a0a6a24bc640760ee8864b341a60ae698b555b33d350f8132ebad650f03585c9

Sharing

Copy URL Twitter E-mail

General

Target

a0a6a24bc640760ee8864b341a60ae698b555b33d350f8132ebad650f03585c9
Size

53KB
MD5

bf00cd9c098ccd2c630c35cd8150435f
SHA1

f36b96245921ae4f7d3967afa28869cd639530f2
SHA256

a0a6a24bc640760ee8864b341a60ae698b555b33d350f8132ebad650f03585c9
SHA512

86d85a8c117f6e50aee97c0680a1e7cfd342e421eaaeb1a9c8ffd01f8f2d87575ba39fab7af729dc93d49dd5e3d316af62167d151dcbfd678833270fe87791f6
SSDEEP

768:hjAb99CYQc5AUlxO8EsC5yfJ8wEYKPmEjF3jSLhpNO9vm8BJNISQ/b:ZGj5AUPHfJm9mO9GLTNGtgb

Score

N/A

Malware Config

Signatures

Files

a0a6a24bc640760ee8864b341a60ae698b555b33d350f8132ebad650f03585c9
.exe windows x86

8660519c7f5580a1107e2e9c9b58bb5a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CreateFileU
I_CryptFindSmartCardCertInStore
CryptFindOIDInfo
I_CryptInstallOssGlobal
CertDuplicateCertificateContext
CryptSignMessage
CryptUninstallDefaultContext
CertSetCRLContextProperty
CryptEnumOIDFunction
CertRDNValueToStrW
CryptExportPublicKeyInfo
CertStrToNameA
CertVerifyCRLTimeValidity
CryptStringToBinaryA
CertAddCRLLinkToStore
CertIsValidCRLForCertificate
CryptSignMessageWithKey
CryptUnregisterDefaultOIDFunction
CertFindCRLInStore
CryptEncodeObject
CertGetPublicKeyLength
I_CryptFindLruEntry
I_CryptReleaseLruEntry
CertOpenStore
CryptSIPGetSignedDataMsg

ntdll

RtlTimeFieldsToTime
RtlQueryProcessDebugInformation
RtlQueryAtomInAtomTable
RtlFindLongestRunClear
NtCreateNamedPipeFile
isupper
NtModifyBootEntry
wcsncpy
isdigit
ZwModifyBootEntry
ZwIsSystemResumeAutomatic
NtCreateMailslotFile
strtoul
NtQueryVolumeInformationFile
RtlCopyUnicodeString
NtOpenThreadTokenEx
ZwQueryPortInformationProcess

mapi32

SetAttribIMsgOnIStg@16
MAPISendMail
BMAPIAddress
CbOfEncoded@4
FBadRglpNameID@8
PropCopyMore@16
WrapCompressedRTFStream
cmc_logon
GetAttribIMsgOnIStg@12
HrSetOmiProvidersFlagsInvalid
UNKOBJ_ScAllocate@12
UNKOBJ_ScAllocateMore@16
MAPIOpenFormMgr@8
UlRelease@4
HrAddColumns@16
HrThisThreadAdviseSink@8
MAPIAllocateBuffer@8
BMAPISaveMail
MAPIFreeBuffer@4
BMAPISendMail

kernel32

LoadLibraryA
GetNumberOfConsoleMouseButtons
EnumSystemGeoID
GetNativeSystemInfo
GetExitCodeThread
UpdateResourceA
SetConsoleActiveScreenBuffer
GetProcessId
CopyFileExA
lstrcmpW
CreateTimerQueue
GetTimeZoneInformation
GetCurrentThread
BuildCommDCBA
VirtualQueryEx
CreateProcessInternalA
VirtualAlloc
CallNamedPipeA

msdart

?IsReadLocked@CReaderWriterLock@@QBE_NXZ
?SetDefaultSpinAdjustmentFactor@CCritSec@@SGXN@Z
?ReadLock@CReaderWriterLock2@@QAEXXZ
?WriteUnlock@CLKRLinearHashTable@@QBEXXZ
?_IsLocked@CSpinLock@@ABE_NXZ
?_AddRefRecord@CLKRLinearHashTable@@ABEXPBXH@Z
?_CmpExch@CReaderWriterLock@@AAE_NJJ@Z
?_Contract@CLKRLinearHashTable@@AAE?AW4LK_RETCODE@@XZ
?TryWriteLock@CReaderWriterLock@@QAE_NXZ
?ReadUnlock@CFakeLock@@QAEXXZ
??0CReaderWriterLock3@@QAE@XZ
IrtlTrace
?First@CDoubleList@@QBEQAVCListEntry@@XZ
?IsWriteLocked@CReaderWriterLock2@@QBE_NXZ
?ReadUnlock@CSpinLock@@QAEXXZ
?IsLocked@CLockedDoubleList@@QBE_NXZ

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.xxxdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.iiidata
Size: 16KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8660519c7f5580a1107e2e9c9b58bb5a

Headers

File Characteristics

Imports

crypt32

ntdll

mapi32

kernel32

msdart

Sections

.text Size: 30KB - Virtual size: 30KB

.xxxdata Size: 3KB - Virtual size: 3KB

.iiidata Size: 16KB - Virtual size: 94KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 30KB - Virtual size: 30KB

.xxxdata
Size: 3KB - Virtual size: 3KB

.iiidata
Size: 16KB - Virtual size: 94KB

.rsrc
Size: 1KB - Virtual size: 1KB