645be067c8afe41829b3371dff757c7aafaeedc07612c10546140b4aa3cb328a

Sharing

Copy URL Twitter E-mail

General

Target

645be067c8afe41829b3371dff757c7aafaeedc07612c10546140b4aa3cb328a
Size

198KB
MD5

2f0f7158390c7e78e77f393b8b1eb340
SHA1

e1f1c4f5824fafc388a5b9bea2a6f972feb53c61
SHA256

645be067c8afe41829b3371dff757c7aafaeedc07612c10546140b4aa3cb328a
SHA512

a5016fb08d674e73cbe2a764743baf5c24549783d73859ab75809279972c417c2237471a510eddbb3b4771e9baca0267b9a26a1ccd23f46be79f7851bc687300
SSDEEP

6144:Sw8hJ4ZfLVca58sl+IJZqqnwhW0GrAdbQ+iMV:YQZLqBoqqwNGiQ+ii

Score

N/A

Malware Config

Signatures

Files

645be067c8afe41829b3371dff757c7aafaeedc07612c10546140b4aa3cb328a
.exe windows x86

e2a1f1911c3480a9b6e0664bbf7a1901

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsValidCodePage
GetSystemWindowsDirectoryW
WideCharToMultiByte
FileTimeToLocalFileTime
OutputDebugStringW
InitializeCriticalSection
GetDateFormatW
GetProcAddress
SetLastError
GlobalLock
LocalAlloc
QueryPerformanceCounter
DeleteCriticalSection
GetModuleFileNameW
WriteFile
GlobalFree
CreateFileW
LocalReAlloc
lstrcmpiW
GetSystemDefaultLCID
MultiByteToWideChar
SetUnhandledExceptionFilter
InterlockedDecrement
CloseHandle
GlobalUnlock
GetLastError
LocalFree
lstrlenW
GetCPInfo
GlobalAlloc
InterlockedIncrement
GetSystemTimeAsFileTime
GetLocaleInfoW
GetCurrentProcess
FormatMessageW
LoadLibraryW
IsBadReadPtr
lstrcpyW
GetEnvironmentStringsA
GetComputerNameW
FileTimeToSystemTime
GetModuleHandleA
DeleteFileA
OutputDebugStringA
GetStartupInfoA

msvcrt

__dllonexit
memmove
wcstoul
??3@YAXPAX@Z
wcscat
malloc
_wcsupr
__RTDynamicCast
wcsrchr
wcscmp
_wcsicmp
_purecall
_onexit
mbstowcs
_except_handler3
_initterm
wcschr
_adjust_fdiv
??2@YAPAXI@Z
wcscpy
free
?terminate@@YAXXZ
wcsstr
vswprintf
??1type_info@@UAE@XZ
wcslen

crypt32

CryptQueryObject
CertFreeCRLContext
CryptEnumOIDInfo
CertFreeCertificateContext
CertGetNameStringW
CertDeleteCertificateFromStore
CryptFindOIDInfo
CertSaveStore
CertAddCertificateContextToStore
CertFindCRLInStore
CertDuplicateStore
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CryptDecodeObject
CryptEncodeObject
CertGetCertificateContextProperty
CertGetEnhancedKeyUsage
CertControlStore
CertCloseStore
CertEnumSystemStore
CertOpenStore

certcli

CAEnumCertTypes
CACertTypeSetSecurity
CAGetCertTypeKeySpec
CAFindByName
CAGetCertTypeFlags
CAUpdateCertType
CAFreeCertTypeProperty
CACloseCertType
CAAddCACertificateType
CACloseCA
CAGetCertTypeProperty
CASetCertTypeExtension
CASetCertTypeFlags
CACertTypeGetSecurity
CAUpdateCA
CAFreeCAProperty
CAEnumCertTypesForCA
CAGetCAProperty
CAFindCertTypeByName
CACreateCertType
CAEnumNextCertType
CAGetCertTypeExtensions
CASetCertTypeProperty
CARemoveCACertificateType
CASetCertTypeKeySpec
CAFreeCertTypeExtensions
CAGetCertTypePropertyEx

user32

LoadIconW
EnableWindow
RegisterClipboardFormatW
SetWindowLongW
SetFocus
SendMessageW
SetCursor
GetDC
LoadStringW
GetDlgItemTextA
GetParent
DialogBoxParamW
LoadImageW
GetWindowLongW
SetWindowTextW
ReleaseDC
SendDlgItemMessageW
GetDlgItem
LoadBitmapW
SetDlgItemTextW
wsprintfW
LoadCursorW
InsertMenuItemW
MessageBoxW
PostMessageW
WinHelpW
SystemParametersInfoW
EndDialog

cryptui

CryptUIDlgSelectCertificateW
CryptUIDlgViewCertificateW
CryptUIWizExport
CryptUIDlgViewCRLW

ole32

GetHGlobalFromStream
CoSetProxyBlanket
StringFromGUID2
CoTaskMemAlloc
ReleaseStgMedium
StringFromCLSID
CreateStreamOnHGlobal
CoCreateInstanceEx
CoTaskMemFree

advapi32

RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegQueryValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW

rpcrt4

UuidCreate

gdi32

GetDeviceCaps
DeleteObject
CreateFontIndirectW

comctl32

CreatePropertySheetPageW
PropertySheetW

shell32

ShellExecuteExW
ShellExecuteW

Sections

.text
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.mdata
Size: 60KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e2a1f1911c3480a9b6e0664bbf7a1901

Headers

File Characteristics

Imports

kernel32

msvcrt

crypt32

certcli

user32

cryptui

ole32

advapi32

rpcrt4

gdi32

comctl32

shell32

Sections

.text Size: 84KB - Virtual size: 83KB

.rdata Size: 47KB - Virtual size: 47KB

.mdata Size: 60KB - Virtual size: 1.1MB

.rsrc Size: 4KB - Virtual size: 4KB

.text
Size: 84KB - Virtual size: 83KB

.rdata
Size: 47KB - Virtual size: 47KB

.mdata
Size: 60KB - Virtual size: 1.1MB

.rsrc
Size: 4KB - Virtual size: 4KB