c3ee5201eb65ed1473a4113919f9f8cfbe47e3166fdee64f1e3f9e9bd96c6301

Sharing

Copy URL Twitter E-mail

General

Target

c3ee5201eb65ed1473a4113919f9f8cfbe47e3166fdee64f1e3f9e9bd96c6301
Size

827KB
MD5

35bb6a5ee55ae4214628b5947c1d2a2a
SHA1

bff3e0bc1caecdf1c71cf6972dd201d511a59b73
SHA256

c3ee5201eb65ed1473a4113919f9f8cfbe47e3166fdee64f1e3f9e9bd96c6301
SHA512

375e1cdd8ee65fd06bafb2579d91e2578d05612bfe00ee07cfe71aafdce4e004424b1e345bcc16aad584b77c5a13de86a78395b10761394e258e6addeb4cfd9e
SSDEEP

12288:P81UXfPbhz1a8Rk4pYEsSuLrbmBbuNFBeaVzH2XiP3FQS+4+y77yxZeSzRju4+Uv:U6ffbIRjLX0CpX2yfFQ/GklA0LZ

Score

N/A

Malware Config

Signatures

Files

c3ee5201eb65ed1473a4113919f9f8cfbe47e3166fdee64f1e3f9e9bd96c6301
.exe windows x86

4a8838e82d26d286dc15df11fd489bc2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetThreadExecutionState
MapUserPhysicalPages
LoadLibraryW
ReadConsoleA
FreeEnvironmentStringsW
EscapeCommFunction
WritePrivateProfileSectionA
GetVolumePathNameA
FindVolumeMountPointClose
GlobalAddAtomA
RemoveDirectoryA
EndUpdateResourceW
GetWindowsDirectoryW
VerifyVersionInfoA
LZInit
LocalFileTimeToFileTime
CreateActCtxW
LoadLibraryExA
GetModuleHandleA
TlsSetValue
OpenProcess
GetOEMCP
SetTapePosition
GetFileInformationByHandle
DefineDosDeviceA
GetConsoleAliasExesW
GetFileSizeEx
GetConsoleWindow
SetConsoleOutputCP
ScrollConsoleScreenBufferA

comctl32

CreateToolbar
CreateStatusWindowW
ImageList_AddMasked
ImageList_DragLeave
ImageList_GetDragImage
ImageList_Replace
GetEffectiveClientRect
DestroyPropertySheetPage
FlatSB_GetScrollProp
ImageList_Read
ImageList_LoadImageA
DrawStatusTextW
InitMUILanguage
ImageList_DragMove

crypt32

CertComparePublicKeyInfo
CryptRegisterDefaultOIDFunction
CertOpenSystemStoreA
CertFindChainInStore
RegCreateKeyExU
CertCompareCertificate
I_CryptWalkAllLruCacheEntries
I_CryptInstallAsn1Module
I_CryptFindSmartCardCertInStore
CertSetCRLContextProperty
CertAddStoreToCollection
CryptVerifySignatureU
CryptMsgSignCTL
CryptSIPRetrieveSubjectGuidForCatalogFile
I_CryptFreeLruCache
I_CryptRegisterSmartCardStore
CryptVerifyDetachedMessageHash
I_CryptGetAsn1Encoder
CertEnumSubjectInSortedCTL
CryptVerifyDetachedMessageSignature
PFXExportCertStoreEx
CertSaveStore
CertNameToStrA
CertCreateContext

wintrust

WVTAsn1SpcMinimalCriteriaInfoDecode
CryptSIPPutSignedDataMsg
mssip32DllRegisterServer
HTTPSCertificateTrust
WTHelperIsInRootStore
CryptSIPVerifyIndirectData
WTHelperGetFileName
CryptCATCDFEnumCatAttributes
CryptCATAdminReleaseContext
CryptCATGetAttrInfo
CryptCATVerifyMember
CryptCATCDFEnumMembers
TrustDecode
WintrustGetDefaultForUsage
WintrustGetRegPolicyFlags
CryptCATAdminPauseServiceForBackup
IsCatalogFile
SoftpubCleanup
CryptCATAdminEnumCatalogFromHash
WTHelperGetAgencyInfo
WVTAsn1CatNameValueDecode
CryptCATEnumerateCatAttr
WintrustRemoveActionID
CryptCATCDFEnumMembersByCDFTag
DriverInitializePolicy
TrustFindIssuerCertificate
AddPersonalTrustDBPages
WVTAsn1SpcIndirectDataContentDecode

clusapi

FailClusterResource
ClusterNodeCloseEnum
ClusterRegSetKeySecurity
GetClusterFromNetInterface
RestoreClusterDatabase
GetClusterResourceState
ClusterNodeControl
OnlineClusterResource
GetClusterNetworkKey
GetClusterNodeId
CreateClusterResource
GetClusterNetInterfaceKey
ClusterGroupControl
ClusterControl
ClusterNodeOpenEnum
ClusterNodeGetEnumCount
ChangeClusterResourceGroup
RemoveClusterResourceNode
ClusterGroupEnum
GetClusterQuorumResource
ClusterRegDeleteKey
ClusterResourceGetEnumCount
GetClusterResourceNetworkName
CloseClusterGroup
GetClusterNetworkState
CreateClusterResourceType
DeleteClusterResource

netapi32

NetDfsSetInfo
NetGroupAdd
NetDfsAddStdRootForced
NetpAssertFailed
NetDfsAddFtRoot
DsGetDcNameA
NetReplImportDirAdd
NetReplExportDirUnlock
DsRoleDemoteDc
DsRoleCancel
NetDfsGetClientInfo
NetServerEnum
I_NetLogonSendToSam
NetDfsGetInfo

Sections

.text
Size: 396KB - Virtual size: 396KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 138KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 157KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 133KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 836B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4a8838e82d26d286dc15df11fd489bc2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

comctl32

crypt32

wintrust

clusapi

netapi32

Sections

.text Size: 396KB - Virtual size: 396KB

.rdata Size: 138KB - Virtual size: 138KB

.data Size: 157KB - Virtual size: 1.6MB

.rsrc Size: 133KB - Virtual size: 132KB

.reloc Size: 1024B - Virtual size: 836B

.text
Size: 396KB - Virtual size: 396KB

.rdata
Size: 138KB - Virtual size: 138KB

.data
Size: 157KB - Virtual size: 1.6MB

.rsrc
Size: 133KB - Virtual size: 132KB

.reloc
Size: 1024B - Virtual size: 836B