77d6e00e191fa53f2e8ef7471b2f55c54f44ad1878b56265d0a73d06fd289336

Sharing

Copy URL Twitter E-mail

General

Target

77d6e00e191fa53f2e8ef7471b2f55c54f44ad1878b56265d0a73d06fd289336
Size

722KB
MD5

a9e23ed4d93d79209f741a62a0d79c09
SHA1

ba272ddd807a22f453e2fed7b263c7d94d758b42
SHA256

77d6e00e191fa53f2e8ef7471b2f55c54f44ad1878b56265d0a73d06fd289336
SHA512

be50579a26616ed70e8c3c761dbc4e3299a0d56df209402a10aa5ef437a7c906ef28b18ada8b28471787faae159fd4a5da46c40f3d97c551c372e6489e0acc22
SSDEEP

12288:hl1MzCcBfKsOkK12UO+s9FYutNMxriLkHVCB6BjY:hOPNK1lO99PAri8VQ6B

Score

N/A

Malware Config

Signatures

Files

77d6e00e191fa53f2e8ef7471b2f55c54f44ad1878b56265d0a73d06fd289336
.exe windows x86

bc5d8ae955bced7435a66ca065adb793

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

SetThreadPriorityBoost
ClearCommError
Process32Next
EnumSystemLocalesA
QueryPerformanceFrequency
GetCurrentProcess
GetStdHandle
Sleep
GetNextVDMCommand
WritePrivateProfileSectionW
MoveFileA
GetCommandLineA
FormatMessageW
DnsHostnameToComputerNameW
CopyFileExW
GetStringTypeA
GetCurrentThread
GetDriveTypeW
VirtualAlloc
GetWriteWatch
ExpandEnvironmentStringsW
PeekConsoleInputW
GetLastError
PeekConsoleInputA
VirtualLock
FindAtomW
MulDiv
OpenSemaphoreW
GlobalAddAtomA
DeleteFileW
GetThreadSelectorEntry
SetThreadPriority

secur32

InitializeSecurityContextW
GetComputerObjectNameW
QueryContextAttributesW
ApplyControlToken
LsaRegisterPolicyChangeNotification
LsaConnectUntrusted
LsaRegisterLogonProcess
EncryptMessage
FreeContextBuffer
LsaGetLogonSessionData
InitSecurityInterfaceW
DeleteSecurityContext
QuerySecurityContextToken
FreeCredentialsHandle
QuerySecurityPackageInfoW
AcceptSecurityContext
LsaFreeReturnBuffer
EnumerateSecurityPackagesW
LsaDeregisterLogonProcess
DecryptMessage
TranslateNameW

dbghelp

SymUnloadModule64
SymSetOptions
ImageDirectoryEntryToDataEx
SymLoadModule64
EnumerateLoadedModules
ImageRvaToVa
ImageDirectoryEntryToData
ImageNtHeader
SymCleanup
SymInitialize
MakeSureDirectoryPathExists
SymRegisterCallback64

msvcrt

wcscat
_wsplitpath
strtol
_strnicoll
_CItanh
_Gettnames
_ui64tow
ctime
_fpclass
fwrite
__lc_handle
_ftime
__argv
_i64toa
swprintf
_wtol
_CItan
swscanf
fscanf
ceil
tan
_timezone
??0exception@@QAE@ABV0@@Z
_cabs
strcoll
strlen
log10
_strdate
_strrev
_wcsupr
tmpfile
isalpha
_exit
tolower
_locking
realloc
ungetc
_CxxThrowException

wintrust

CryptCATAdminCalcHashFromFileHandle
CryptCATAdminAddCatalog
CryptCATGetCatAttrInfo
WTHelperGetProvSignerFromChain
WinVerifyTrustEx
WinVerifyTrust
CryptCATAdminAcquireContext
CryptCATGetMemberInfo
CryptCATGetAttrInfo
WintrustAddActionID
WTHelperGetFileHash
CryptCATCatalogInfoFromContext
WintrustLoadFunctionPointers
IsCatalogFile
CryptCATEnumerateMember
CryptCATAdminReleaseContext
CryptCATOpen
CryptCATAdminEnumCatalogFromHash
WTHelperGetProvCertFromChain
CryptCATAdminReleaseCatalogContext
CryptCATEnumerateCatAttr
CryptCATClose
WintrustRemoveActionID

crypt32

CryptSIPRemoveSignedDataMsg

advapi32

CryptGenRandom
GetSidSubAuthority
SetServiceStatus
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegSaveKeyW
LsaOpenSecret
LookupAccountSidA
ElfDeregisterEventSource
SetKernelObjectSecurity
CryptContextAddRef
GetOldestEventLogRecord
CryptDecrypt
GetSidLengthRequired
GetEffectiveRightsFromAclW
CryptEnumProvidersW
ImpersonateSelf
LsaEnumerateTrustedDomains
LookupPrivilegeNameW
CryptAcquireContextA
LsaQuerySecret
CloseServiceHandle
GetCurrentHwProfileA
AreAnyAccessesGranted
RegEnumKeyA
RegSaveKeyA
GetAce
CryptEncrypt
CryptReleaseContext
QueryServiceConfig2W
GetLengthSid
ConvertSidToStringSidW

winspool.drv

DeviceCapabilitiesW
StartDocPrinterW
GetPrinterW
AddMonitorA
DeletePrinter
GetPrinterDataW
WritePrinter
EnumMonitorsW
FreePrinterNotifyInfo
ConfigurePortW
GetFormW
AbortPrinter
DocumentPropertySheets
SetPrinterDataW
GetPrinterA
GetPrinterDriverW
FindNextPrinterChangeNotification
GetPrinterDataExW
AddPrinterDriverExW
AddPrinterW
EnumPrinterDriversW
SetFormW
GetPrintProcessorDirectoryW
GetPrinterDriverDirectoryW
EnumPrintProcessorDatatypesW
GetPrinterDataA
EndPagePrinter
EnumJobsW
DeleteFormW

Sections

.text
Size: 32KB - Virtual size: 419KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 181KB - Virtual size: 326KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: 178KB - Virtual size: 231KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 170KB - Virtual size: 358KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 159KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 304B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bc5d8ae955bced7435a66ca065adb793

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

secur32

dbghelp

msvcrt

wintrust

crypt32

advapi32

winspool.drv

Sections

.text Size: 32KB - Virtual size: 419KB

.edata Size: 181KB - Virtual size: 326KB

BSS Size: 178KB - Virtual size: 231KB

.idata Size: 170KB - Virtual size: 358KB

.rsrc Size: 159KB - Virtual size: 159KB

.reloc Size: 512B - Virtual size: 304B

.text
Size: 32KB - Virtual size: 419KB

.edata
Size: 181KB - Virtual size: 326KB

BSS
Size: 178KB - Virtual size: 231KB

.idata
Size: 170KB - Virtual size: 358KB

.rsrc
Size: 159KB - Virtual size: 159KB

.reloc
Size: 512B - Virtual size: 304B