ad4f12a7d1daf8aa51d236ef7d16c7e08d64a48ff306c38dd1f13d2137e01aed

Sharing

Copy URL Twitter E-mail

General

Target

ad4f12a7d1daf8aa51d236ef7d16c7e08d64a48ff306c38dd1f13d2137e01aed
Size

9.9MB
MD5

59dd4e304f639404d6c203a912c63f71
SHA1

18c442bd242a803b7691509bc6e15d109012b632
SHA256

ad4f12a7d1daf8aa51d236ef7d16c7e08d64a48ff306c38dd1f13d2137e01aed
SHA512

fea3d75e13f10544959b8806c1ca1168fa010fd5564c28e8779fade0fb9efb7095057b88d0bba6f7b3c42221c82c53a0a769c1262eb460dd3a40e52cc709eedd
SSDEEP

196608:vo0rcgGG4lhUE6D0DCfu6/WrwA2CT8LULCD9CZAmxYTHbXV9t:vo0rvGGEmnfu6/lA2E8jDESLTLjt

Score

N/A

Malware Config

Signatures

Files

ad4f12a7d1daf8aa51d236ef7d16c7e08d64a48ff306c38dd1f13d2137e01aed
.exe windows x86

a81dc0402fc1afb75e138f539074ca13

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

secur32

SaslGetProfilePackageW
SaslInitializeSecurityContextA
GetComputerObjectNameW
UnsealMessage
TranslateNameA
LsaRegisterLogonProcess
ApplyControlToken
AddCredentialsW
FreeContextBuffer
CompleteAuthToken
LsaDeregisterLogonProcess
LsaRegisterPolicyChangeNotification
SaslEnumerateProfilesA
MakeSignature
GetSecurityUserInfo
ImpersonateSecurityContext
LsaEnumerateLogonSessions
EnumerateSecurityPackagesA
EnumerateSecurityPackagesW
SaslIdentifyPackageW
VerifySignature
RevertSecurityContext
TranslateNameW
LsaUnregisterPolicyChangeNotification
AddCredentialsA
ExportSecurityContext
GetUserNameExW
AddSecurityPackageW
QuerySecurityContextToken
InitializeSecurityContextA
QueryCredentialsAttributesA
LsaGetLogonSessionData
QuerySecurityPackageInfoA
SecpTranslateNameEx

msexcl40

DllRegisterServer
DllUnregisterServer

glmf32

glsGetStreamSize
glsNums
glsGetConstubz
glsGetCaptureExecTable
glsULongLow

efsadu

EfsDetail

olepro32

OleCreateFontIndirect
OleCreatePropertyFrame
OleCreatePropertyFrameIndirect
DllUnregisterServer
OleCreatePictureIndirect
DllCanUnloadNow
OleLoadPicture
OleTranslateColor
DllRegisterServer
OleIconToCursor
DllGetClassObject

dbghelp

SymEnumerateModules64
SymRegisterFunctionEntryCallback64
FindExecutableImage
SymFunctionTableAccess
MapDebugInformation
SymEnumerateSymbolsW
SymGetSymFromName
SymGetModuleInfo64
ExtensionApiVersion
SymRegisterCallback
SearchTreeForFile
FindFileInSearchPath
SymEnumerateSymbolsW64
SymGetSymNext
ImagehlpApiVersionEx
EnumerateLoadedModules
sym
SymFunctionTableAccess64
SymGetLinePrev
SymGetLineNext
GetTimestampForLoadedLibrary
SymGetModuleBase64
SymGetLineFromAddr
ImageRvaToVa
SymGetLinePrev64
SymGetLineNext64
ImageDirectoryEntryToDataEx
UnDecorateSymbolName
ImageRvaToSection
SymGetModuleInfo
ImagehlpApiVersion
SymRegisterFunctionEntryCallback
ImageDirectoryEntryToData
FindDebugInfoFileEx
UnmapDebugInformation
SymGetSymFromName64
SymUnloadModule
SymEnumerateSymbols64
SymSetOptions
SymSetSearchPath
SymGetSymPrev64
SymLoadModule64
ImageNtHeader
SymGetSymFromAddr64
SymGetLineFromName64

gptext

DllRegisterServer
DllUnregisterServer

mfc42

DllCanUnloadNow
DllGetClassObject
DllUnregisterServer
DllRegisterServer

msvcp60

_Exp
mbrlen
wcsrtombs
_Denorm
_FXbig
_LExp
towctrans
_FRteps
_Tolower
_LRteps
_LDscale
wctype
_Snan
_FDnorm
_Dscale
_Dnorm
_FExp
_Getcoll
wctrans
_FCosh
_LCosh
_FNan
_Cosh
_LDtest
wcrtomb
_Rteps
_Sinh
_Inf
_Toupper
_Poly
_LSinh
_Wcrtomb
_FEps
btowc
_Getcvt
_FDscale
_Mbrtowc
_Getctype
_Xbig
_FInf
mbrtowc
_Strxfrm
_LEps
_Stod
_LXbig
_FDenorm
_Hugeval
_LDenorm
_Eps
_LInf

iaspolcy

DllGetClassObject
DllRegisterServer
DllUnregisterServer
DllCanUnloadNow

bitsprx3

DllGetClassObject
DllCanUnloadNow
DllRegisterServer
DllUnregisterServer

browseui

DllGetVersion

kernel32

ReadConsoleOutputAttribute
WriteProcessMemory
GetPrivateProfileStructA
lstrcmpW
VirtualAlloc
GetLastError

devenum

DllGetClassObject
DllCanUnloadNow
DllUnregisterServer
DllRegisterServer

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 243KB - Virtual size: 243KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 799KB - Virtual size: 798KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 15.3MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a81dc0402fc1afb75e138f539074ca13

Headers

File Characteristics

Imports

secur32

msexcl40

glmf32

efsadu

olepro32

dbghelp

gptext

mfc42

msvcp60

iaspolcy

bitsprx3

browseui

kernel32

devenum

Sections

.text Size: 6KB - Virtual size: 5KB

.tls Size: 512B - Virtual size: 4KB

.rdata Size: 243KB - Virtual size: 243KB

.rsrc Size: 799KB - Virtual size: 798KB

.data Size: - Virtual size: 15.3MB

.text
Size: 6KB - Virtual size: 5KB

.tls
Size: 512B - Virtual size: 4KB

.rdata
Size: 243KB - Virtual size: 243KB

.rsrc
Size: 799KB - Virtual size: 798KB

.data
Size: - Virtual size: 15.3MB