d50a9b62a36057bba73aad5427f5163216e896f26ec4fa38ab027eaddbada267

Sharing

Copy URL

Twitter E-mail

General

Target

d50a9b62a36057bba73aad5427f5163216e896f26ec4fa38ab027eaddbada267
Size

239KB
MD5

498f75f495b415ce72f94fae1031e470
SHA1

be5c07599df7b83378dea59e691045f03c457810
SHA256

d50a9b62a36057bba73aad5427f5163216e896f26ec4fa38ab027eaddbada267
SHA512

d46f2a481dba7e7f025c0968ddd19c464afaa24451bcd89e25cf2fac0fc453f105a178f9b302f45affae481789925ba0a8b2997cfd5c09541f6d8601a0129c08
SSDEEP

6144:M+Ix2BYJXcr3G5NbnfG1Xm+kgdPk90qx0U5KiGQu5BSf:MsCPV59Hx0U5KiVwof

Score

N/A

Malware Config

Signatures

Files

d50a9b62a36057bba73aad5427f5163216e896f26ec4fa38ab027eaddbada267
.exe windows x86

9300bf1e461feeb7dbf625dbd1a3de0b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetConsolePalette
GetVolumePathNameA
GetStartupInfoW
ReadProcessMemory
GetNumaAvailableMemoryNode
ExpungeConsoleCommandHistoryW
GetModuleHandleW
GlobalAlloc
RtlUnwind
LoadLibraryW
ConvertDefaultLocale
EnumDateFormatsExW
LCMapStringW

msvcirt

??_7stdiobuf@@6B@
?get@istream@@QAEHXZ
?pbackfail@streambuf@@UAEHH@Z
??_Distream_withassign@@QAEXXZ
??4strstreambuf@@QAEAAV0@ABV0@@Z
?tie@ios@@QBEPAVostream@@XZ
??0ifstream@@QAE@H@Z
?is_open@fstream@@QBEHXZ
?ignore@istream@@QAEAAV1@HH@Z
??5istream@@QAEAAV0@PAC@Z
??_7strstreambuf@@6B@
?get@istream@@QAEAAV1@AAD@Z
??_Estrstream@@UAEPAXI@Z
??_Diostream@@QAEXXZ
??5istream@@QAEAAV0@AAC@Z
??0ofstream@@QAE@H@Z
??_7istream_withassign@@6B@

msvcrt

atexit
qsort
_mbsspnp
exit
_mbctype
cosh
??_Gbad_typeid@@UAEPAXI@Z
system
vswprintf
_getwch
_wsystem
_ismbbkprint
_cabs
wctomb
_mbsnbcnt
__getmainargs
_splitpath
??1bad_cast@@UAE@XZ
__set_app_type
__CxxCallUnwindDtor
__p__commode
_fullpath
_mktemp
??_7exception@@6B@
??1__non_rtti_object@@UAE@XZ
__p__mbcasemap
_local_unwind2
_memccpy
_mbctombb
_msize

ntmarta

AccLookupAccountName
EventGuidToName
AccRewriteGetNamedRights
AccProvSetAccessRights
AccSetEntriesInAList
AccGetAccessForTrustee
AccProvHandleIsObjectAccessible
AccProvHandleGetAccessInfoPerObjectType
AccConvertAclToAccess
AccProvGetTrusteesAccess
AccLookupAccountTrustee
AccProvGetAllRights
AccProvGetOperationResults
AccProvHandleRevokeAccessRights
AccProvHandleGetAllRights
AccConvertSDToAccess

shell32

StrStrIW
SHLoadInProc
OpenAs_RunDLL
SHOpenFolderAndSelectItems
ExtractAssociatedIconExA
SHGetSpecialFolderLocation
SHBrowseForFolderW
RealShellExecuteExW
DoEnvironmentSubstW
ShellAboutA
ShellExec_RunDLLW
SHGetFileInfo
DragFinish
ShellExecuteExW
SHCreateLocalServerRunDll

esent

JetMakeKey
JetEnumerateColumns
JetExternalRestore
JetCreateInstance2
JetRetrieveColumn
JetAttachDatabase
JetEndSession
JetBackupInstance
JetOpenTempTable2
JetGotoSecondaryIndexBookmark
JetGrowDatabase
JetBeginExternalBackup
JetMove@16
JetEndExternalBackupInstance2
JetCommitTransaction@8
JetRetrieveColumn@32
JetUpdate@20
JetBackup
JetStopBackupInstance
JetResetTableSequential
JetCloseTable
JetCreateIndex2
JetGetObjectInfo
JetGetLogInfoInstance
JetGetLogInfo
JetReadFileInstance
JetSetColumn
JetIntersectIndexes
JetCreateTableColumnIndex2
JetSetDatabaseSize

verifier

VerifierSetFlags

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9300bf1e461feeb7dbf625dbd1a3de0b

Headers

File Characteristics

Imports

kernel32

msvcirt

msvcrt

ntmarta

shell32

esent

verifier

Sections

.text Size: 159KB - Virtual size: 158KB

.rdata Size: 18KB - Virtual size: 18KB

.data Size: 58KB - Virtual size: 58KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 159KB - Virtual size: 158KB

.rdata
Size: 18KB - Virtual size: 18KB

.data
Size: 58KB - Virtual size: 58KB

.rsrc
Size: 1KB - Virtual size: 1KB