396afee8c24bde9a20074d9f10013e93cc5ef19cb2898eab596dfee3c39a673b

Sharing

Copy URL

Twitter E-mail

General

Target

396afee8c24bde9a20074d9f10013e93cc5ef19cb2898eab596dfee3c39a673b
Size

161KB
MD5

3bd13c69f202765f0d725d44ca784c6f
SHA1

ed0eab3a052cc019184d2f1d08fb2833e0a92801
SHA256

396afee8c24bde9a20074d9f10013e93cc5ef19cb2898eab596dfee3c39a673b
SHA512

5a299cdf89696c19aa927b7069449a716072622e7ed185f2b45f4126a21ca24bb1571e310cbc5551c2b523a731176995ac14295771eddde74994bf0f356ee1d6
SSDEEP

3072:TORz5X0FVSTtdSDQdUge9P3p77zDu5B+Yde3r9l470x+W26KR:6nETSxYC2u5B+YdU9k0x+NX

Score

N/A

Malware Config

Signatures

Files

396afee8c24bde9a20074d9f10013e93cc5ef19cb2898eab596dfee3c39a673b
.exe windows x86

ce7254ba5c4afdf0d3212812e413ca81

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msi

MsiProcessAdvertiseScriptA
MsiReinstallFeatureFromDescriptorW
MsiProvideComponentFromDescriptorA
MsiGetFeatureInfoW
MsiVerifyDiskSpace
MsiReinstallProductA
MsiRecordSetStreamA
MsiSequenceA
MsiSetComponentStateW
MsiGetFeatureCostA
MsiSetFeatureAttributesA
MsiSummaryInfoSetPropertyW
MsiEnumComponentQualifiersA
MsiDecomposeDescriptorA
MsiCollectUserInfoW
MsiGetComponentStateW
MsiQueryProductStateA
MsiSourceListAddSourceW
MsiGetFeatureStateA
MsiGetComponentPathA
MsiGetPropertyW
MsiReinstallFeatureW
MsiGetFeatureValidStatesW
Migrate10CachedPackagesA
MsiGetActiveDatabase
MsiConfigureProductExW
MsiViewModify
MsiRecordClearData
MsiEnableLogW

ntdll

ZwFlushBuffersFile
VerSetConditionMask
NtEnumerateSystemEnvironmentValuesEx
strcmp
ZwFsControlFile
ZwFlushKey
ZwMapUserPhysicalPagesScatter
NtRequestWaitReplyPort
ZwSetLdtEntries
wcstombs
NtExtendSection
NtOpenEventPair
NtOpenSemaphore
NtRemoveIoCompletion
RtlCutoverTimeToSystemTime
ZwQueryMutant
RtlFindActivationContextSectionString
KiUserApcDispatcher
ZwSetInformationFile
RtlLockHeap
NtSetEaFile
NtDebugActiveProcess
NtInitializeRegistry
NtQueryBootOptions
ZwDeleteObjectAuditAlarm
_stricmp
ZwOpenThreadToken
ZwSetInformationThread
RtlGetUserInfoHeap
RtlGetLongestNtPathLength
NtWaitForSingleObject
RtlGetAce
RtlAllocateHandle
NtSetUuidSeed
NtReplyPort
RtlUnwind
LdrDisableThreadCalloutsForDll
RtlSetHeapInformation
NtInitiatePowerAction
ZwResetEvent
RtlDosSearchPath_U

wldap32

ldap_searchW
ldap_parse_vlv_controlW
ldap_count_values_len
ldap_get_optionA
ber_scanf
ldap_add
ldap_search_ext_sA
ldap_next_attributeW
ldap_abandon
ldap_create_sort_controlA
ldap_start_tls_sW
ldap_control_free
cldap_openW
ldap_startup
ldap_get_values_lenW
ldap_deleteA
ldap_controls_free
ldap_bind_sW
ldap_close_extended_op
ldap_parse_referenceA
ldap_sslinitW
ldap_create_page_control
ldap_search_st
LdapMapErrorToWin32
ldap_simple_bind_s
ldap_extended_operationA

wintrust

WTHelperIsInRootStore
CryptCATAdminRemoveCatalog
CryptCATPersistStore
WVTAsn1SpcPeImageDataEncode
SoftpubLoadMessage
WintrustGetDefaultForUsage
OfficeCleanupPolicy
OpenPersonalTrustDBDialogEx
WTHelperGetProvSignerFromChain
WintrustRemoveActionID
SoftpubDllRegisterServer
CryptCATAdminResolveCatalogPath
HTTPSCertificateTrust
CryptCATCDFOpen
WVTAsn1SpcIndirectDataContentDecode
WTHelperCertFindIssuerCertificate
WVTAsn1SpcSpAgencyInfoEncode
WVTAsn1SpcMinimalCriteriaInfoEncode
WVTAsn1CatMemberInfoEncode
CryptCATGetMemberInfo
CryptCATCatalogInfoFromContext
MsCatConstructHashTag
WVTAsn1SpcMinimalCriteriaInfoDecode
WVTAsn1SpcIndirectDataContentEncode
WTHelperProvDataFromStateData
OpenPersonalTrustDBDialog
CryptCATEnumerateAttr
CryptCATPutCatAttrInfo
TrustFreeDecode
CryptSIPCreateIndirectData
CryptCATClose
WinVerifyTrustEx
AddPersonalTrustDBPages
WTHelperGetFileName
WTHelperGetKnownUsages
TrustIsCertificateSelfSigned
WVTAsn1SpcStatementTypeDecode
CryptCATCDFEnumMembersByCDFTag
TrustOpenStores

kernel32

QueryInformationJobObject
OpenWaitableTimerA
CreateSocketHandle
_llseek
CreateWaitableTimerW
SetConsoleCP
CloseHandle
SetEnvironmentVariableA
CreateHardLinkA
QueryPerformanceCounter
GetDevicePowerState
FlushInstructionCache
RegisterConsoleOS2
LoadLibraryA
CreateDirectoryExA
CallNamedPipeA
GetVolumeInformationW
Thread32First
SetConsoleNumberOfCommandsA
SetLocalTime
ConvertFiberToThread
ActivateActCtx
GetCurrentThread
GetProcessIoCounters
SetConsoleKeyShortcuts
GetConsoleScreenBufferInfo
MoveFileWithProgressW
Module32First
GetModuleHandleA
FindFirstFileA
GetTimeFormatW
IsBadHugeWritePtr
GetProfileIntA
TransactNamedPipe
WriteConsoleInputVDMW
GetUserDefaultLCID
GlobalAlloc
_hwrite
FileTimeToDosDateTime
VirtualAlloc
CreateThread

cfgmgr32

CM_Get_DevNode_Registry_PropertyW
CM_Get_Hardware_Profile_Info_ExA
CM_Get_Class_Key_NameW
CM_Create_DevNode_ExW
CM_Get_Class_Registry_PropertyA
CM_Free_Log_Conf_Handle
CM_Get_Log_Conf_Priority
CM_Get_Res_Des_Data_Size_Ex
CM_Enumerate_EnumeratorsW
CM_Get_Hardware_Profile_InfoW
CM_Get_Device_Interface_ListA
CM_Open_DevNode_Key
CM_Get_Res_Des_Data
CM_Register_Device_Interface_ExW
CM_Get_Device_ID_ListW
CM_Get_Device_Interface_List_Size_ExA
CM_Find_Range
CM_Enumerate_Classes_Ex
CM_Query_Arbitrator_Free_Size
CM_Get_Device_ID_Size_Ex
CM_Free_Range_List
CM_Get_Res_Des_Data_Ex
CM_Merge_Range_List
CM_Get_Device_Interface_AliasW
CM_Query_Arbitrator_Free_Data_Ex
CM_Query_Arbitrator_Free_Data
CM_Free_Res_Des
CM_Modify_Res_Des
CM_Unregister_Device_Interface_ExW

olecli32

LeCreateInvisible
SetNetName
OleGetLinkUpdateOptions
LeSaveToStream
BmQueryBounds
OleRenameClientDoc
LeEqual
LeShow
OleQueryCreateFromClip
ErrClose
OleIsDcMeta
LeClose
PbCreateLinkFromClip
ErrSetBounds
BmDraw
ErrSetHostNames
OleQueryClientVersion
OleGetData
OleEnumFormats
GenClone
OleSetHostNames
OleActivate
PbLoadFromStream
DocWndProc
ErrQueryOpen
DibRelease
PbEnumFormats
DibQueryBounds
BmEnumFormat
LeCopy
MfQueryBounds

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 75KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 900B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ce7254ba5c4afdf0d3212812e413ca81

Headers

DLL Characteristics

File Characteristics

Imports

msi

ntdll

wldap32

wintrust

kernel32

cfgmgr32

olecli32

Sections

.text Size: 56KB - Virtual size: 55KB

.rdata Size: 28KB - Virtual size: 28KB

.data Size: 75KB - Virtual size: 166KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 900B

.text
Size: 56KB - Virtual size: 55KB

.rdata
Size: 28KB - Virtual size: 28KB

.data
Size: 75KB - Virtual size: 166KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 900B