c5959fe3d3ae6e146e41546a1e8bdee1d901e6b2238e824cc78628ff4ad4443c

Sharing

Copy URL Twitter E-mail

General

Target

c5959fe3d3ae6e146e41546a1e8bdee1d901e6b2238e824cc78628ff4ad4443c
Size

334KB
MD5

b1430c26d5beee8a6d4885d3cc3b2fa5
SHA1

606ef8d38d30f80309735c6ab33c5a989091b284
SHA256

c5959fe3d3ae6e146e41546a1e8bdee1d901e6b2238e824cc78628ff4ad4443c
SHA512

70ab2b7dca0a7b8d72c754a226d684b1db44c9bffe75bafc6db6eecde0b1df019428bf93f56fc12e98e752639b96be002bb9a5402b8707c51f863b36b3182a86
SSDEEP

6144:D2h7qpyUTWvw4ud1Tde8us1KdeKjzTbGh95hBqxSxKT1:aZ0ydvRu95KdeKjfbGhvnySx21

Score

N/A

Malware Config

Signatures

Files

c5959fe3d3ae6e146e41546a1e8bdee1d901e6b2238e824cc78628ff4ad4443c
.exe windows x86

5366d747c7daddba3829041ad9e5c107

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

rasman

RasGetKey
RasPortSetInfo
RasSetEapUserInfo
RasDeviceSetInfo
RasmanUninitialize
RasSendCreds
RasPortGetBundle
RasGetEapUserInfo
RasCreateConnection
RasGetConnectionUserData
RasRpcGetSystemDirectory
RasServerPortClose
RasSetPortUserData
RasRpcPortEnum
RasGetConnectionParams
RasGetCustomScriptDll
RasGetDevConfig

inetcomm

EssKeyExchPreferenceDecodeEx
MimeEditGetBackgroundImageUrl
GetDllMajorVersion
MimeOleGetCodePageCharset
EssKeyExchPreferenceEncodeEx
MimeEditDocumentFromStream
CreateSMTPTransport
MimeEditCreateMimeDocument
MimeEditViewSource
MimeOleClearDirtyTree
EssReceiptDecodeEx
MimeOleFileTimeToInetDate
MimeOleAlgStrengthFromSMimeCap
MimeOleSetDefaultCharset
HrGetAttachIcon
MimeOleSMimeCapsFull
HrDoAttachmentVerb
MimeOleSMimeCapGetHashAlg
HrAttachDataFromBodyPart
HrGetAttachIconByFile
MimeOleCreateByteStream

kernel32

ConnectNamedPipe
LoadLibraryA
GetSystemWow64DirectoryW
GlobalLock
GetProcessHeap
ScrollConsoleScreenBufferA
BaseDumpAppcompatCache
GetEnvironmentVariableA
RemoveDirectoryA
TransmitCommChar
IsValidLocale
QueryActCtxW
GetDateFormatW
SetHandleCount
_lwrite
GetThreadPriority
lstrcmpW
DeleteFileA
GetCurrentProcessId
FindFirstFileW
lstrcatW
SuspendThread
ScrollConsoleScreenBufferW
EnumResourceTypesW
VirtualAlloc
OpenThread
GetThreadSelectorEntry
GlobalFindAtomA
GetEnvironmentStringsA
GlobalUnlock
ClearCommError

polstore

IPSecFreeMulFilterData
IPSecImportPolicies
IPSecExportPolicies
IPSecCreatePolicyData
IPSecFreePolStr
IPSecFreeISAKMPData
IPSecEnumNFAData
IPSecFreeMulPolicyData
IPSecFreePolicyData
IPSecClosePolicyStore
IPSecCreateNegPolData
IPSecGetFilterData
IPSecFreeMulNFAData
IPSecCreateISAKMPData
IPSecFreeFilterData

Sections

.text
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 215KB - Virtual size: 214KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 405KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5366d747c7daddba3829041ad9e5c107

Headers

File Characteristics

Imports

rasman

inetcomm

kernel32

polstore

Sections

.text Size: 98KB - Virtual size: 98KB

.rdata Size: 215KB - Virtual size: 214KB

.data Size: 1024B - Virtual size: 405KB

.rsrc Size: 18KB - Virtual size: 18KB

.text
Size: 98KB - Virtual size: 98KB

.rdata
Size: 215KB - Virtual size: 214KB

.data
Size: 1024B - Virtual size: 405KB

.rsrc
Size: 18KB - Virtual size: 18KB