c80805baf7992d6061aeab3b9cba926c17761b5b7490c6fd817703279b8c8f52

Sharing

Copy URL Twitter E-mail

General

Target

c80805baf7992d6061aeab3b9cba926c17761b5b7490c6fd817703279b8c8f52
Size

786KB
MD5

9e9ff1a48a3decccb7bd017784c45cb5
SHA1

59f3c5c21b6f173a0dfcbc1bfff2e8af1edcb1ed
SHA256

c80805baf7992d6061aeab3b9cba926c17761b5b7490c6fd817703279b8c8f52
SHA512

43ccf189dbbb76ffe115260e299adde0839195f79c9c9c36c507aad1e183e247c8d9d48d97e7e97e010db80703669e064c5eb94851e3d16f4bddf872cdcf2c69
SSDEEP

12288:SFxjvKaPUpVABTgxXN/uFJ8MSSlEe1Jk9+PDIU6PIh1d/liUPc:8PMnAB2bMSu1Jt6Ah1d9b

Score

N/A

Malware Config

Signatures

Files

c80805baf7992d6061aeab3b9cba926c17761b5b7490c6fd817703279b8c8f52
.exe windows x86

73d009f03434ed9c98cafe07f568a607

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcrt

_wfopen
_local_unwind2
srand
_wgetcwd
_wstrdate
clock
_acmdln
ungetwc
_CxxThrowException
_mktemp
wcstoul
localtime
calloc
_adjust_fdiv
abort
?set_terminate@@YAP6AXXZP6AXXZ@Z
iswalpha
__badioinfo

advapi32

GetCurrentHwProfileW
RegEnumValueA
StopTraceW
DeleteAce
CreateServiceA
OpenServiceA
AddAuditAccessAce
CryptEnumProvidersA
QueryRecoveryAgentsOnEncryptedFile
EqualSid
CreatePrivateObjectSecurity
CreatePrivateObjectSecurityEx
RegDeleteValueW
RegReplaceKeyW
SetEntriesInAclW
WmiSetSingleInstanceW
RegQueryValueW
GetTraceLoggerHandle
CreateRestrictedToken
GetTokenInformation
UnlockServiceDatabase
EnumServicesStatusExA
SetKernelObjectSecurity
CryptAcquireContextW
StartServiceCtrlDispatcherW
EqualPrefixSid
OpenThreadToken
InitiateSystemShutdownW

rpcrt4

NdrDllUnregisterProxy
I_RpcBindingIsClientLocal
MesEncodeIncrementalHandleCreate
RpcMgmtInqStats
RpcBindingSetAuthInfoW
NdrGetUserMarshalInfo
RpcMgmtWaitServerListen
MesBufferHandleReset
UuidCreate
RpcMgmtInqServerPrincNameW
RpcMgmtSetCancelTimeout
RpcBindingInqObject
RpcServerRegisterIf2
RpcBindingInqAuthInfoExW
RpcBindingCopy
RpcServerUnregisterIf

tapi32

tapiGetLocationInfoW
lineOpen
lineGetCallInfoA
lineAccept
lineGetCallStatus
lineMakeCall
lineClose
lineMakeCallA
lineSetDevConfigA
lineGetID
lineInitializeExW
lineDeallocateCall
lineGetTranslateCapsW
lineTranslateDialogW
lineConfigDialogW
lineTranslateAddressW
lineGetDevConfigA
lineShutdown
lineInitializeExA
lineOpenW
lineConfigDialog
lineGetAddressCapsA
lineNegotiateExtVersion
lineAnswer
lineGetIDA
lineInitialize
lineGetDevCaps
lineNegotiateAPIVersion
lineSetCurrentLocation

crypt32

CryptMsgVerifyCountersignatureEncoded

kernel32

GlobalUnlock
SetConsoleCtrlHandler
RtlUnwind
LoadLibraryExA
VirtualAlloc
GetEnvironmentVariableW
DeleteAtom
WaitForMultipleObjectsEx
MapViewOfFile
GetWindowsDirectoryW
DeleteVolumeMountPointA
CmdBatNotification
GetStringTypeExA
CreateMutexW
UnlockFile
GetConsoleTitleW
IsDebuggerPresent
lstrcmpiW
FindClose
ResetWriteWatch
GetCommMask
_hread
TlsGetValue
SetConsoleTextAttribute
GetConsoleCP
WritePrivateProfileStructA
InitializeCriticalSectionAndSpinCount
DosPathToSessionPathW
DeleteTimerQueueTimer
WaitForDebugEvent
GetFileSizeEx
VirtualLock
IsValidCodePage
ScrollConsoleScreenBufferA
WTSGetActiveConsoleSessionId

gdi32

EngFillPath
CreateBitmapIndirect
CreateICW
CancelDC
CloseFigure
CombineRgn
ExtTextOutW
StartDocW
EngLockSurface
EngAlphaBlend
PolyPolygon
EnumFontFamiliesA
MoveToEx
AbortDoc
AbortPath
EngAssociateSurface
CreateFontIndirectW
DeleteObject
STROBJ_bEnum
SetDeviceGammaRamp
IntersectClipRect
StretchBlt
GetTextMetricsW
GdiEndDocEMF
GetCharABCWidthsA
RoundRect
GetViewportOrgEx
EngFreeModule

Sections

.data
Size: 1024B - Virtual size: 685B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 28KB - Virtual size: 424KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: 207KB - Virtual size: 356KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

DATA
Size: 75KB - Virtual size: 253KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

DATA
Size: 312KB - Virtual size: 379KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 262B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

73d009f03434ed9c98cafe07f568a607

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

advapi32

rpcrt4

tapi32

crypt32

kernel32

gdi32

Sections

.data Size: 1024B - Virtual size: 685B

.rdata Size: 1024B - Virtual size: 848B

.text Size: 28KB - Virtual size: 424KB

.bss Size: 207KB - Virtual size: 356KB

DATA Size: 75KB - Virtual size: 253KB

DATA Size: 312KB - Virtual size: 379KB

.rsrc Size: 160KB - Virtual size: 159KB

.reloc Size: 1024B - Virtual size: 262B

.data
Size: 1024B - Virtual size: 685B

.rdata
Size: 1024B - Virtual size: 848B

.text
Size: 28KB - Virtual size: 424KB

.bss
Size: 207KB - Virtual size: 356KB

DATA
Size: 75KB - Virtual size: 253KB

DATA
Size: 312KB - Virtual size: 379KB

.rsrc
Size: 160KB - Virtual size: 159KB

.reloc
Size: 1024B - Virtual size: 262B