8fb5bf6cfe6ec6f4b29d0e8b8bbb587b231f804bbb7d2dca9e412e997f5ed5c9

Sharing

Copy URL Twitter E-mail

General

Target

8fb5bf6cfe6ec6f4b29d0e8b8bbb587b231f804bbb7d2dca9e412e997f5ed5c9
Size

850KB
MD5

c978398b5754f140d4aea25ea20945e5
SHA1

f4175a08b7dc438ac02b7e9a800322d432ec0d0b
SHA256

8fb5bf6cfe6ec6f4b29d0e8b8bbb587b231f804bbb7d2dca9e412e997f5ed5c9
SHA512

9b13a4430e94e07c1a7ce2d8311ac1a3fe307cbb63af4d0e6b25809ca4ab024c98b7ebcc3dc780b58f5efbe0f48fa5f61c1ba2106f8b9e96da06e81f3fd5c52d
SSDEEP

12288:Vcj8yaWE3XUDOqt2wxiJg2tCkWe4wqNaX138pU5JHLZ+iRZtNzZwtEx3rYBtpzDi:VebEA3uJfTH4FwyuHLZ+IW07YBnHtD

Score

N/A

Malware Config

Signatures

Files

8fb5bf6cfe6ec6f4b29d0e8b8bbb587b231f804bbb7d2dca9e412e997f5ed5c9
.exe windows x86

956fa7b54ba6189ebb6fb381272c533f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

iswlower
RtlActivateActivationContext
NtTerminateProcess
floor
RtlIsValidHandle
NtConnectPort
NtFreeVirtualMemory
NtQuerySystemEnvironmentValueEx
NtContinue
NtCallbackReturn
ZwQueryDefaultUILanguage
ZwGetDevicePowerState
RtlAddActionToRXact
NtOpenThreadTokenEx
RtlUnicodeToCustomCPN
RtlDestroyHandleTable
NtCreateProcess
ZwOpenIoCompletion
_snwprintf
RtlNewInstanceSecurityObject
RtlAllocateHeap
ZwSetTimer
RtlSizeHeap
ZwSetLowEventPair
ZwOpenSymbolicLinkObject

kernel32

OpenEventA
LoadLibraryA
InitializeCriticalSection
DefineDosDeviceW
TlsSetValue
VirtualAlloc
GetCPInfoExW
RemoveLocalAlternateComputerNameA
FillConsoleOutputCharacterA
SuspendThread
GetNamedPipeHandleStateA
GetVolumePathNameA
OpenJobObjectA
EnumSystemCodePagesA
WriteConsoleOutputAttribute
CreateEventA
GetTapeStatus
GetPrivateProfileSectionNamesA
IsValidCodePage
SetFileTime
AttachConsole
FindVolumeMountPointClose
CreateProcessInternalA
SetMessageWaitingIndicator
VirtualProtectEx
OpenProcess
SetLocalPrimaryComputerNameA

crtdll

atexit
_ftol
memcpy
_execve
_lfind
_lseek
_HUGE_dll
log
wctomb
_clearfp
iswdigit
strtod
_CIpow
tanh
_mbbtype
feof
_CIcos
_beep
putc
_pgmptr_dll
malloc
_copysign

crypt32

RegEnumValueU
CertComparePublicKeyInfo
CertGetCTLContextProperty
CertDuplicateCRLContext
CertGetEnhancedKeyUsage
CryptFreeOIDFunctionAddress
CertVerifyCRLRevocation
I_CryptUnregisterSmartCardStore
I_CryptUninstallOssGlobal
I_CryptGetDefaultCryptProv
CryptImportPublicKeyInfo
CertFindAttribute
CryptFindOIDInfo
I_CryptFindSmartCardCertInStore
CryptMsgCountersignEncoded
CertCreateCertificateContext
CryptSignAndEncryptMessage
CertCompareCertificate
CertSetCTLContextProperty
CertRDNValueToStrA
CryptVerifyMessageHash
CertFreeCertificateChain
CertFindCertificateInCRL

Sections

.text
Size: 726KB - Virtual size: 726KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

956fa7b54ba6189ebb6fb381272c533f

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

crtdll

crypt32

Sections

.text Size: 726KB - Virtual size: 726KB

.rdata Size: 116KB - Virtual size: 115KB

.data Size: 4KB - Virtual size: 1.5MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 726KB - Virtual size: 726KB

.rdata
Size: 116KB - Virtual size: 115KB

.data
Size: 4KB - Virtual size: 1.5MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB