParameters
FindNextVolumeMountPointW
LoadLibraryExW
GetEnvironmentVariableW
GetSystemDirectoryW
CloseConsoleHandle
LocalSize
RemoveDirectoryW
VirtualAlloc
lstrcpyW
BaseInitAppcompatCacheSupport
IsValidLocale
AddConsoleAliasW
GetACP

fmifs

FormatEx2
DiskCopy
QueryAvailableFileSystemFormat
QuerySupportedMedia
QueryLatestFileSystemVersion
Extend
SetLabel
Chkdsk
QueryDeviceInformation
ComputeFmMediaType
Format
QueryFileSystemName
EnableVolumeCompression
FormatEx
ChkdskEx
QueryDeviceInformationByHandle

mfcsubs

??BCSyncObject@@QBEPAXXZ
?GetAt@CStringArray@@QBE?AVCString@@H@Z
?AfxGetEmptyString@@YGABVCString@@XZ
?LookupKey@CMapStringToPtr@@QBEHPBGAAPBG@Z
?SpanIncluding@CString@@QBE?AV1@PBG@Z
??4CString@@QAEABV0@G@Z
?Right@CString@@QBE?AV1@H@Z
?GetSize@CStringArray@@QBEHXZ
?Find@CString@@QBEHPBG@Z
?SetAt@CMapStringToPtr@@QAEXPBGPAX@Z
??_7CObject@@6B@
?Format@CString@@QAAXIZZ
?FormatMessageW@CString@@QAAXIZZ
?RemoveAll@CMapStringToPtr@@QAEXXZ
??H@YG?AVCString@@ABV0@G@Z
??8@YG_NABVCString@@PBG@Z
??8@YG_NABVCString@@0@Z

crypt32

CertGetValidUsages
CryptFindLocalizedName
CryptGetDefaultOIDDllList
CryptSetKeyIdentifierProperty
CertFreeCRLContext
CertGetNameStringA
CryptVerifyDetachedMessageSignature
CryptProtectData
CryptHashMessage
CertIsRDNAttrsInCertificateName
CryptFreeOIDFunctionAddress
I_CryptFlushLruCache
CertEnumCertificateContextProperties
CryptMemAlloc
CertNameToStrW
I_CryptEnableLruOfEntries
CertAddCertificateContextToStore

msvcrt

exit

Sections

.text
Size: 477KB - Virtual size: 476KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 363KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 556B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

063b99eddecf3663de8c6b93dcdd712a

Headers

DLL Characteristics

File Characteristics

Imports

ole32

kernel32

fmifs

mfcsubs

crypt32

msvcrt

Sections

.text Size: 477KB - Virtual size: 476KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 363KB - Virtual size: 1.8MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 556B

.text
Size: 477KB - Virtual size: 476KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 363KB - Virtual size: 1.8MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 556B