644d578dfcb33984bc1f129ef3face8a52d999447cbb0f21571695fd0c6f9343

Sharing

Copy URL Twitter E-mail

General

Target

644d578dfcb33984bc1f129ef3face8a52d999447cbb0f21571695fd0c6f9343
Size

5.1MB
MD5

dcb3ead77daf8b3c89c1eda3b94290da
SHA1

a428137256e3c550f0814d002d4563610c5cb615
SHA256

644d578dfcb33984bc1f129ef3face8a52d999447cbb0f21571695fd0c6f9343
SHA512

0df55491329f3abed8a0936c8e119df10f2ee9c142cf9ad5b489c029e0b0813992ac2ba23cc1ca4ebd74f83f415969d8478414bd7870d0e4a24908f9243ac2bb
SSDEEP

98304:URXAOJBZiuK2OqS32u2OqSOGq6GGbTL18MaeX8jgEkHVCk/sWVVubXNcRWiYNvw1:UhAOJBZiuK2OqS32u2OqSOGq6GGb/18a

Score

N/A

Malware Config

Signatures

Files

644d578dfcb33984bc1f129ef3face8a52d999447cbb0f21571695fd0c6f9343
.exe windows x86

713429d8a371182674f790f8d8f2de5b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msisip

MsiSIPPutSignedDataMsg
MsiSIPVerifyIndirectData
MsiSIPCreateIndirectData
DllUnregisterServer
MsiSIPIsMyTypeOfFile
MsiSIPRemoveSignedDataMsg
MsiSIPGetSignedDataMsg
DllRegisterServer

kernel32

EnumSystemCodePagesW
WriteConsoleW
HeapSetInformation
VirtualAlloc
CreateFileMappingA
GlobalSize
PrivCopyFileExW
LoadLibraryA
SetLastConsoleEventActive
FindResourceExA
GlobalGetAtomNameA
IsValidLocale
DeviceIoControl
_hwrite
SetCommBreak
WaitForMultipleObjectsEx
FlushInstructionCache
SetCommTimeouts
SetThreadIdealProcessor
WriteProfileStringW
SetCalendarInfoA
SetEnvironmentVariableA
MapViewOfFile
FindNextVolumeA
GetExitCodeProcess
Module32FirstW
MapUserPhysicalPagesScatter
IsBadReadPtr
WriteConsoleOutputW
QueryDosDeviceW
OutputDebugStringA
PrepareTape
DefineDosDeviceA
GetConsoleCursorInfo
GetProcAddress
GenerateConsoleCtrlEvent
ExitProcess
_lread
GetConsoleAliasA
UnmapViewOfFile
SetConsoleInputExeNameW
LockResource
SetVolumeLabelA
CreateFileA
FileTimeToSystemTime
QueryPerformanceCounter
PeekConsoleInputA
FindResourceExW
GetLogicalDrives

msvcp60

_Tolower
_LXbig
_LSnan
mbrlen
btowc
_LNan
_LRteps
_Cosh
wcrtomb
_Inf
_Getcvt
_LPoly
mbrtowc
wctype
_Strxfrm
_FRteps
_LExp
_FDenorm
_Exp
_LCosh
_Wcrtomb
_FEps
_LDenorm
wcsrtombs
_Rteps
_Denorm
_Dtest
_FXbig
_FDnorm
__Wcrtomb_lk
wctrans
_FExp
_FCosh
_Stold
_FDtest
towctrans
mbsrtowcs
_LSinh
_Eps
_Stof
_LInf
_Dnorm
_Toupper
_Xbig
_Nan
_Strcoll
_Mbrtowc
_FDscale
_LDtest
_LDscale
_LEps

Sections

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 216KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 16.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 972KB - Virtual size: 972KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

713429d8a371182674f790f8d8f2de5b

Headers

File Characteristics

Imports

msisip

kernel32

msvcp60

Sections

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 216KB - Virtual size: 216KB

.rdata Size: 43KB - Virtual size: 43KB

.data Size: - Virtual size: 16.0MB

.text Size: 972KB - Virtual size: 972KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 216KB - Virtual size: 216KB

.rdata
Size: 43KB - Virtual size: 43KB

.data
Size: - Virtual size: 16.0MB

.text
Size: 972KB - Virtual size: 972KB