0cf8b6b1643b6c1e9526b9c02e16eebf3ead39e41862c5b6b3cf6f11c7f2a38b

Sharing

Copy URL

Twitter E-mail

General

Target

0cf8b6b1643b6c1e9526b9c02e16eebf3ead39e41862c5b6b3cf6f11c7f2a38b
Size

189KB
MD5

84a6b69a72f274cde26972ae3ef0ff13
SHA1

bc30f84067ed408b34892e23a1916512010d7ee2
SHA256

0cf8b6b1643b6c1e9526b9c02e16eebf3ead39e41862c5b6b3cf6f11c7f2a38b
SHA512

b501438d74a2e744552165a5a0345993bd74512d659d86bf37f9d0d351e2a116d02bf85995126e89e48c468d5fc8e3c2c13f7f89bed62a42034764b7ed4b1a93
SSDEEP

3072:7gHJtiqAdeqgQS7RFAhADrXlJLzPb8R7Hi+xv+eSdu+g58QYwW/lioQ:7o6dgQeRlHXlJLzPK7P6Z+8QYn/l

Score

N/A

Malware Config

Signatures

Files

0cf8b6b1643b6c1e9526b9c02e16eebf3ead39e41862c5b6b3cf6f11c7f2a38b
.exe windows x86

5882541cb36768a47da59efaa4352cd0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CertCompareCertificate
CertDeleteCRLFromStore
CertNameToStrA
CertDuplicateCRLContext
CertFindExtension
CertCreateContext
CryptFindOIDInfo
CertControlStore
CertSaveStore
CertFindChainInStore
CertAlgIdToOID
CertCloseStore
CertOpenStore
CertFindCRLInStore
CryptEnumOIDInfo
CertFindAttribute
CertDuplicateStore

shlwapi

UrlGetLocationA
PathIsRootW
UrlHashW
UrlIsW
PathCombineW
UrlCanonicalizeW
UrlCompareW
UrlCreateFromPathW
UrlEscapeW
UrlCombineW
UrlUnescapeW

shell32

StrChrA
ShellAboutW
DragQueryFileW
DllUnregisterServer
StrRChrA
SHChangeNotify
SHGetDiskFreeSpaceA
ExtractIconW
SHGetDataFromIDListA
SHAlloc

kernel32

GetCommandLineA
GetModuleHandleA
GetTickCount
CreateFileMappingW
LoadLibraryExW
VirtualAlloc
TlsFree
FindFirstFileW
SetCurrentDirectoryA
ResetEvent
LoadLibraryA
CloseHandle
GetCurrentDirectoryW
GetTempPathA
SleepEx
GetACP
GetLongPathNameW
HeapReAlloc

comsvcs

RecycleSurrogate
CoLoadServices
CoEnterServiceDomain

advapi32

GetUserNameA
OpenEventLogW
RegOpenKeyA
RegUnLoadKeyA
RegDeleteValueW
RegEnumKeyA
CryptSignHashA
InitializeSid
RegReplaceKeyW
ReadEventLogA
RegLoadKeyW
RegRestoreKeyA
RegSaveKeyW

dbnmpntw

ConnectionClose
ConnectionWrite

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.odata
Size: 512B - Virtual size: 324B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.sdata
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.relol
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5882541cb36768a47da59efaa4352cd0

Headers

DLL Characteristics

File Characteristics

Imports

crypt32

shlwapi

shell32

kernel32

comsvcs

advapi32

dbnmpntw

Sections

.text Size: 22KB - Virtual size: 21KB

.odata Size: 512B - Virtual size: 324B

.sdata Size: 160KB - Virtual size: 159KB

.rsrc Size: 1KB - Virtual size: 1KB

.relol Size: 4KB - Virtual size: 3KB

.text
Size: 22KB - Virtual size: 21KB

.odata
Size: 512B - Virtual size: 324B

.sdata
Size: 160KB - Virtual size: 159KB

.rsrc
Size: 1KB - Virtual size: 1KB

.relol
Size: 4KB - Virtual size: 3KB