438645ef0aca00404753ace410ca2c53fdfb2409da4718b034c9d75d04663864

Sharing

Copy URL Twitter E-mail

General

Target

438645ef0aca00404753ace410ca2c53fdfb2409da4718b034c9d75d04663864
Size

733KB
MD5

a526b399380e069c7efbbf3c50e9f3c6
SHA1

71ddd155f63c86c62a6d8fae365a56c66b40c8ce
SHA256

438645ef0aca00404753ace410ca2c53fdfb2409da4718b034c9d75d04663864
SHA512

68d7e1673094fcdd9bb72cacc307ebc3734882a05b9ff2abfd4e0c754035c89fd6424fa63d71281d98c504b3bbad2aea0abf4fa8810e13f303af6b30929eac92
SSDEEP

12288:bPvuxm+vOMk219CWY3xavWyZ/mEscVYD81RojP4k5lSiwAAp8Ta8iaPpZ/KIkbpB:rMbOw1UWbD7n0p5EpSa83pIICoHK

Score

N/A

Malware Config

Signatures

Files

438645ef0aca00404753ace410ca2c53fdfb2409da4718b034c9d75d04663864
.exe windows x86

f8c2c365b6a23ea6b114fd87dda84a5d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

SearchPathA
GetCurrentProcessId
WaitForMultipleObjectsEx
ProcessIdToSessionId
GetFileAttributesA
BeginUpdateResourceW
RemoveDirectoryA
GetQueuedCompletionStatus
GetDiskFreeSpaceExA
HeapSetInformation
GlobalHandle
CreateEventW
GetTimeZoneInformation
GetLastError
LockFileEx
GetCurrencyFormatW
LocalAlloc
VirtualFree
VirtualProtect
WriteConsoleInputW
SetProcessShutdownParameters
GetProcessAffinityMask
SetFileTime
AssignProcessToJobObject
GlobalAlloc
UnmapViewOfFile
GlobalUnlock
RtlZeroMemory
GetVolumePathNameW
InitializeCriticalSectionAndSpinCount
DeleteTimerQueueTimer
VirtualAlloc
LocalReAlloc

msvcrt

iswgraph
_gmtime64
_fsopen
localeconv
vprintf
?terminate@@YAXXZ
strstr
wcstol
fputws
_CIcos
abs
_wgetcwd
atoi
__lc_codepage
raise
_wstrdate
strcoll
_vsnwprintf
wcstok
_endthreadex
_stricmp
rand
toupper
atol
_wctime
_tolower
_getcwd
_setjmp3

advapi32

TraceEvent
ReportEventA
CloseEventLog
CryptSetProvParam
RegOpenCurrentUser
ProcessTrace
ConvertStringSecurityDescriptorToSecurityDescriptorA
RegCreateKeyA
LsaDelete
RegEnumValueA
LsaLookupNames
LookupPrivilegeValueA
SystemFunction031
UnregisterTraceGuids
LsaQueryTrustedDomainInfoByName
RegOpenKeyA
StartTraceW
InitiateSystemShutdownW
CryptSetHashParam
StopTraceW
EncryptFileW
OpenSCManagerA
LsaSetInformationPolicy
LsaStorePrivateData
GetKernelObjectSecurity
AccessCheckByType
RegNotifyChangeKeyValue
GetTraceEnableLevel
SetSecurityDescriptorGroup
AreAnyAccessesGranted
CryptDeriveKey
RegSetValueExW
CryptEncrypt
GetSidSubAuthorityCount
SystemFunction005
RegQueryMultipleValuesW
GetCurrentHwProfileW
SetSecurityDescriptorOwner
ConvertSecurityDescriptorToStringSecurityDescriptorW
CryptVerifySignatureA
InitializeAcl
OpenProcessToken
LsaRetrievePrivateData
AddAccessAllowedAceEx
RegQueryInfoKeyW
WmiSetSingleInstanceW
LsaSetSecret
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetExplicitEntriesFromAclW
AdjustTokenPrivileges
SetNamedSecurityInfoW
WmiNotificationRegistrationW
StartServiceW
AccessCheck
IsValidAcl
InitializeSecurityDescriptor
FreeEncryptionCertificateHashList
AddAuditAccessAce
RegUnLoadKeyA
IsWellKnownSid
RegQueryValueA
ElfDeregisterEventSource

imm32

ImmGetIMEFileNameA
ImmEscapeW
ImmUnlockIMC
ImmSetCompositionStringW
ImmConfigureIMEW
ImmLockIMC
ImmGetConversionStatus
ImmGetOpenStatus
ImmDisableIME
ImmSetConversionStatus
ImmLockIMCC
ImmGetCompositionStringW
ImmGetCandidateListW
ImmUnlockIMCC

crypt32

CryptSignHashU

odbc32

VFreeErrors
CursorLibLockDesc
PostODBCError
ValidateErrorQueue
CursorLibLockStmt
CursorLibTransact
SearchStatusCode
VRetrieveDriverErrorsRowCol
CursorLibLockDbc
LockHandle
PostODBCComponentError

Sections

.data
Size: 1024B - Virtual size: 788B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 113B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 973B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 38KB - Virtual size: 480KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 598KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f8c2c365b6a23ea6b114fd87dda84a5d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

advapi32

imm32

crypt32

odbc32

Sections

.data Size: 1024B - Virtual size: 788B

.rdata Size: 1024B - Virtual size: 113B

.idata Size: 1024B - Virtual size: 973B

.text Size: 38KB - Virtual size: 480KB

.idata Size: 598KB - Virtual size: 1.0MB

.rsrc Size: 93KB - Virtual size: 92KB

.data
Size: 1024B - Virtual size: 788B

.rdata
Size: 1024B - Virtual size: 113B

.idata
Size: 1024B - Virtual size: 973B

.text
Size: 38KB - Virtual size: 480KB

.idata
Size: 598KB - Virtual size: 1.0MB

.rsrc
Size: 93KB - Virtual size: 92KB