89591aa4abca1babdd80e244b9b2fce7277c945e4f375e742364851e9702d5cf

Sharing

Copy URL Twitter E-mail

General

Target

89591aa4abca1babdd80e244b9b2fce7277c945e4f375e742364851e9702d5cf
Size

48KB
MD5

33f241987e59e7c82ac14d223121107a
SHA1

550fe5b1b6ea2f5667d409cfdf6dba731b90aa2f
SHA256

89591aa4abca1babdd80e244b9b2fce7277c945e4f375e742364851e9702d5cf
SHA512

15c786ca0232dfc74476f2cf1b21db0883a9c5b5c9b78ac97ccf4d7ae1340b026db2eec4f26328a3a9c2c7f59405ebcd6dc5cad8dccfa31138397ccab7d78030
SSDEEP

1536:bl5Ydio+fKYZh7RKQOnrGIf6davA/MP9N8z:R5YdJY37UQEa/davAUlN

Score

N/A

Malware Config

Signatures

Files

89591aa4abca1babdd80e244b9b2fce7277c945e4f375e742364851e9702d5cf
.exe windows x86

dce08eb8f910c44eba51d64e3a3243f7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

AllocateAndInitializeSid
ObjectDeleteAuditAlarmA
RegOverridePredefKey
EncryptionDisable
MD4Init
CredUnmarshalCredentialA
LsaOpenPolicy
AddAccessAllowedAce
GetManagedApplications
SystemFunction029
CryptDestroyKey
EnumServicesStatusW
LsaGetUserName
ObjectOpenAuditAlarmW
ConvertStringSecurityDescriptorToSecurityDescriptorW
DecryptFileA
FreeSid
CredDeleteW
CryptSetKeyParam
BuildTrusteeWithObjectsAndSidA
GetNamedSecurityInfoW
A_SHAInit
GetSecurityDescriptorGroup
RegRestoreKeyW
ReadEncryptedFileRaw
OpenTraceA
RegCreateKeyA
CreateProcessWithLogonW
WmiQueryAllDataW
SetSecurityInfoExA
CryptAcquireContextA

cryptnet

CryptFlushTimeValidObject
LdapProvOpenStore
CryptGetObjectUrl
CryptRetrieveObjectByUrlW
CertDllVerifyCTLUsage
CryptInstallCancelRetrieval
CryptGetTimeValidObject
I_CryptNetGetUserDsStoreUrl
I_CryptNetGetHostNameFromUrl
CertDllVerifyRevocation
CryptRetrieveObjectByUrlA
CryptUninstallCancelRetrieval
CryptCancelAsyncRetrieval

imagehlp

FindExecutableImage
ImagehlpApiVersionEx
SymUnDName
MakeSureDirectoryPathExists
ImageUnload
SymLoadModule64
SymGetLineNext64
SymFunctionTableAccess64
SymUnloadModule
SymGetModuleBase
SymRegisterFunctionEntryCallback64
SymGetSymPrev64
RemovePrivateCvSymbolicEx
ImageDirectoryEntryToData
SymMatchString
ReBaseImage
SymGetModuleInfoW
FindDebugInfoFileEx
SymFromAddr
FindExecutableImageEx
EnumerateLoadedModules
SymSetContext
SymGetTypeFromName
ImageGetDigestStream
BindImage
UnDecorateSymbolName
SymSetOptions
SymEnumerateSymbols
SymGetSymFromAddr

kernel32

SetSystemPowerState
GetNumaNodeProcessorMask
QueueUserAPC
GetUserDefaultLCID
LoadLibraryA
GetOEMCP
DeleteFileA
Beep
GetProfileStringA
BaseDumpAppcompatCache
LZDone
GlobalFlags
GetTimeFormatW
ReadConsoleOutputA
SetConsoleInputExeNameA
GetConsoleFontSize
EnumResourceLanguagesW
GetLocaleInfoW
SetVolumeLabelW
CloseHandle
GetOverlappedResult
GlobalUnWire
LZCloseFile
GetConsoleInputWaitHandle
EnumCalendarInfoExW
WriteConsoleInputVDMA
LoadModule
CreateWaitableTimerW
SetLocaleInfoW
UnlockFile
InterlockedExchange
GetTickCount

Sections

.text
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 612B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dce08eb8f910c44eba51d64e3a3243f7

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

cryptnet

imagehlp

kernel32

Sections

.text Size: 34KB - Virtual size: 34KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 1024B - Virtual size: 612B

.rsrc Size: 8KB - Virtual size: 7KB

.text
Size: 34KB - Virtual size: 34KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 1024B - Virtual size: 612B

.rsrc
Size: 8KB - Virtual size: 7KB