e3540798ee08c9fa91ebe07adc3515b794b9219c0d5aa31ee31e489754c77b33

Sharing

Copy URL Twitter E-mail

General

Target

e3540798ee08c9fa91ebe07adc3515b794b9219c0d5aa31ee31e489754c77b33
Size

91KB
MD5

145a764ea0bdd6dc191a6b7632fe95ef
SHA1

63b02dbcfdc8c1c1d9443e5139208edb241ce52a
SHA256

e3540798ee08c9fa91ebe07adc3515b794b9219c0d5aa31ee31e489754c77b33
SHA512

3d75d9a9a21f4ebbfe1636074e6fce227e317d4249531d25c459ca1318fd02abff7091c9df3a674e2a8de1ebc607d1e54886009ff1d537f02983d79af8689d2e
SSDEEP

1536:pC33GG59FHaORMc5F9hyWKXtnS/0B7x5kaq0fu4VLwzYjm0C2IVM:jS9FHiazhpK5P7Xk+fuW0z+NaM

Score

N/A

Malware Config

Signatures

Files

e3540798ee08c9fa91ebe07adc3515b794b9219c0d5aa31ee31e489754c77b33
.exe windows x86

33d347cc98207c2dd0f703a385dbee5e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CertSetCRLContextProperty
PFXExportCertStore
CryptMsgOpenToDecode
CryptUninstallDefaultContext
I_CryptSetTls
CryptSIPGetSignedDataMsg
CertAddEncodedCertificateToStore
CryptImportPKCS8
CertFreeCRLContext
CertFindRDNAttr
CryptFindLocalizedName
CertCreateContext
CryptFindCertificateKeyProvInfo
RegQueryValueExU
CertRegisterPhysicalStore
CertVerifyTimeValidity
CertVerifyCRLRevocation
CertDuplicateCertificateChain
CryptVerifyMessageSignature
CryptUnregisterDefaultOIDFunction
CertResyncCertificateChainEngine
CryptDecodeObject
CertDeleteCertificateFromStore
CertRegisterSystemStore
CryptGetKeyIdentifierProperty
CertGetCertificateChain
CryptCloseAsyncHandle
CertVerifyCRLTimeValidity
CryptMsgControl
CryptVerifyDetachedMessageSignature
CertRemoveStoreFromCollection
CryptImportPublicKeyInfoEx
CertSaveStore
CertStrToNameA

advapi32

WmiNotificationRegistrationA
RegGetKeySecurity
AdjustTokenGroups
CryptImportKey
CryptSetProvParam
GetSecurityDescriptorSacl
UpdateTraceA
QueryTraceA
ConvertSecurityDescriptorToAccessW
EnableTrace
RegisterServiceCtrlHandlerA
ChangeServiceConfigW
LsaSetQuotasForAccount
RegDeleteValueW
CloseTrace
SetFileSecurityW
WmiSetSingleInstanceW
GetNumberOfEventLogRecords
SaferiChangeRegistryScope
WmiMofEnumerateResourcesW
TraceEvent
GetAccessPermissionsForObjectW
ElfChangeNotify
GetFileSecurityA
ElfRegisterEventSourceA
LsaQueryForestTrustInformation
GetMultipleTrusteeW
RegRestoreKeyA
FileEncryptionStatusW
LsaAddAccountRights

kernel32

LoadLibraryA
Thread32Next
FindNextVolumeW
TzSpecificLocalTimeToSystemTime
GetFullPathNameW
LocalFileTimeToFileTime
ZombifyActCtx
HeapAlloc
SetThreadUILanguage
GetHandleContext
CloseHandle
WriteTapemark
GetLocalTime
SetProcessWorkingSetSize
SetConsoleActiveScreenBuffer
ReplaceFileA
SetTapePosition
GetCPInfoExA
GetConsoleKeyboardLayoutNameW
VirtualFree
FindActCtxSectionStringW
RtlUnwind
CreateMutexA
GetDiskFreeSpaceW
RegisterWaitForInputIdle
VirtualAlloc
SetFileAttributesW
MultiByteToWideChar
GetProcessShutdownParameters
CopyLZFile
ActivateActCtx
lstrcmpW
GetProfileStringW
CreateActCtxW
GlobalLock
IsBadWritePtr
SetConsoleOS2OemFormat
LZClose
Toolhelp32ReadProcessMemory
GetProcessVersion

ole32

STGMEDIUM_UserSize
HMETAFILE_UserFree
CoQueryProxyBlanket
RegisterDragDrop
CoSetState
StringFromIID
HACCEL_UserSize
CoFreeUnusedLibrariesEx
CreateItemMoniker
GetDocumentBitStg
StgCreatePropStg
CoFileTimeToDosDateTime
UtConvertDvtd16toDvtd32
CreateGenericComposite
CoIsHandlerConnected
CoRegisterMessageFilter
PropStgNameToFmtId
HBITMAP_UserSize
CoRetireServer
OleDuplicateData
CoInitializeSecurity
CoGetClassObject
CoCreateInstanceEx
HBITMAP_UserFree
HBITMAP_UserMarshal
CoGetMalloc
GetErrorInfo
CreateILockBytesOnHGlobal
OleCreateFromData
CoReleaseMarshalData
DllGetClassObjectWOW
WdtpInterfacePointer_UserUnmarshal
CoAddRefServerProcess
CLSIDFromProgIDEx
WriteOleStg
OleGetAutoConvert

user32

BeginDeferWindowPos
CharUpperA
ScreenToClient
EnumWindowStationsW
GetKBCodePage
SetClipboardData
EnumDisplayDevicesA
GetWindowTextLengthA
GetAltTabInfoW
RedrawWindow
RegisterMessagePumpHook
GetDlgCtrlID
ChangeMenuA
UnionRect
CreateIconFromResourceEx
InvertRect
GetCursorPos
SetDebugErrorLevel
WindowFromPoint
PrivateExtractIconExA
DragObject
DlgDirSelectComboBoxExW
LookupIconIdFromDirectoryEx
LoadImageW
AlignRects
LockWindowStation
PaintDesktop
UnregisterUserApiHook
DefMDIChildProcA

Sections

.text
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

33d347cc98207c2dd0f703a385dbee5e

Headers

DLL Characteristics

File Characteristics

Imports

crypt32

advapi32

kernel32

ole32

user32

Sections

.text Size: 78KB - Virtual size: 78KB

.rdata Size: 59KB - Virtual size: 59KB

.data Size: 23KB - Virtual size: 181KB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 78KB - Virtual size: 78KB

.rdata
Size: 59KB - Virtual size: 59KB

.data
Size: 23KB - Virtual size: 181KB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1024B - Virtual size: 1024B