816bfebfd824f4e3a6316956cc86982e6ce97d10e67f0c8aac1dddb3bb815428

Sharing

Copy URL Twitter E-mail

General

Target

816bfebfd824f4e3a6316956cc86982e6ce97d10e67f0c8aac1dddb3bb815428
Size

713KB
MD5

83b434e5b134e49a5937ecbd12108f53
SHA1

4bc5c3b2da87c2c1d89d1dc2bca73ad6aa3ea07c
SHA256

816bfebfd824f4e3a6316956cc86982e6ce97d10e67f0c8aac1dddb3bb815428
SHA512

5dc93b5b510e41b4a1432427a78ced2ad3ed0dc8a9c08ca1a69836366a2a101f62369fa2d94ad363350a92c7f47c086c4f0123824f15ed901e4510a43d5bd530
SSDEEP

12288:vQTCkrqHOCZF8Hn7ReigJ97qMgrs3rHwXX2ACLOgx:YTfmuUanWqMx7HwXX1CLXx

Score

N/A

Malware Config

Signatures

Files

816bfebfd824f4e3a6316956cc86982e6ce97d10e67f0c8aac1dddb3bb815428
.exe windows x86

b06f2bcbdc19ecdb1721aeaee47de9cd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcrt

tmpfile
tolower
_control87
_atoi64
_strdup
_mbsspn
remove
iswalpha
_mbscspn
malloc
fwrite
__lconv_init
strchr
_putws
_mbsnbcnt
_Strftime
islower

user32

LoadAcceleratorsW
CreateIcon
CharLowerBuffA
GetUserObjectSecurity
PeekMessageW
SetThreadDesktop
OpenIcon

kernel32

CloseProfileUserMapping
WaitForMultipleObjects
GetVolumePathNameA
GetDevicePowerState
EnumSystemLanguageGroupsA
Sleep
VirtualAlloc
SetSystemTime
ReadConsoleInputA
GetFileInformationByHandle
InterlockedCompareExchange
GetSystemDirectoryA
GetAtomNameW
BuildCommDCBW

advapi32

QueryUsersOnEncryptedFile
ControlService
GetSecurityDescriptorOwner
StartServiceW
RegNotifyChangeKeyValue
GetSecurityInfo
BuildExplicitAccessWithNameA
WmiQuerySingleInstanceW
RegEnumKeyA
RegRestoreKeyW
FreeSid
SetNamedSecurityInfoA
GetSidSubAuthority
RegCreateKeyExA
GetTraceLoggerHandle
RegSaveKeyW
MakeSelfRelativeSD
GetExplicitEntriesFromAclW
GetAclInformation
LsaOpenSecret
ConvertSecurityDescriptorToStringSecurityDescriptorW
RegEnumKeyExW

tapi32

lineInitializeExA
lineGetDevCapsA
lineInitialize
lineGetDevCapsW
lineGetDevConfigA
tapiGetLocationInfoW
lineGetDevCaps
lineGetCallStatus
lineInitializeExW
lineConfigDialogW

netapi32

DsGetSiteNameW
NetUnjoinDomain
NetShareAdd
NetShareEnum
NetUserSetInfo
NetErrorLogWrite
NetLocalGroupAdd
NetShareGetInfo
NetWkstaGetInfo
NetServerSetInfo
NetLocalGroupDel
NetpwPathType
DsRoleFreeMemory
NetWkstaUserGetInfo
NetGetDCName

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 564KB - Virtual size: 963KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 138KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b06f2bcbdc19ecdb1721aeaee47de9cd

Headers

File Characteristics

Imports

msvcrt

user32

kernel32

advapi32

tapi32

netapi32

Sections

.text Size: 10KB - Virtual size: 10KB

DATA Size: 564KB - Virtual size: 963KB

.rsrc Size: 138KB - Virtual size: 137KB

.text
Size: 10KB - Virtual size: 10KB

DATA
Size: 564KB - Virtual size: 963KB

.rsrc
Size: 138KB - Virtual size: 137KB