78c3c5c9916ae66fa0586742806a1bf74ed48ef7b57ff9c5c29e00200848ac07

Sharing

Copy URL

Twitter E-mail

General

Target

78c3c5c9916ae66fa0586742806a1bf74ed48ef7b57ff9c5c29e00200848ac07
Size

45KB
MD5

33ba5a316d260c311983387a5f29753e
SHA1

c68ae0d0b133e45b5db9ec598aeba9fa1d7e6c25
SHA256

78c3c5c9916ae66fa0586742806a1bf74ed48ef7b57ff9c5c29e00200848ac07
SHA512

eda3b57efe99d1e17edd71335e50720996f8cd7eefa07fc419b44eea82d837ec4691f89fe55b28292f8b70412cd2f271d8313382ace13b46cefe299eb1854e3e
SSDEEP

768:TvJ7HzHpR+XwHOGTPQxOVDbvH/a9L9Db9a+0gG57NjTe8TPuk/u6Eocvz88ES:TvJ7Tf3HOGvDbYL9V0z57NjTL/uGcvzl

Score

N/A

Malware Config

Signatures

Files

78c3c5c9916ae66fa0586742806a1bf74ed48ef7b57ff9c5c29e00200848ac07
.exe windows x86

46506e1e586fe470e0faaa86e9252a71

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

_lwrite
GetConsoleDisplayMode
SetVolumeMountPointW
GetEnvironmentStringsA
SetProcessAffinityMask
EnumSystemGeoID
WriteConsoleOutputAttribute
AddLocalAlternateComputerNameW
CreateEventA
EnumResourceNamesA
ExpungeConsoleCommandHistoryW
GetNumberFormatA
CallNamedPipeA
CreateProcessInternalA
PurgeComm
GetCommandLineW
IsValidCodePage
lstrcpynA
WriteProfileSectionA
RemoveLocalAlternateComputerNameA
HeapWalk
IsDebuggerPresent
OpenSemaphoreW
GetNumaProcessorNode
FreeEnvironmentStringsA
GetTickCount
CancelIo
WaitForMultipleObjects
GetNumberFormatW
WriteProfileStringW
LoadLibraryA
Thread32First
SetLocaleInfoA
VirtualAlloc

mapistub

cmc_logon
OpenStreamOnFile@24
FBadRglpNameID@8
MAPIAllocateBuffer@8
FGetComponentPath@20
OpenIMsgOnIStg@44
MAPIResolveName
MAPISendDocuments
HrGetOneProp@12
HexFromBin@12
HrDispatchNotifications@4
OpenIMsgSession@12
MAPIFreeBuffer@4
MAPIUninitialize
GetTnefStreamCodepage
HrComposeEID@28
DeinitMapiUtil@0
LPropCompareProp@8
ScLocalPathFromUNC@12
CreateTable@36
LaunchWizard@20
UNKOBJ_FreeRows@8
FtMulDwDw@8
FEqualNames@8
SzFindLastCh@8
MAPIInitialize
OpenTnefStreamEx

user32

RegisterClassA
PostQuitMessage
DefWindowProcA

ntdll

ZwDebugContinue
RtlFindNextForwardRunClear
ZwOpenThread
NtPowerInformation
RtlRaiseException
NtQueryMultipleValueKey
RtlLookupElementGenericTable
RtlGetLastWin32Error
NtIsProcessInJob
RtlAreBitsSet
RtlSizeHeap
ZwQuerySystemInformation
RtlQueryInformationAcl
NtQueryDirectoryFile
NtCompareTokens
NtReleaseMutant
NtOpenThreadToken
RtlpNtOpenKey
RtlQuerySecurityObject
RtlLockBootStatusData
ZwSetLowWaitHighEventPair
NtWaitForDebugEvent
RtlDeleteElementGenericTable
NlsMbOemCodePageTag
RtlNewSecurityObjectEx
ZwLockFile
RtlGetNtGlobalFlags
RtlEnlargedUnsignedMultiply
islower
towlower
RtlHashUnicodeString
RtlEnumProcessHeaps

msvcrt

_statusfp
exp
_putenv
_wenviron
__set_app_type
ungetwc
__p__commode
_stricmp
_setsystime
_cgets
_outpw
exit
strlen
_hypot
_outpd
_wexeclp
_wfindfirsti64
strcspn
_mbsnbicmp
_localtime64
__toascii
__p__iob
signal
_ismbblead
_aligned_malloc
_searchenv
__getmainargs
??1bad_typeid@@UAE@XZ
?_query_new_handler@@YAP6AHI@ZXZ
atan

cmutil

?GetPrimaryRegPath@CIniW@@QBEPBGXZ
CmStrchrA
CmLoadSmallIconW
CmStrrchrA
CmLoadSmallIconA
?SetRegPath@CIniW@@QAEXPBG@Z
?GPPI@CIniA@@QBEKPBD0K@Z
GetOSVersion
?GetPrimaryFile@CIniW@@QBEPBGXZ
?CIniW_WriteEntryToReg@CIniW@@IBEHPAUHKEY__@@PBG1PBEKK@Z
CmStrCpyAllocW
??4CIniW@@QAEAAV0@ABV0@@Z
?Clear@CmLogFile@@QAEXH@Z
GetOSMajorVersion
?SetParams@CmLogFile@@QAEJHKPBG@Z
?GetHInst@CIniA@@QBEPAUHINSTANCE__@@XZ
?LoadSection@CIniA@@QBEPADPBD@Z
?GetPrimaryFile@CIniA@@QBEPBDXZ
??0CRandom@@QAE@I@Z
?WPPS@CIniW@@QAEXPBG00@Z
CmConvertRelativePathW
?CloseFile@CmLogFile@@AAEJXZ
?SetParams@CmLogFile@@QAEJHKPBD@Z
CmLoadIconW
??4CRandom@@QAEAAV0@ABV0@@Z
??_FCIniA@@QAEXXZ
?Init@CmLogFile@@QAEJPAUHINSTANCE__@@HPBG@Z
SzToWz
?SetEntryFromIdx@CIniA@@QAEXK@Z
ReleaseBold
?GPPS@CIniW@@QBEPAGPBG00@Z

msv1_0

LsaApInitializePackage
LsaApCallPackagePassthrough
Msv1_0ExportSubAuthenticationRoutine
SpInstanceInit
SpInitialize
LsaApLogonTerminated
SpLsaModeInitialize
LsaApCallPackage
Msv1_0SubAuthenticationPresent
MsvSamValidate
MsvSamLogoff
LsaApCallPackageUntrusted
LsaApLogonUserEx2
SpUserModeInitialize
MsvGetLogonAttemptCount

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

46506e1e586fe470e0faaa86e9252a71

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

mapistub

user32

ntdll

msvcrt

cmutil

msv1_0

Sections

.text Size: 35KB - Virtual size: 34KB

.rdata Size: 8KB - Virtual size: 7KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 35KB - Virtual size: 34KB

.rdata
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 1KB - Virtual size: 1KB