431a54333e9cbe70e8571405c8317a831f6a0f93058a44ff291d05f1d948239f

Sharing

Copy URL Twitter E-mail

General

Target

431a54333e9cbe70e8571405c8317a831f6a0f93058a44ff291d05f1d948239f
Size

848KB
MD5

9a658c18c3796db0b05b06f52d920216
SHA1

219e7b647397ae6afed3987a34c3dcf8b231fc6b
SHA256

431a54333e9cbe70e8571405c8317a831f6a0f93058a44ff291d05f1d948239f
SHA512

7c69a3d3e27b65069ada6d8f83d232aefd92e99f7f4d33c2db79bc487af6e6781c66d2545fcde9ba1cd2625fad70d1724fd1781a9691e3292ee762881c9fd299
SSDEEP

12288:IhDJmbJvKXBrAmAkffFR6rXZ9fo0+aFn50CSn51see1SfspYrEJdezXsVb:Gt64BkDfo0+aFuCunXe1SUpyYwQV

Score

N/A

Malware Config

Signatures

Files

431a54333e9cbe70e8571405c8317a831f6a0f93058a44ff291d05f1d948239f
.exe windows x86

091e110ffbe3a9c3cd76acb1ec6b0574

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rtm

RtmAddRoute
RtmDeregisterEntity
RtmCreateRouteEnum
RtmDeleteRouteList
RtmDeleteRouteToDest
RtmLockNextHop
RtmRegisterClient
MgmGetProtocolOnInterface
RtmIgnoreChangedDests
MgmGetFirstMfeStats
RtmGetEnumRoutes
RtmReferenceHandles
RtmGetAddressFamilyInfo
MgmDeInitialize
RtmGetNextHopInfo
RtmBlockConvertRoutesToStatic
RtmBlockMethods
MgmGroupEnumerationGetNext
MgmReleaseInterfaceOwnership
MgmDeRegisterMProtocol
RtmGetEnumNextHops
RtmGetInstanceInfo
RtmGetEntityMethods
RtmGetNetworkCount
RtmGetMostSpecificDestination

userenv

RsopLoggingEnabled
GetAllUsersProfileDirectoryW
FreeGPOListA
ProcessGroupPolicyCompletedEx
DeleteProfileA
LeaveCriticalPolicySection
GetGPOListA
GetAppliedGPOListA
GetPreviousFgPolicyRefreshInfo
ExpandEnvironmentStringsForUserA
GetProfilesDirectoryW
DeleteProfileW
ExpandEnvironmentStringsForUserW
WaitForMachinePolicyForegroundProcessing
RegisterGPNotification
GetProfileType
RsopSetPolicySettingStatus
RsopAccessCheckByType
DestroyEnvironmentBlock
WaitForUserPolicyForegroundProcessing
RsopResetPolicySettingStatus
ForceSyncFgPolicy
RefreshPolicyEx
GetGPOListW
GetDefaultUserProfileDirectoryA

advapi32

CryptDestroyHash
GetCurrentHwProfileW
RegGetKeySecurity
CredFree
LookupAccountNameA
ElfRegisterEventSourceA
ElfOpenBackupEventLogW
RegSaveKeyExW
RegOpenCurrentUser
ObjectCloseAuditAlarmA
SetSecurityDescriptorRMControl
TreeResetNamedSecurityInfoA
QueryServiceLockStatusW
UpdateTraceW
ConvertStringSDToSDRootDomainW
SystemFunction024
SetFileSecurityW
ElfOpenBackupEventLogA
SystemFunction029
RegisterEventSourceA
RemoveTraceCallback
WmiQueryAllDataMultipleA

kernel32

GetExitCodeThread
IsBadHugeWritePtr
SetFilePointerEx
BaseCleanupAppcompatCacheSupport
OutputDebugStringA
VirtualAlloc
LoadLibraryA
SetTapeParameters
FindAtomW
BaseUpdateAppcompatCache
AllocateUserPhysicalPages
VerLanguageNameW
GetModuleHandleW
GetSystemTimeAdjustment
BeginUpdateResourceA
GetCommandLineA
CreateSocketHandle
ExpungeConsoleCommandHistoryW
InitializeCriticalSection
SetThreadUILanguage
CreateMailslotA

winmm

joyGetDevCapsA
mciGetDeviceIDFromElementIDA
mciFreeCommandResource
midiOutShortMsg
wid32Message
mmTaskYield
waveInGetErrorTextW
mmioInstallIOProcW
waveOutGetPlaybackRate
midiInGetDevCapsA
mixerSetControlDetails
waveOutGetID
mciSendCommandA
mmioOpenA
midiOutPrepareHeader
mixerGetDevCapsA
PlaySound
waveInGetDevCapsA
midiInGetID
mmioStringToFOURCCA
midiConnect
midiOutLongMsg

shlwapi

StrCatBuffA
StrCmpNA
StrPBrkW
SHRegDeleteUSValueW
PathFindSuffixArrayW
StrCSpnA
PathIsRelativeA
SHRegGetBoolUSValueA
PathCreateFromUrlA
PathSearchAndQualifyA
StrRChrIW
SHRegGetPathW
SHDeleteValueA
SHLoadIndirectString
PathSetDlgItemPathA
SHCreateStreamOnFileA
StrRetToStrW
PathFileExistsW
UrlUnescapeW

Sections

.text
Size: 674KB - Virtual size: 673KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 169KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1004B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

091e110ffbe3a9c3cd76acb1ec6b0574

Headers

DLL Characteristics

File Characteristics

Imports

rtm

userenv

advapi32

kernel32

winmm

shlwapi

Sections

.text Size: 674KB - Virtual size: 673KB

.rdata Size: 169KB - Virtual size: 169KB

.data Size: 1024B - Virtual size: 1.4MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 1004B

.text
Size: 674KB - Virtual size: 673KB

.rdata
Size: 169KB - Virtual size: 169KB

.data
Size: 1024B - Virtual size: 1.4MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 1004B