caf2b1a23c6df72f0d4a52cbe7857407ddf9688a656dc83eb3d8b94e9ef9404e

Sharing

Copy URL Twitter E-mail

General

Target

caf2b1a23c6df72f0d4a52cbe7857407ddf9688a656dc83eb3d8b94e9ef9404e
Size

854KB
MD5

7ae2508d549d7c8a7f1c5b4c586d4225
SHA1

edfe26abbf5bdde7d54514f95894e95ebed33a78
SHA256

caf2b1a23c6df72f0d4a52cbe7857407ddf9688a656dc83eb3d8b94e9ef9404e
SHA512

9d33004d9508b0badb39b62726d95649b79c20158fa87091637439b7d60a6cd1fc5eec9b10273cba0da9d7b9784e42183260f9cb6daaae48a776b1de39bd0e7e
SSDEEP

24576:FHh0YP1ssj7ycReT+obqy+c6LDnx7pJM7Nguxz:FxQglRcinxb2gM

Score

N/A

Malware Config

Signatures

Files

caf2b1a23c6df72f0d4a52cbe7857407ddf9688a656dc83eb3d8b94e9ef9404e
.exe windows x86

3bc53884c3466299bc282b37ddb77043

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlEmptyAtomTable
NtListenPort
RtlPinAtomInAtomTable
strspn
iswxdigit
NtOpenThreadTokenEx
RtlGetFrame
CsrIdentifyAlertableThread
RtlCopyLuidAndAttributesArray
ZwQueryBootOptions
RtlCreateAcl
RtlLargeIntegerShiftRight
RtlIntegerToChar
NtReplyWaitReceivePort
ZwDuplicateObject
ZwDeleteBootEntry
RtlUlonglongByteSwap
ZwTerminateJobObject
ZwCreateDebugObject
RtlNewSecurityObjectWithMultipleInheritance
RtlIsValidIndexHandle
RtlFirstEntrySList
wcscpy
NtAccessCheckByTypeResultList
RtlGetNtGlobalFlags
NtSuspendThread
RtlPrefixUnicodeString
RtlIsGenericTableEmptyAvl
_aulldvrm
RtlExtendedLargeIntegerDivide
RtlComputeImportTableHash
ZwSetInformationFile
KiUserCallbackDispatcher
NtReplyPort
NtSetVolumeInformationFile
_wtoi64
ZwTestAlert
RtlCompareMemory
NtSetDefaultUILanguage
ZwResetEvent
RtlSecondsSince1970ToTime
ZwSetVolumeInformationFile
RtlPushFrame
ZwQueryDefaultUILanguage
RtlFindSetBits
RtlEqualUnicodeString
RtlInitializeSListHead
ZwOpenSymbolicLinkObject
NtOpenThreadToken
RtlAddAuditAccessObjectAce
RtlFreeUnicodeString

kernel32

SetConsoleCP
LoadResource
GetNativeSystemInfo
VirtualAlloc
GetTempFileNameW
NlsGetCacheUpdateCount
IsBadStringPtrW
LoadLibraryA
CreateDirectoryExA
FreeLibraryAndExitThread
GetPrivateProfileIntA
SetEvent
WriteProfileSectionA
OpenFileMappingA
lstrcmpiW
IsValidCodePage
GetCurrentThreadId
SetComputerNameA
lstrcpynW
UnhandledExceptionFilter
InitializeCriticalSection
LZOpenFileW
WriteConsoleOutputAttribute
SizeofResource
BuildCommDCBAndTimeoutsW
VDMConsoleOperation

msasn1

ASN1BERDecCharString
ASN1BERDecChar16String
ASN1char16string_free
ASN1BERDecZeroMultibyteString
ASN1BEREncS32
ASN1BERDecLength
ASN1BEREncZeroMultibyteString
ASN1_Encode
ASN1Free
ASN1BERDecObjectIdentifier2
ASN1intx_free
ASN1open_free
ASN1CEREncGeneralizedTime
ASN1BERDecOpenType
ASN1_GetEncoderOption
ASN1CEREncBitString
ASN1octetstring_cmp
ASN1CEREncBeginBlk
ASN1CEREncFlushBlkElement
ASN1DecRealloc
ASN1BERDecEndOfContents
ASN1BERDecChar32String
ASN1intxisuint32

Sections

.text
Size: 763KB - Virtual size: 762KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3bc53884c3466299bc282b37ddb77043

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

msasn1

Sections

.text Size: 763KB - Virtual size: 762KB

.rdata Size: 83KB - Virtual size: 82KB

.data Size: 4KB - Virtual size: 1.4MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 763KB - Virtual size: 762KB

.rdata
Size: 83KB - Virtual size: 82KB

.data
Size: 4KB - Virtual size: 1.4MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB