ca6cf98d82c9bc6157414c14f9d7cc828683f7ea1d0eeede4e3ab0a6765542fd

Sharing

Copy URL Twitter E-mail

General

Target

ca6cf98d82c9bc6157414c14f9d7cc828683f7ea1d0eeede4e3ab0a6765542fd
Size

321KB
MD5

21004a6e1fd4f9303f178e5e661871df
SHA1

26c0d19cbfe41b247efd3a1c0b417346480e6bfb
SHA256

ca6cf98d82c9bc6157414c14f9d7cc828683f7ea1d0eeede4e3ab0a6765542fd
SHA512

1b63303e40e99ad948eb989243ca207fbcdce7e093a33c38b3530f3d6e5ddfdcfa8da51b0f864353a6c09324b8f6a6d0cc393cfd234fcb10f2012c9f7fea9fcf
SSDEEP

6144:RS7DQbF4STaLTprrDQITArJXEkhwqJAgxSSJDWM+i6qZAxavc:8PQR4HLT1RKJXyqJLFWEtZAAU

Score

N/A

Malware Config

Signatures

Files

ca6cf98d82c9bc6157414c14f9d7cc828683f7ea1d0eeede4e3ab0a6765542fd
.exe windows x86

43fdd17efbff30208d525ae8d660595d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

UnhandledExceptionFilter
LocalFree
MapViewOfFile
DeleteFileW
RaiseException
ReadFile
FreeLibrary
WideCharToMultiByte
LocalAlloc
SetUnhandledExceptionFilter
GetSystemInfo
CreateFileA
CreateEventW
OpenFileMappingW
ReadProcessMemory
CreateDirectoryW
HeapReAlloc
DeleteCriticalSection
SetWaitableTimer
FindNextFileW
UnmapViewOfFile
MoveFileExW
OpenProcess
HeapFree
ExpandEnvironmentStringsW
CreateFileMappingW
GetCurrentThreadId
WaitForSingleObject
HeapSize
GetSystemDirectoryW
Module32NextW
WriteFile
HeapAlloc
GetSystemTime
CreateToolhelp32Snapshot
GetModuleHandleW
SizeofResource
IsDebuggerPresent
CreateThread
GlobalLock
CreateEventA
FindClose
LockResource
GetSystemTimeAsFileTime
CreateFileW
CreateMutexW
FormatMessageW
CloseHandle
Module32FirstW
LeaveCriticalSection
EnterCriticalSection
CreateProcessW
InitializeCriticalSectionAndSpinCount
FindResourceExW
SetThreadPriority
ProcessIdToSessionId
GlobalMemoryStatus
FindFirstFileW
GetFileSize
GlobalAlloc
SetLastError
GlobalUnlock
GlobalFree
GetProcessHeap
CopyFileW
WaitForMultipleObjects
GetCommandLineW
TerminateThread
HeapDestroy
CreateWaitableTimerW
SetFilePointer
LoadResource
GetLocalTime
ReleaseMutex
ResumeThread
FindResourceW
VirtualAllocEx

psapi

EnumProcessModules
EnumProcesses
GetModuleFileNameExW

user32

MessageBoxW
SetWindowLongW

shell32

SHCreateDirectoryExW
SHGetFolderPathW

advapi32

RegCreateKeyExW
RegSetValueExW
SetEntriesInAclW
InitializeSid
CryptHashData
StartServiceCtrlDispatcherW
CryptCreateHash
GetAce
DuplicateTokenEx
SetServiceStatus
CryptReleaseContext
RegCloseKey
GetUserNameW
GetSidLengthRequired
SetSecurityDescriptorGroup
InitializeAcl
AddAccessAllowedAce
RegisterServiceCtrlHandlerW
AddAce
GetSidSubAuthority
GetNamedSecurityInfoW
FreeSid
CryptAcquireContextW
OpenProcessToken
ImpersonateLoggedOnUser
RegQueryInfoKeyW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegEnumKeyW
RegOpenKeyExW
RegQueryValueExW
CryptGetHashParam
CryptDestroyHash
RegDeleteValueW
GetSidIdentifierAuthority
AllocateAndInitializeSid
RegEnumValueW
RegEnumKeyExW
GetLengthSid
GetSidSubAuthorityCount
SetNamedSecurityInfoW
RevertToSelf
LogonUserW
GetAclInformation

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

wintrust

CryptCATAdminReleaseCatalogContext
WinVerifyTrust
CryptCATAdminReleaseContext
CryptCATAdminCalcHashFromFileHandle
CryptCATCatalogInfoFromContext
CryptCATAdminAcquireContext
CryptCATAdminEnumCatalogFromHash

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime

shlwapi

PathUnquoteSpacesW
PathRemoveExtensionW
SHDeleteKeyW
PathStripPathW
PathAppendW
PathFindFileNameW
PathRemoveBlanksW
PathFileExistsW
PathIsUNCServerShareW
SHDeleteEmptyKeyW
PathRemoveFileSpecW

comctl32

CreateStatusWindow
ImageList_GetImageInfo
FlatSB_GetScrollInfo
ImageList_LoadImage
CreateStatusWindowW
InitCommonControls

atmlib

ATMEnumMMFontsA
ATMGetOutline
ATMGetPostScriptNameA
ATMRemoveFontA
ATMProperlyLoaded
ATMFinish
ATMEnumFontsA
ATMGetFontBBox
ATMGetFontInfoA

Sections

.text
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: 32KB - Virtual size: 755KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 178KB - Virtual size: 564KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 65KB - Virtual size: 305KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

43fdd17efbff30208d525ae8d660595d

Headers

File Characteristics

Imports

kernel32

psapi

user32

shell32

advapi32

version

wintrust

oleaut32

shlwapi

comctl32

atmlib

Sections

.text Size: 21KB - Virtual size: 20KB

.bss Size: 32KB - Virtual size: 755KB

.reloc Size: 178KB - Virtual size: 564KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 65KB - Virtual size: 305KB

.rsrc Size: 18KB - Virtual size: 136KB

.text
Size: 21KB - Virtual size: 20KB

.bss
Size: 32KB - Virtual size: 755KB

.reloc
Size: 178KB - Virtual size: 564KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 65KB - Virtual size: 305KB

.rsrc
Size: 18KB - Virtual size: 136KB