5386507f2d2149393120ad787e55692386d52bf28ba80e81a022018818067e42

Sharing

Copy URL Twitter E-mail

General

Target

5386507f2d2149393120ad787e55692386d52bf28ba80e81a022018818067e42
Size

815KB
MD5

df9e50ca8bad479ce8ea0b52f96b7a99
SHA1

651fb6831d2ad4ee147cf9fdb3bd946d43187997
SHA256

5386507f2d2149393120ad787e55692386d52bf28ba80e81a022018818067e42
SHA512

9b96a4cfcecd6f19a7af513ff4119f3ed393b8c569e9a18e7c103f96f70da4c09ac2c21fceb37533ec5445a664ca0c9061100af516a45e5baf23c490f8d63a68
SSDEEP

12288:J3rPfQojVySoclNTygUYvvGg3KilBBVKwAVp1A77JgyhdrIqQdV05poJ:JjJVyzuuYvuylCVp20b

Score

N/A

Malware Config

Signatures

Files

5386507f2d2149393120ad787e55692386d52bf28ba80e81a022018818067e42
.exe windows x86

ead7de6c37815ce17950b550e2e35711

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

fgetws
_wremove
_osplatform
wcstok
exit
_ungetwch
_ismbbkana
_mbschr
wcslen
towupper
_ismbcpunct
_rotl
memmove
_ismbclower
___lc_codepage_func
_environ
strlen
_ismbckata
isalpha
_tempnam
_mbcasemap
_j1
perror
_assert
_getdiskfree
_logb
_futime
_wsystem
fscanf
__p__commode
iswctype
_strlwr
isupper
_snwscanf
remove
_wenviron
_ismbcalpha
_winver
_wcsncoll
_adj_fdiv_m64
__lc_collate_cp
strrchr
_rmdir
srand
_mbsinc
_local_unwind2
__wcserror
___setlc_active_func
_wchmod
_mbslwr
_wexeclp
__lconv_init
ldexp
__set_app_type
_cwait
vsprintf
_wfindfirsti64
_mbsncpy

kernel32

SetFileAttributesW
AddRefActCtx
GetConsoleAliasExesA
GetTapeParameters
WritePrivateProfileSectionW
GetCurrencyFormatA
GetTapePosition
_lwrite
VirtualAlloc
LoadLibraryA
GetConsoleSelectionInfo
SetConsolePalette
SizeofResource
GetModuleHandleW
EnumUILanguagesW
Process32Next
GetStartupInfoA
RemoveVectoredExceptionHandler
GetCurrentProcessId
FindClose
SetCommMask
GetProcAddress
RtlZeroMemory
WideCharToMultiByte
EnumSystemLanguageGroupsW
GlobalGetAtomNameA
DosPathToSessionPathW
WriteTapemark
GlobalAlloc
EscapeCommFunction
SetLastError
GetProfileSectionA
GetConsoleAliasesW
LZClose

apphelp

SdbGrabMatchingInfoEx
ApphelpShowDialog
SdbTagToString
SdbGetDatabaseID
SdbDeletePermLayerKeys
SdbReadDWORDTagRef
ApphelpCheckInstallShieldPackage
ApphelpGetFileAttributes
SdbReadEntryInformation
SdbReadQWORDTag
SdbGetTagDataSize
SdbReadMsiTransformInfo
ApphelpGetNTVDMInfo
SdbGetTagFromTagID
SdbReleaseDatabase
SdbCloseDatabase
ShimDumpCache
SdbReadDWORDTag
SdbGetBinaryTagData
SdbCreateMsiTransformFile
SdbReadStringTagRef
SdbFindFirstTag
ApphelpFixMsiPackageExe
AllowPermLayer
SdbRegisterDatabase
SdbReadBYTETagRef
SdbOpenApphelpDetailsDatabase
SdbGetEntryFlags
SdbQueryDataEx
SdbInitDatabase
SdbGetDatabaseVersion
SdbGetMsiPackageInformation

Sections

.text
Size: 375KB - Virtual size: 374KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 169KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ead7de6c37815ce17950b550e2e35711

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

apphelp

Sections

.text Size: 375KB - Virtual size: 374KB

.rdata Size: 103KB - Virtual size: 103KB

.data Size: 169KB - Virtual size: 1.5MB

.rsrc Size: 164KB - Virtual size: 164KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 375KB - Virtual size: 374KB

.rdata
Size: 103KB - Virtual size: 103KB

.data
Size: 169KB - Virtual size: 1.5MB

.rsrc
Size: 164KB - Virtual size: 164KB

.reloc
Size: 1KB - Virtual size: 1KB