a9660d8f0b8de3cf8bcb435a0ca01670f56497ec7d159311cead9b6071b2212c

Sharing

Copy URL

Twitter E-mail

General

Target

a9660d8f0b8de3cf8bcb435a0ca01670f56497ec7d159311cead9b6071b2212c
Size

289KB
MD5

52b33eba407194f6ac47455a11589c3b
SHA1

55df5a3ddc6ef8e329bbdc0d99e8171ff77aab8d
SHA256

a9660d8f0b8de3cf8bcb435a0ca01670f56497ec7d159311cead9b6071b2212c
SHA512

1bb969328e14720ec43932ba39930adddc88bd027b3dc141d041d748a16aefe1ec515a187a579db0d8cffaf6b7b1d523c7765a208533f067510951c80c52d6ad
SSDEEP

6144:Z4LDrJOtgg++dz2DTCUw8ikbWnk+Gc1Q/KlXNL6+EFKc:KLW+p4Jkb9+GTKldZMj

Score

N/A

Malware Config

Signatures

Files

a9660d8f0b8de3cf8bcb435a0ca01670f56497ec7d159311cead9b6071b2212c
.exe windows x86

56020379cf47c80aedfe560028792555

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetLastError
GetOEMCP
GetSystemTimeAsFileTime
LeaveCriticalSection
VirtualAlloc
FindFirstFileA
UnhandledExceptionFilter
GetModuleHandleA
GetSystemInfo
SetStdHandle
GetFileType
GetACP
DeleteCriticalSection
VirtualFree
HeapAlloc
LCMapStringA
GetThreadLocale
TlsGetValue
SetUnhandledExceptionFilter
WideCharToMultiByte
TlsFree
LCMapStringW
SetFilePointer
WriteFile
SetEndOfFile
HeapFree
DeleteFileA
GetStdHandle
CreateFileA
HeapSize
HeapDestroy
SetEnvironmentVariableA
SetHandleCount
GetCommandLineA
GetFullPathNameA
CompareStringA
WaitForSingleObject
EnterCriticalSection
ReleaseMutex
FreeLibrary
RaiseException
RtlUnwind
CloseHandle
FileTimeToSystemTime
FlushFileBuffers
FreeEnvironmentStringsW
GetCurrentThreadId
GetTimeZoneInformation
TlsAlloc
CompareStringW
lstrcmpiA
IsBadCodePtr
VirtualProtect
TlsSetValue
LoadLibraryExA
CreateMutexA
ReadFile
GetDriveTypeA
FindClose
FreeEnvironmentStringsA
GetCurrentDirectoryA
HeapReAlloc
VirtualQuery
GetLocalTime

user32

GetSystemMetrics

advapi32

RegOpenKeyExA
GetSidSubAuthority
AddAccessAllowedAce
RegCloseKey
InitializeSid
InitializeSecurityDescriptor
IsValidSecurityDescriptor
RegQueryValueExA
InitializeAcl
GetSidLengthRequired
SetSecurityDescriptorDacl

shlwapi

PathAppendA

esent

JetCreateIndex
JetDupCursor
JetEscrowUpdate
JetPrepareToCommitTransaction
JetGetLogInfoInstance
JetBeginExternalBackupInstance
JetStopBackupInstance
JetBeginTransaction2
JetRollback
JetSetColumnDefaultValue
JetSetColumn
JetRestore
JetRetrieveKey

mspatcha

ApplyPatchToFileA

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 256KB - Virtual size: 505KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

56020379cf47c80aedfe560028792555

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

esent

mspatcha

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 256KB - Virtual size: 505KB

.rsrc Size: 4KB - Virtual size: 4KB

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 256KB - Virtual size: 505KB

.rsrc
Size: 4KB - Virtual size: 4KB