e9fed4fa5d670515fe42745b701347638e520beec4fbfb3adc15faf96b829101

Sharing

Copy URL

Twitter E-mail

General

Target

e9fed4fa5d670515fe42745b701347638e520beec4fbfb3adc15faf96b829101
Size

270KB
MD5

a73e32ce3edcf75b327fd21a67817e2c
SHA1

72121d0b9de03363568e809a632d051dbbe6a8d6
SHA256

e9fed4fa5d670515fe42745b701347638e520beec4fbfb3adc15faf96b829101
SHA512

a4f1aa279369de78426dc4e3d99c91f6a3a3a98442156043b85f2e69eacd2b493640b890e0c8890233c48a298bb952d17c9e488df95bc54c67b876a171015ea1
SSDEEP

6144:fE+vv+TzksnEtDUbUooOTg/3hnWXDu0yYaSE+m3uR:dvvUzkoM27oOTGRnWXDu0yAmuR

Score

N/A

Malware Config

Signatures

Files

e9fed4fa5d670515fe42745b701347638e520beec4fbfb3adc15faf96b829101
.exe windows x86

fa04effc2f4bbacfda63fec132bb61bd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcp60

wctype
_Sinh
_Getcvt
_LEps
_Snan
_FDenorm
_Strxfrm
_Poly
_LDenorm
_Cosh
_Rteps
_FEps
_FXbig
_Hugeval
mbrlen
_Inf
_Getctype
towctrans
_LInf
_LExp
_Eps
_Getcoll
_FCosh
wcsrtombs
_Dscale
_Xbig
_Denorm
_LRteps
btowc
_Wcrtomb
_Toupper
_LXbig
_LDscale
wctrans
_FDscale
mbrtowc
_LCosh
_Stod
_Mbrtowc
_Dnorm
wcrtomb
_FNan
_Exp
_FExp
_Tolower
_LDtest
_LSinh
_FRteps
_FInf
_FDnorm

devenum

DllGetClassObject
DllUnregisterServer
DllRegisterServer
DllCanUnloadNow

secur32

TranslateNameW
SecpTranslateNameEx
LsaEnumerateLogonSessions
AddCredentialsW
UnsealMessage
GetUserNameExW
GetComputerObjectNameW
CompleteAuthToken
MakeSignature
SaslEnumerateProfilesA
LsaGetLogonSessionData
QueryCredentialsAttributesA
TranslateNameA
InitializeSecurityContextA
RevertSecurityContext
EnumerateSecurityPackagesA
SaslGetProfilePackageW
EnumerateSecurityPackagesW
GetSecurityUserInfo
QuerySecurityPackageInfoA
AddCredentialsA
QuerySecurityContextToken
VerifySignature
ExportSecurityContext
LsaUnregisterPolicyChangeNotification
SaslInitializeSecurityContextA
FreeContextBuffer
AddSecurityPackageW
SaslIdentifyPackageW
ApplyControlToken
LsaRegisterLogonProcess
LsaDeregisterLogonProcess
ImpersonateSecurityContext
LsaRegisterPolicyChangeNotification

bitsprx3

DllCanUnloadNow
DllRegisterServer
DllUnregisterServer
DllGetClassObject

olepro32

OleLoadPicture
DllRegisterServer
OleCreatePropertyFrame
DllCanUnloadNow
DllGetClassObject
OleIconToCursor
OleCreatePictureIndirect
OleCreateFontIndirect
DllUnregisterServer
OleTranslateColor
OleCreatePropertyFrameIndirect

msexcl40

DllRegisterServer
DllUnregisterServer

dbghelp

SymGetLineNext64
SymGetLineNext
ImagehlpApiVersionEx
SymEnumerateModules64
SymRegisterFunctionEntryCallback
SymRegisterFunctionEntryCallback64
SymEnumerateSymbolsW64
ImageDirectoryEntryToData
ImageDirectoryEntryToDataEx
ImageRvaToVa
SymGetSymFromName
ExtensionApiVersion
sym
SymGetLinePrev
SymUnloadModule
UnmapDebugInformation
FindExecutableImage
SymSetSearchPath
SymGetModuleInfo
EnumerateLoadedModules
ImageRvaToSection
SymGetSymFromAddr64
SymSetOptions
SymGetSymNext
SymEnumerateSymbols64
GetTimestampForLoadedLibrary
SymGetModuleBase64
SymGetLinePrev64
SymGetLineFromAddr
SymLoadModule64
MapDebugInformation
SymGetModuleInfo64
SymRegisterCallback
ImageNtHeader
UnDecorateSymbolName
SearchTreeForFile
SymGetSymPrev64
SymEnumerateSymbolsW
FindFileInSearchPath
SymFunctionTableAccess64
SymGetLineFromName64
SymGetSymFromName64
SymFunctionTableAccess
ImagehlpApiVersion
FindDebugInfoFileEx

security

FreeContextBuffer

glmf32

glsGetConstubz
glsGetStreamSize
glsGetCaptureExecTable
glsNums
glsULongLow

efsadu

EfsDetail

mfc42

DllUnregisterServer
DllRegisterServer
DllGetClassObject
DllCanUnloadNow

iaspolcy

DllGetClassObject
DllUnregisterServer
DllRegisterServer
DllCanUnloadNow

gptext

DllRegisterServer
DllUnregisterServer

browseui

DllGetVersion

kernel32

GetLastError
lstrcmpW
VirtualAlloc
Sleep
ReadConsoleOutputAttribute
GetPrivateProfileStructA

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 187KB - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 491KB - Virtual size: 490KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 14.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fa04effc2f4bbacfda63fec132bb61bd

Headers

File Characteristics

Imports

msvcp60

devenum

secur32

bitsprx3

olepro32

msexcl40

dbghelp

security

glmf32

efsadu

mfc42

iaspolcy

gptext

browseui

kernel32

Sections

.text Size: 6KB - Virtual size: 5KB

.tls Size: 512B - Virtual size: 4KB

.rdata Size: 187KB - Virtual size: 186KB

.rsrc Size: 491KB - Virtual size: 490KB

.data Size: - Virtual size: 14.0MB

.text
Size: 6KB - Virtual size: 5KB

.tls
Size: 512B - Virtual size: 4KB

.rdata
Size: 187KB - Virtual size: 186KB

.rsrc
Size: 491KB - Virtual size: 490KB

.data
Size: - Virtual size: 14.0MB