2af6aae94c8750e8fe8253c93081a95594cfcf394aba25a09e2227a2b0d7e3f9

Sharing

Copy URL Twitter E-mail

General

Target

2af6aae94c8750e8fe8253c93081a95594cfcf394aba25a09e2227a2b0d7e3f9
Size

42KB
MD5

69bdbc5b451cc2c402eb0640524409de
SHA1

7a74d575ca7728d2fbff7f31b99fb095693a9226
SHA256

2af6aae94c8750e8fe8253c93081a95594cfcf394aba25a09e2227a2b0d7e3f9
SHA512

52fa20a77aeca7450c1f347260c25f4e3146d6fe72b3a0984d000b05726b6b92375321604d7077bc5a988fd8b29e96b10b4b9a993e7bfe8c95917a176811193f
SSDEEP

768:e95b1BTE4GMRyoeSIZ2TJyMIQyAX38QfIZd5Yg+nyf/wTEAfSU:e95xBTE4dRyoeLYYQDab0ygQAfSU

Score

N/A

Malware Config

Signatures

Files

2af6aae94c8750e8fe8253c93081a95594cfcf394aba25a09e2227a2b0d7e3f9
.exe windows x86

fddc451ce4f283e8bb526d6a3cf9a1d7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

BuildTrusteeWithSidA
AreAnyAccessesGranted
PrivilegedServiceAuditAlarmW
A_SHAInit
LsaDelete
RegLoadKeyW
QueryUsersOnEncryptedFile
AccessCheckAndAuditAlarmW
LsaQueryInfoTrustedDomain
DecryptFileA
BuildImpersonateTrusteeA
WmiMofEnumerateResourcesA
ConvertStringSidToSidW
SaferComputeTokenFromLevel
SetThreadToken
CreateProcessAsUserW
TrusteeAccessToObjectA
LsaCreateAccount
RegCreateKeyA
SetSecurityDescriptorControl
GetInformationCodeAuthzPolicyW
SystemFunction040
GetSecurityInfoExW
SaferiPopulateDefaultsInRegistry
LsaQueryDomainInformationPolicy
CredReadDomainCredentialsA
AddAuditAccessObjectAce
SystemFunction018
RegSetValueExW
InitializeSid

kernel32

FormatMessageA
WritePrivateProfileStructA
SetFileValidData
WriteConsoleInputW
GetTimeZoneInformation
GetOEMCP
WritePrivateProfileSectionA
VirtualAlloc
SetConsoleLocalEUDC
GetProcAddress
SetEnvironmentVariableW
GetTempFileNameA
SetLastConsoleEventActive
SetStdHandle
QueueUserAPC
QueryPerformanceCounter
GetTickCount
AddRefActCtx
RemoveLocalAlternateComputerNameW
SetConsoleCP
FindFirstVolumeA
GlobalGetAtomNameA
GetModuleFileNameA
ReplaceFileW
FormatMessageW
ExitProcess
SetSystemPowerState
lstrcmp
BuildCommDCBW
Heap32ListNext
LoadLibraryA
LZInit

user32

IsClipboardFormatAvailable
DefWindowProcA
LoadKeyboardLayoutEx
GetClassInfoExA
DdeGetQualityOfService
IsZoomed
RegisterClassA
SetWindowTextA
CallNextHookEx
ExitWindowsEx
CallMsgFilter
ActivateKeyboardLayout
GetClipCursor
SetPropW
GetClipboardData
IsDlgButtonChecked
ChildWindowFromPoint
RedrawWindow
DrawTextW
SendDlgItemMessageA
BlockInput
GetShellWindow
DdeReconnect
PostQuitMessage
SetProcessWindowStation
FindWindowExA
EnumDesktopWindows
DdeClientTransaction
SetWindowsHookW
DrawIcon
IsCharAlphaNumericW

msls31

LsGetRubyLsimethods
LsdnSkipCurTab
LsCompressSubline
LsSqueezeSubline
LsQueryLineDup
LsDestroySubline
LssbFDonePresSubline
LsPointXYFromPointUV
LsEnumLine
LsdnSetRigidDup
LsGetWarichuLsimethods
LsQueryTextCellDetails
LsDisplaySubline
LsGetLineDur
LsDestroyLine
LsdnFinishDelete
LssbGetPlsrunsFromSubline
LsdnQueryPenNode
LssbFDoneDisplay
LsSetExpansion
LsdnSubmitSublines
LsdnResolvePrevTab
LsDisplayLine
LssbFIsSublineEmpty
LsQueryFLineEmpty
LsTruncateSubline
LsSetBreaking
LsFetchAppendToCurrentSublineResume

msvcrt

__set_app_type
??_7bad_typeid@@6B@
_mbsnextc
_cscanf
exit
__p__commode
__getmainargs
_snprintf
_getwch
pow
??0__non_rtti_object@@QAE@PBD@Z
_seh_longjmp_unwind
?raw_name@type_info@@QBEPBDXZ
_set_SSE2_enable
wprintf
ungetwc
___unguarded_readlc_active_add_func
_adj_fdiv_m32i
_wfreopen
_assert
__unguarded_readlc_active
_wrename
wcsncat
__mb_cur_max
vfprintf
isalpha
fputws
??1__non_rtti_object@@UAE@XZ
_getdiskfree
_dup
isalnum
_CxxThrowException
sin

mcicda

DriverProc

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fddc451ce4f283e8bb526d6a3cf9a1d7

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

msls31

msvcrt

mcicda

Sections

.text Size: 32KB - Virtual size: 31KB

.rdata Size: 8KB - Virtual size: 7KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 32KB - Virtual size: 31KB

.rdata
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 1KB - Virtual size: 1KB