a59903752f2cdb99c217aef8c9ffeea65e7d9355a3f3874840efbbf03036d6c7

Sharing

Copy URL

Twitter E-mail

General

Target

a59903752f2cdb99c217aef8c9ffeea65e7d9355a3f3874840efbbf03036d6c7
Size

333KB
MD5

beb1891ef5f622adcf8e4ca2394299f6
SHA1

9fc668addccc723d3ffc6493e1d214cbbb6755da
SHA256

a59903752f2cdb99c217aef8c9ffeea65e7d9355a3f3874840efbbf03036d6c7
SHA512

c0f7ac167bbba14152d162813b130ba50a6fe06bcd47f451468a0ac2f64cd188cb6a3676b16c22c8190b0edcb9b8a6f1262ab076c9a39c6213cfab7117df6eeb
SSDEEP

6144:yKunelrO5BdNiWK9kPWXButhIEOgMrZkld+8FI5jJkLklCVJIaUCP:8e05BDufWLQZAU5qLhdP

Score

N/A

Malware Config

Signatures

Files

a59903752f2cdb99c217aef8c9ffeea65e7d9355a3f3874840efbbf03036d6c7
.exe windows x86

d68c80ae21830bedb657db1b69faed04

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

rtm

RtmDeregisterFromChangeNotification
RtmBlockConvertRoutesToStatic
RtmGetLessSpecificDestination
RtmAddRouteToDest
RtmCreateRouteEnum
SearchInTable
MgmDeleteGroupMembershipEntry
RtmReadInstanceConfig
MgmGetMfe
MgmGetFirstMfe
MgmGroupEnumerationStart
RtmReleaseEntityInfo
RtmGetRouteAge
RtmReleaseEntities
EnumOverTable
RtmDeleteNextHop
RtmDeregisterEntity
RtmReadAddressFamilyConfig
RtmGetExactMatchDestination
RtmGetOpaqueInformationPointer
MgmGetNextMfeStats
InsertIntoTable
RtmIsBestRoute
MgmDeInitialize
RtmRegisterForChangeNotification

kernel32

CreateMailslotW
ReadConsoleOutputCharacterA
ResumeThread
CancelTimerQueueTimer
LoadLibraryA
FillConsoleOutputAttribute
VirtualAlloc
HeapCreate
SetConsolePalette
WriteConsoleOutputCharacterW
DebugBreakProcess
ReadConsoleOutputAttribute
WaitCommEvent
CreateDirectoryExA
GetConsoleAliasesLengthW
GetEnvironmentStringsW
GetVolumePathNameW
DeleteFileA
DuplicateHandle
LZInit
GetNumberFormatW
GlobalHandle
DisconnectNamedPipe
GetPrivateProfileStringW
DosPathToSessionPathA
SetCommMask
FindFirstVolumeMountPointW

duser

GetStdColorPenF
SetGadgetStyle
SetGadgetScale
SetGadgetFillI
UnregisterGadgetMessage
DUserGetAlphaPRID
GetGadgetRotation
WaitMessageEx
DUserRegisterGuts
BuildInterpolation
PeekMessageExA
GetGadgetSize
AttachWndProcA
UtilBuildFont
DUserPostMethod
SetGadgetFocus
AutoTrace
GetGadgetStyle
GetStdColorF
DeleteHandle
RemoveGadgetProperty
DUserFindClass

wintrust

SoftpubCleanup
WTHelperGetAgencyInfo
WVTAsn1SpcFinancialCriteriaInfoDecode
WVTAsn1SpcLinkDecode
WTHelperGetFileHash
TrustFreeDecode
TrustIsCertificateSelfSigned
WintrustGetRegPolicyFlags
mscat32DllRegisterServer
mssip32DllUnregisterServer
FindCertsByIssuer
CryptCATClose
WVTAsn1SpcSigInfoDecode
WTHelperCheckCertUsage
CryptCATAdminPauseServiceForBackup

Sections

.text
Size: 277KB - Virtual size: 276KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 408KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d68c80ae21830bedb657db1b69faed04

Headers

File Characteristics

Imports

rtm

kernel32

duser

wintrust

Sections

.text Size: 277KB - Virtual size: 276KB

.rdata Size: 32KB - Virtual size: 32KB

.data Size: 4KB - Virtual size: 408KB

.rsrc Size: 18KB - Virtual size: 18KB

.text
Size: 277KB - Virtual size: 276KB

.rdata
Size: 32KB - Virtual size: 32KB

.data
Size: 4KB - Virtual size: 408KB

.rsrc
Size: 18KB - Virtual size: 18KB