09d165255558e18fe4cdc6e42fb7c6f6ca87a724d7fc3aec2bfd6d4da69b38cb

Sharing

Copy URL Twitter E-mail

General

Target

09d165255558e18fe4cdc6e42fb7c6f6ca87a724d7fc3aec2bfd6d4da69b38cb
Size

72KB
MD5

a1e60f7543710d3d3a5276122887f0fc
SHA1

c662d92c2766c7ec050aa6724fcbe815bac0c8bd
SHA256

09d165255558e18fe4cdc6e42fb7c6f6ca87a724d7fc3aec2bfd6d4da69b38cb
SHA512

880ddc7e3ae21ed6f8d6fe91414330cd44e4963fcaf7546e057d8e354c8e1ac1441250bc63b101b33f2292f8c5e04cce0cc16b08e259f56171671bf776697586
SSDEEP

768:xMtZrKQRSSeaUSPwGHahkWKspxtIYW2Q9hmfBgQLYJ2nDhr6M7+AjWrpOuUbu:aDrKQRTf/wG6h3Fe8+AYJIX7gMuUy

Score

N/A

Malware Config

Signatures

Files

09d165255558e18fe4cdc6e42fb7c6f6ca87a724d7fc3aec2bfd6d4da69b38cb
.exe windows x86

53d0c778a80831858967d619966a6dae

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetEnvironmentStrings
VirtualAlloc
IsSystemResumeAutomatic
VirtualAllocEx
ShowConsoleCursor
GetConsoleCharType
OpenJobObjectW
SetUserGeoID
LocalAlloc
Process32NextW
ReadConsoleInputW
ScrollConsoleScreenBufferA
GetPrivateProfileSectionNamesA
InitializeCriticalSection
GetDefaultCommConfigA
SetCommBreak
GetSystemDefaultLCID
EnumerateLocalComputerNamesW
MapUserPhysicalPagesScatter
GetPrivateProfileStringW
LZCopy
GetConsoleKeyboardLayoutNameW
SetConsoleKeyShortcuts
GetTapeStatus
GetAtomNameA
VirtualFreeEx
EraseTape
FindVolumeMountPointClose
GetNumaHighestNodeNumber
LockResource
GetWindowsDirectoryW
Module32First
GetFullPathNameW
CopyFileExA
GetPrivateProfileSectionA
ReadConsoleOutputW
IsDBCSLeadByteEx
EnumSystemCodePagesA
WideCharToMultiByte
PrivCopyFileExW
GetNumaAvailableMemoryNode
HeapCreate
DefineDosDeviceW
GetCurrentThread
EnumUILanguagesA
EnumSystemCodePagesW
WriteConsoleOutputAttribute
GetFileSize
GetPrivateProfileSectionW
DeleteFileA
GetTimeFormatA
ReplaceFileW
RaiseException
PeekNamedPipe
LoadLibraryA
GetConsoleCursorMode
MoveFileWithProgressW
SetTermsrvAppInstallMode
AddRefActCtx
SetProcessWorkingSetSize
QueryPerformanceCounter
LocalFileTimeToFileTime
ContinueDebugEvent
GetDateFormatW
WriteConsoleInputVDMW
GetDefaultCommConfigW
PostQueuedCompletionStatus
Beep
GetConsoleScreenBufferInfo

security

EnumerateSecurityPackagesW
VerifySignature
ApplyControlToken
QuerySecurityPackageInfoA
SealMessage
InitializeSecurityContextW
QueryContextAttributesW
AcceptSecurityContext
RevertSecurityContext
DeleteSecurityPackageA
EncryptMessage
DeleteSecurityPackageW
AddSecurityPackageA
QueryCredentialsAttributesA
ExportSecurityContext
QueryCredentialsAttributesW
ImpersonateSecurityContext
MakeSignature
ImportSecurityContextA
ImportSecurityContextW
InitializeSecurityContextA
QuerySecurityContextToken
DeleteSecurityContext
QueryContextAttributesA
AcquireCredentialsHandleA
FreeContextBuffer
EnumerateSecurityPackagesA
DecryptMessage
CompleteAuthToken
UnsealMessage
AcquireCredentialsHandleW
InitSecurityInterfaceW
FreeCredentialsHandle
AddSecurityPackageW
QuerySecurityPackageInfoW

untfs

?InsertIntoFile@NTFS_ATTRIBUTE@@UAEEPAVNTFS_FILE_RECORD_SEGMENT@@PAVNTFS_BITMAP@@@Z
?ReadList@NTFS_ATTRIBUTE_LIST@@QAEEXZ
?QueryFileReference@NTFS_INDEX_TREE@@QAEEKPAXKPAU_MFT_SEGMENT_REFERENCE@@PAE@Z
??0NTFS_ATTRIBUTE@@QAE@XZ
?NtfsUpcaseCompare@@YGJPBGK0KPBVNTFS_UPCASE_TABLE@@E@Z
?QuerySegmentReference@NTFS_MFT_INFO@@SG?AU_MFT_SEGMENT_REFERENCE@@PAX@Z
?Initialize@NTFS_LOG_FILE@@QAEEPAVNTFS_MASTER_FILE_TABLE@@@Z
??0NTFS_UPCASE_TABLE@@QAE@XZ
?Initialize@NTFS_BITMAP_FILE@@QAEEPAVNTFS_MASTER_FILE_TABLE@@@Z
?GetNextAttributeRecord@NTFS_FRS_STRUCTURE@@QAEPAXPBXPAVMESSAGE@@PAE@Z
?SafeQueryAttribute@NTFS_FRS_STRUCTURE@@QAEEKPAVNTFS_ATTRIBUTE@@0@Z
?Resize@NTFS_ATTRIBUTE@@UAEEVBIG_INT@@PAVNTFS_BITMAP@@@Z
?Read@NTFS_ATTRIBUTE@@QAEEPAXVBIG_INT@@KPAK@Z
?Flush@NTFS_FILE_RECORD_SEGMENT@@QAEEPAVNTFS_BITMAP@@PAVNTFS_INDEX_TREE@@E@Z
?CompareDupInfo@NTFS_MFT_INFO@@SGEPAXPAU_FILE_NAME@@@Z
?Initialize@NTFS_FILE_RECORD_SEGMENT@@QAEEVBIG_INT@@PAVNTFS_MASTER_FILE_TABLE@@@Z
?Initialize@NTFS_BITMAP@@QAEEVBIG_INT@@EPAVLOG_IO_DP_DRIVE@@K@Z
?Initialize@NTFS_ATTRIBUTE_RECORD@@QAEEPAVIO_DP_DRIVE@@PAX@Z
?ReadNext@NTFS_FRS_STRUCTURE@@QAEEVBIG_INT@@@Z
?IsAllocated@NTFS_BITMAP@@QBEEVBIG_INT@@0@Z
?Flush@NTFS_MFT_FILE@@QAEEXZ
?TakeCensus@NTFS_SA@@QAEEPAVNTFS_MASTER_FILE_TABLE@@KPAUNTFS_CENSUS_INFO@@@Z
??0NTFS_FILE_RECORD_SEGMENT@@QAE@XZ
?SetVolumeFlag@NTFS_SA@@QAEEGPAE@Z
?CompareFileName@NTFS_MFT_INFO@@SGEPAXKPAU_FILE_NAME@@PAG@Z
?Initialize@NTFS_CLUSTER_RUN@@QAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@VBIG_INT@@KK@Z

Sections

.text
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

jmbmkwx
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

53d0c778a80831858967d619966a6dae

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

security

untfs

Sections

.text Size: 34KB - Virtual size: 34KB

.rdata Size: 7KB - Virtual size: 6KB

.data Size: 1KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 2KB

jmbmkwx Size: - Virtual size: 4KB

.text
Size: 34KB - Virtual size: 34KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 2KB

jmbmkwx
Size: - Virtual size: 4KB