99fb1613722005ab972c4e597f6698154ecdf8b405080145e30cf5897877fd13

Sharing

Copy URL

Twitter E-mail

General

Target

99fb1613722005ab972c4e597f6698154ecdf8b405080145e30cf5897877fd13
Size

49KB
MD5

73f374a6f0eabdd11f7f1e883b47771f
SHA1

bd53064dea3c61f7c9718777e726ad923bb040d4
SHA256

99fb1613722005ab972c4e597f6698154ecdf8b405080145e30cf5897877fd13
SHA512

088b4fbca15312f8e0b1aedab978d0f463ea59535e6b327ff6f6d5f02da71e61c603a200883e9e3ff542dc985b079eefe6e0c92eb124ff315e5f3e05a91557ee
SSDEEP

768:wca/lDAVIkShAYjbBiQB4mbCodMyUAjc3E7pkqPc65Jz7jxirZAZ3tZtKoUVb:wca/JAVkKYPB7B4Pwz+aLz7jPZ3tBEb

Score

N/A

Malware Config

Signatures

Files

99fb1613722005ab972c4e597f6698154ecdf8b405080145e30cf5897877fd13
.exe windows x86

9ba0a4c967d7bfae442d402beebbd735

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

fgets
memset
_sleep
_ungetch
fread
fsetpos
memchr
_mbcjmstojis
_wpgmptr
_mktemp
_j1
wcschr
_gmtime64
_wputenv
__p__winver
frexp
atan
_ismbbkpunct
_local_unwind2
_mbcjistojms
wcsftime
_execvp

crypt32

I_CryptWalkAllLruCacheEntries
CertEnumCertificatesInStore
CertAddCRLContextToStore
CertCreateCRLContext
I_CertProtectFunction
CertGetStoreProperty
CryptFindCertificateKeyProvInfo
CertSetCertificateContextProperty
CertVerifyTimeValidity
CryptMemAlloc
CryptCreateKeyIdentifierFromCSP
CertEnumCRLsInStore
CertIsRDNAttrsInCertificateName
CryptSIPRetrieveSubjectGuidForCatalogFile
CertFindAttribute
CertGetNameStringW
CertOpenStore
CryptEnumProvidersU
CertSaveStore
CryptSIPPutSignedDataMsg
CryptVerifyCertificateSignatureEx
CertCompareIntegerBlob
CertGetIssuerCertificateFromStore
CreateFileU

psapi

InitializeProcessForWsWatch
QueryWorkingSet
GetModuleFileNameExW
GetModuleInformation
GetPerformanceInfo
GetMappedFileNameA
GetProcessImageFileNameW
EnumDeviceDrivers
GetDeviceDriverFileNameW
GetProcessImageFileNameA
GetModuleBaseNameW
GetDeviceDriverBaseNameW
GetDeviceDriverBaseNameA
EmptyWorkingSet
GetModuleBaseNameA
GetModuleFileNameExA
GetProcessMemoryInfo
EnumProcesses

kernel32

WideCharToMultiByte
WriteProfileStringA
GetVolumePathNamesForVolumeNameW
FindActCtxSectionGuid
GetConsoleAliasW
FillConsoleOutputAttribute
IsValidCodePage
InitializeCriticalSection
VirtualAlloc
OpenFile
InvalidateConsoleDIBits
OpenSemaphoreW
DosPathToSessionPathW
GetTimeZoneInformation
OpenWaitableTimerA
GetProcessVersion
TlsSetValue
GetCurrentConsoleFont
GetFileAttributesExW
LoadLibraryA
DisconnectNamedPipe
GetVolumePathNameW
PrivMoveFileIdentityW
GetCompressedFileSizeW
GetTickCount
WaitForSingleObject
SetEndOfFile
EnumerateLocalComputerNamesW
SetCommTimeouts
GetConsoleAliasExesW

comdlg32

ChooseFontW
LoadAlterBitmap
ReplaceTextW
ChooseFontA
ChooseColorA
PageSetupDlgA
CommDlgExtendedError
GetFileTitleA
ChooseColorW
PrintDlgW
GetOpenFileNameA
GetSaveFileNameW
FindTextA
GetOpenFileNameW
Ssync_ANSI_UNICODE_Struct_For_WOW
GetFileTitleW
dwLBSubclass

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9ba0a4c967d7bfae442d402beebbd735

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

crypt32

psapi

kernel32

comdlg32

Sections

.text Size: 40KB - Virtual size: 40KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 7KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 40KB - Virtual size: 40KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 7KB

.rsrc
Size: 1KB - Virtual size: 1KB