fa5ee440612565177c7efe87b7e05971ff31954fc36c10205572f7a748928495

Sharing

Copy URL Twitter E-mail

General

Target

fa5ee440612565177c7efe87b7e05971ff31954fc36c10205572f7a748928495
Size

835KB
MD5

a4ebb5a7c353f266aeafad7f35533af8
SHA1

69ee96267ab652f97127808b7af7c30d0fd1537e
SHA256

fa5ee440612565177c7efe87b7e05971ff31954fc36c10205572f7a748928495
SHA512

e02975ce317dca4d92d0b9163ebc0083980e9bbec06a42bc2a43fcca1d47ca04b55ecfd094e0ed65cb9bbb0735204cbbfd09aea156eca1069647457145060af7
SSDEEP

24576:GU56rrbhTuU4u+pFqF3mCR7SOoRW0LNw2qJGuiT:GUifhTubTFqF2CN5EW0LPeGu

Score

N/A

Malware Config

Signatures

Files

fa5ee440612565177c7efe87b7e05971ff31954fc36c10205572f7a748928495
.exe windows x86

2f7479b9304ffcb25cf99ec67568c298

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__p__commode
_tzset
mblen
_wcsnicoll
exit
__getmainargs
__p___mb_cur_max
_ltow
__threadhandle
strpbrk
_sleep
strcpy
_endthread
__set_app_type
_putenv
_umask
_putch

crypt32

CertGetSubjectCertificateFromStore
I_CryptReadTrustedPublisherDWORDValueFromRegistry
CryptSignAndEncodeCertificate
CertFindCertificateInStore
CertSetCertificateContextProperty
CryptMsgGetParam
CryptLoadSip
CertEnumCertificateContextProperties
CryptSIPPutSignedDataMsg
CryptImportPKCS8
CertAddCTLContextToStore
CertFreeCertificateContext
CertCompareCertificateName
CryptSIPRemoveSignedDataMsg
RegSetValueExU
CryptEnumOIDInfo
CryptVerifyMessageHash
CryptMsgOpenToEncode
I_CryptInsertLruEntry
CryptMsgUpdate
CertIsValidCRLForCertificate

rastapi

PortConnect
PortClearStatistics
PortClose
PortGetStatistics
GetConnectInfo
SetCommSettings
RastapiSetCalledID
GetZeroDeviceInfo
PortSetFraming
DeviceListen
PortGetIOHandle
DeviceGetDevConfig
DeviceSetInfo
PortChangeCallback
RastapiGetCalledID
PortSetInfo
DeviceConnect
EnableDeviceForDialIn
PortSetIoCompletionPort
PortCompressionSetInfo
PortGetInfo
DeviceGetInfo
PortReceive

kernel32

SetConsoleMode
GetTapePosition
EnumSystemCodePagesW
DosPathToSessionPathA
InterlockedPushEntrySList
MapViewOfFileEx
UnregisterWaitEx
GetProcessIoCounters
SetMailslotInfo
GlobalFindAtomW
GetProcessPriorityBoost
GlobalReAlloc
GetProcAddress
SetConsoleCP
SetConsoleNumberOfCommandsA
GetACP
CreateWaitableTimerA
GetConsoleHardwareState
Thread32First
FreeLibrary
LoadLibraryW
SetLastError
DebugActiveProcess
GetProcessHeaps
UnmapViewOfFile
Heap32First

oleaut32

VarI4FromCy
VarBstrFromI8
VarUI4FromI4
VarBstrFromUI2
VarDecCmpR8
VarUI8FromUI1
VarDateFromStr
GetActiveObject
VarR8FromUI2
VarNumFromParseNum
OleLoadPictureFile

shlwapi

SHCreateStreamOnFileEx
SHSetValueW
PathCreateFromUrlW
PathSetDlgItemPathA
SHSetValueA
StrCSpnIA
StrCatBuffW
PathIsRootW
PathFindExtensionA
PathIsSystemFolderA
StrRChrIA
SHCopyKeyA
UrlEscapeW

advapi32

ComputeAccessTokenFromCodeAuthzLevel
OpenTraceA
IsValidSecurityDescriptor
CryptSetProviderW
SetSecurityDescriptorDacl
WmiQueryAllDataMultipleW
UnlockServiceDatabase
GetTokenInformation
EncryptedFileKeyInfo

untfs

??0NTFS_ATTRIBUTE_LIST@@QAE@XZ
?Read@NTFS_MFT_FILE@@UAEEXZ
??0NTFS_CLUSTER_RUN@@QAE@XZ
?ReadAgain@NTFS_FRS_STRUCTURE@@QAEEVBIG_INT@@@Z
?Initialize@NTFS_FILE_RECORD_SEGMENT@@QAEEVBIG_INT@@KPAVNTFS_MASTER_FILE_TABLE@@@Z
?MakeNonresident@NTFS_ATTRIBUTE@@UAEEPAVNTFS_BITMAP@@@Z
??1NTFS_ATTRIBUTE_LIST@@UAE@XZ
?ComputeFileNameSignature@NTFS_MFT_INFO@@CGXKPAU_FILE_NAME@@QAE@Z
??0NTFS_UPCASE_FILE@@QAE@XZ
?Initialize@NTFS_BAD_CLUSTER_FILE@@QAEEPAVNTFS_MASTER_FILE_TABLE@@@Z
??0NTFS_MFT_FILE@@QAE@XZ

Sections

.text
Size: 355KB - Virtual size: 355KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 165KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 181KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 828B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2f7479b9304ffcb25cf99ec67568c298

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

crypt32

rastapi

kernel32

oleaut32

shlwapi

advapi32

untfs

Sections

.text Size: 355KB - Virtual size: 355KB

.rdata Size: 130KB - Virtual size: 130KB

.data Size: 165KB - Virtual size: 1.6MB

.rsrc Size: 181KB - Virtual size: 181KB

.reloc Size: 1024B - Virtual size: 828B

.text
Size: 355KB - Virtual size: 355KB

.rdata
Size: 130KB - Virtual size: 130KB

.data
Size: 165KB - Virtual size: 1.6MB

.rsrc
Size: 181KB - Virtual size: 181KB

.reloc
Size: 1024B - Virtual size: 828B