c7ac0b977711c843dadad142f3f83db17dbf9293b61a8fdbf67b2837602adfd7

Sharing

Copy URL Twitter E-mail

General

Target

c7ac0b977711c843dadad142f3f83db17dbf9293b61a8fdbf67b2837602adfd7
Size

822KB
MD5

a4377edf048c63977fa8691f2a735a47
SHA1

7b42062fc6d1cc5652c8c7c810f8fa63819a4070
SHA256

c7ac0b977711c843dadad142f3f83db17dbf9293b61a8fdbf67b2837602adfd7
SHA512

6f9ad2d9c2bc87c5bc9cca00f2379a1e780d567d0b48a327c28bb781eb35d967d462cdd8f1802ea21d558d5c174ef0d2a6186a39daeceafe53eb1b3afd4d906b
SSDEEP

24576:+jEh7fX926WRGyQSIqMjvFnIfYPVXVr2vlh9gKCLE:+QtfX9SkJFnIfWVXVr2lh

Score

N/A

Malware Config

Signatures

Files

c7ac0b977711c843dadad142f3f83db17dbf9293b61a8fdbf67b2837602adfd7
.exe windows x86

b0a12a837ce8a91473c65e749b3c7f02

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

imagehlp

MapDebugInformation
SymRegisterCallback
ImageUnload
ImagehlpApiVersion
SymMatchString
SymUnDName64
ImageGetCertificateHeader
SetImageConfigInformation
RemovePrivateCvSymbolic
SymLoadModule64
SymUnDName
UpdateDebugInfoFile
ImageGetDigestStream
StackWalk64
SymEnumerateModules
SplitSymbols
ImageAddCertificate
SearchTreeForFile
SymGetModuleInfoW
SymGetSymNext64
SymRegisterFunctionEntryCallback
UpdateDebugInfoFileEx
TouchFileTimes
SymSetContext
MapFileAndCheckSumW
CheckSumMappedFile

winsta

WinStationNameFromLogonIdA
WinStationConnectCallback
_WinStationNotifyDisconnectPipe
_WinStationShadowTarget
WinStationEnumerate_IndexedW
WinStationGenerateLicense
_WinStationNotifyLogoff
ServerQueryInetConnectorInformationA
WinStationConnectA
_WinStationReadRegistry
LogonIdFromWinStationNameW
ServerLicensingOpenW
WinStationRenameA
_WinStationUpdateUserConfig
WinStationQueryInformationA
_WinStationAnnoyancePopup
WinStationNameFromLogonIdW
ServerLicensingGetPolicyInformationW
ServerLicensingSetPolicy
WinStationGetProcessSid
_WinStationNotifyNewSession
ServerLicensingUnloadPolicy
WinStationRenameW
WinStationShutdownSystem
WinStationSendMessageA
_NWLogonQueryAdmin
_WinStationGetApplicationInfo
WinStationGetLanAdapterNameA
WinStationQueryUpdateRequired
WinStationFreeGAPMemory

resutils

ResUtilSetResourceServiceStartParameters
ResUtilGetResourceName
ResUtilStopService
ResUtilGetPrivateProperties
ResUtilFindLongProperty
ResUtilFindMultiSzProperty
ResUtilDupString
ResUtilSetBinaryValue
ResUtilGetSzProperty
ClusWorkerStart
ClusWorkerCheckTerminate
ResUtilFindSzProperty
ResUtilGetMultiSzProperty

kernel32

CreateJobObjectW
lstrcpyA
ActivateActCtx
RemoveVectoredExceptionHandler
SetVolumeLabelA
GetLocaleInfoA
SetConsoleInputExeNameA
VerLanguageNameA
ContinueDebugEvent
LoadLibraryW
GetCurrentThread
DebugSetProcessKillOnExit
SetErrorMode
GetBinaryType
GetModuleHandleA
lstrcpy
SetCommMask
RemoveDirectoryA
InterlockedExchangeAdd
GetThreadPriority

oleaut32

VarUI4FromI1
VarUI1FromUI2
VarSub
OleCreatePropertyFrame
VarBoolFromDec
OleLoadPictureFileEx
VarBstrFromI1
VarUI8FromCy
VarI2FromI4
VarI4FromDisp
VarDecNeg
VarUI2FromStr
VarDecSub

mscat32

CryptCATAdminAcquireContext
CryptCATCDFEnumMembersByCDFTag
CryptCATCDFClose
CryptCATEnumerateMember
CatalogCompactHashDatabase
CryptCATOpen
DllRegisterServer
CryptCATEnumerateCatAttr
CryptCATPutMemberInfo

Sections

.text
Size: 364KB - Virtual size: 364KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 138KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 165KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 852B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b0a12a837ce8a91473c65e749b3c7f02

Headers

DLL Characteristics

File Characteristics

Imports

imagehlp

winsta

resutils

kernel32

oleaut32

mscat32

Sections

.text Size: 364KB - Virtual size: 364KB

.rdata Size: 138KB - Virtual size: 137KB

.data Size: 165KB - Virtual size: 1.6MB

.rsrc Size: 152KB - Virtual size: 152KB

.reloc Size: 1024B - Virtual size: 852B

.text
Size: 364KB - Virtual size: 364KB

.rdata
Size: 138KB - Virtual size: 137KB

.data
Size: 165KB - Virtual size: 1.6MB

.rsrc
Size: 152KB - Virtual size: 152KB

.reloc
Size: 1024B - Virtual size: 852B