e85a52a1c9fecfee6977d031a1268c55f2db5388a123494f973c029ee925359f

Sharing

Copy URL Twitter E-mail

General

Target

e85a52a1c9fecfee6977d031a1268c55f2db5388a123494f973c029ee925359f
Size

897KB
MD5

1e224d1fa66ca27e99e47b7d2ada49e0
SHA1

762552285fab5c4b0d446066cc1ec1424d4899b0
SHA256

e85a52a1c9fecfee6977d031a1268c55f2db5388a123494f973c029ee925359f
SHA512

d19d46342e384c36132ac7c4e727a72bd453683c3802dc9f6da44b1ff3f9090b72e2413d93263a171afe6da0510eea36cc5cb6d14968a25d29f18fbd186e521f
SSDEEP

12288:RVTwXKvoAfZpsEIn1WJ0/uIaNF3xNrPB+WYzNLcol92ZlceJyy9QW3EUCeQYwf0N:RVqYZP0/+75gNL9H2Z2gv9N3ENec

Score

N/A

Malware Config

Signatures

Files

e85a52a1c9fecfee6977d031a1268c55f2db5388a123494f973c029ee925359f
.exe windows x86

0d4e13490b8486ee44326dc3c1883509

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

imm32

ImmSetOpenStatus
ImmGetIMEFileNameW
ImmUnlockIMC
ImmSetConversionStatus
ImmGetProperty
ImmGetDefaultIMEWnd
ImmGetGuideLineW
ImmSetCandidateWindow
ImmIsIME
ImmGetCompositionFontW
ImmLockIMC
ImmGetContext
ImmRegisterWordW
ImmGetHotKey

kernel32

ExitThread
EnterCriticalSection
SetConsoleWindowInfo
TlsFree
SetNamedPipeHandleState
GetPrivateProfileIntA
VirtualFree
SetEnvironmentVariableW
WritePrivateProfileStructW
GetVolumeInformationA
GetCompressedFileSizeA
_llseek
SetThreadLocale
GetFileAttributesA
Sleep
OpenFileMappingA
CreateTimerQueueTimer
MoveFileExA
VirtualAlloc
GlobalFlags
GetStringTypeExW
FoldStringW
PurgeComm
EscapeCommFunction
HeapReAlloc
CreateEventW
GetCalendarInfoA
SetFileAttributesW
GetModuleFileNameW
DeleteTimerQueue
SetLocalTime
SetLastError
SetConsoleActiveScreenBuffer
LoadLibraryExA
FindClose
GetLargestConsoleWindowSize
DeleteFileW
GetVolumePathNameW
GetLastError
GetModuleFileNameA
CompareStringW
ReplaceFileA
TryEnterCriticalSection
GetFileAttributesW
SetConsoleScreenBufferSize

msvcrt

_CIsinh
_mbsdec
vprintf
swprintf
_amsg_exit
memcmp
_CIexp
wcscoll
strftime
fputc
system
_wasctime
_wgetcwd
srand

cfgmgr32

CM_Get_DevNode_Status_Ex
CM_Connect_MachineW
CM_Get_Parent_Ex
CM_Open_Class_Key_ExW
CM_Get_Hardware_Profile_Info_ExW
CM_Get_HW_Prof_Flags_ExW
CM_Get_Next_Res_Des_Ex
CM_Get_Device_ID_Size
CM_Free_Log_Conf_Handle
CM_Get_Res_Des_Data_Size_Ex
CM_Get_Res_Des_Data_Ex
CM_Locate_DevNodeW
CM_Disconnect_Machine
CM_Free_Res_Des_Handle
CM_Open_DevNode_Key_Ex
CM_Set_HW_Prof_Flags_ExW
CM_Get_First_Log_Conf_Ex
CM_Get_DevNode_Registry_PropertyW

crypt32

CertSetCertificateContextProperty

rasapi32

RasGetHport
RasSetEapUserDataA
RasGetCustomAuthDataW
RasFreeEapUserIdentityW
RasValidateEntryNameW
RasGetConnectStatusW
RasGetEapUserIdentityW
RasEnumDevicesW
RasGetEntryPropertiesW
RasGetErrorStringW
RasEnumEntriesW
RasGetEapUserDataW
RasGetEntryHrasconnW
RasEnumConnectionsW
RasSetEntryPropertiesW
RasGetCredentialsW
RasSetCredentialsW
RasHangUpW
RasDialW

advapi32

AreAnyAccessesGranted
GetTraceEnableFlags
CopySid
RegQueryValueExW
InitializeSecurityDescriptor
SetNamedSecurityInfoW
RegOpenKeyW
ConvertStringSidToSidW
GetKernelObjectSecurity
DestroyPrivateObjectSecurity
LsaCreateTrustedDomainEx
LsaAddAccountRights
GetTraceLoggerHandle
BackupEventLogW
SetSecurityInfo
SetServiceStatus
AreAllAccessesGranted
RegUnLoadKeyA
WmiDevInstToInstanceNameW
TraceMessage
SetTokenInformation
CryptSetHashParam

Sections

.data
Size: 1024B - Virtual size: 937B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 182KB - Virtual size: 635KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 125KB - Virtual size: 324KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 219KB - Virtual size: 255KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 205KB - Virtual size: 422KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0d4e13490b8486ee44326dc3c1883509

Headers

DLL Characteristics

File Characteristics

Imports

imm32

kernel32

msvcrt

cfgmgr32

crypt32

rasapi32

advapi32

Sections

.data Size: 1024B - Virtual size: 937B

.rdata Size: 1KB - Virtual size: 1KB

.text Size: 182KB - Virtual size: 635KB

.rdata Size: 125KB - Virtual size: 324KB

.idata Size: 219KB - Virtual size: 255KB

.edata Size: 205KB - Virtual size: 422KB

.rsrc Size: 160KB - Virtual size: 159KB

.reloc Size: 1KB - Virtual size: 1KB

.data
Size: 1024B - Virtual size: 937B

.rdata
Size: 1KB - Virtual size: 1KB

.text
Size: 182KB - Virtual size: 635KB

.rdata
Size: 125KB - Virtual size: 324KB

.idata
Size: 219KB - Virtual size: 255KB

.edata
Size: 205KB - Virtual size: 422KB

.rsrc
Size: 160KB - Virtual size: 159KB

.reloc
Size: 1KB - Virtual size: 1KB