ca753236977e19d735f2a15769978083e71f4e9256de1d8d5d3a7c207187065d

Sharing

Copy URL Twitter E-mail

General

Target

ca753236977e19d735f2a15769978083e71f4e9256de1d8d5d3a7c207187065d
Size

828KB
MD5

46b74b2647cd25bbf05ceacda59db4ba
SHA1

b3ab93d52435add7fa288b15e8cabff7dd83b051
SHA256

ca753236977e19d735f2a15769978083e71f4e9256de1d8d5d3a7c207187065d
SHA512

e445eb2628b3c71839d3ec8ffc0ad924b93fc7e23b215d3c0cf5816181684675ebb8c65851667cb9778969aa6284622b335e5fd3a0a7f767698dbce24841b122
SSDEEP

24576:ZaW+AdH+nWxBylhSWM56iMkO59W87qrykliP:cWZH+k5QiRO5U87qrp8P

Score

N/A

Malware Config

Signatures

Files

ca753236977e19d735f2a15769978083e71f4e9256de1d8d5d3a7c207187065d
.exe windows x86

ae984ab2b79505a1115857d550b1e22e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

security

ImportSecurityContextW
InitSecurityInterfaceA
QuerySecurityPackageInfoW
SealMessage
MakeSignature
ImpersonateSecurityContext
QuerySecurityPackageInfoA
QuerySecurityContextToken
QueryCredentialsAttributesW
EnumerateSecurityPackagesW
VerifySignature
QueryContextAttributesW
AcquireCredentialsHandleA
FreeContextBuffer
InitializeSecurityContextW
ExportSecurityContext
QueryCredentialsAttributesA
FreeCredentialsHandle
RevertSecurityContext
ImportSecurityContextA

ntdll

RtlIsNameLegalDOS8Dot3
ZwTerminateJobObject
RtlIsTextUnicode
RtlRunDecodeUnicodeString
iscntrl
ZwOpenFile
KiUserCallbackDispatcher
NtTranslateFilePath
RtlRaiseStatus
RtlGUIDFromString
RtlGetNativeSystemInformation
NtReadVirtualMemory
ZwQueryEaFile
RtlSubtreeSuccessor
ZwUnlockVirtualMemory
RtlGenerate8dot3Name
DbgBreakPoint
ZwQueryDebugFilterState
NtOpenDirectoryObject
RtlIsActivationContextActive
RtlLeaveCriticalSection
RtlAdjustPrivilege

pdh

PdhGetDefaultPerfObjectHW
PdhTranslate009CounterW
PdhVbGetCounterPathElements
PdhExpandWildCardPathHW
PdhVbOpenQuery
PdhGetDefaultPerfObjectA
PdhLookupPerfNameByIndexA
PdhSetCounterScaleFactor
PdhGetDefaultPerfObjectHA
PdhGetCounterInfoA
PdhUpdateLogW
PdhVerifySQLDBW
PdhVerifySQLDBA
PdhVbOpenLog
PdhEnumObjectItemsHW
PdhGetCounterInfoW
PdhSelectDataSourceA
PdhTranslateLocaleCounterA
PdhComputeCounterStatistics

imm32

ImmUnlockImeDpi
ImmLoadLayout
ImmWINNLSGetEnableStatus
ImmSetActiveContextConsoleIME
ImmInstallIMEW
ImmDestroyIMCC
ImmGetConversionListA
ImmIMPQueryIMEA
ImmGetRegisterWordStyleW

activeds

ConvertSecDescriptorToVariant
AllocADsStr
DllCanUnloadNow
ADsDecodeBinaryData
AdsTypeToPropVariant
ADsEncodeBinaryData
ADsGetObject
FreeADsMem
FreeADsStr
ADsBuildVarArrayStr
ADsSetLastError
AllocADsMem
ReallocADsStr
AdsFreeAdsValues
AdsTypeToPropVariant2
PropVariantToAdsType

msdart

?SetDefaultSpinCount@CReaderWriterLock3@@SGXG@Z
?CheckTable@CLKRLinearHashTable@@QBEHXZ
?sm_dblDfltSpinAdjFctr@CSpinLock@@1NA
??4CLockedDoubleList@@QAEAAV0@ABV0@@Z
?BucketIndex@CLKRHashTableStats@@SGJJ@Z
?InitializeVersionInfo@CMdVersionInfo@@CAHXZ
??4CReaderWriterLock3@@QAEAAV0@ABV0@@Z
?IsWriteLocked@CReaderWriterLock@@QBE_NXZ
?_TryWriteLock@CReaderWriterLock@@AAE_NXZ
??1CLKRHashTable@@QAE@XZ

kernel32

SetLastError
SetConsoleTextAttribute
GetCurrentThread
GlobalUnfix
LoadLibraryW
GetHandleContext
PrivMoveFileIdentityW
VDMConsoleOperation
GetModuleHandleW
GetLocaleInfoW
DosPathToSessionPathA
RtlMoveMemory
IsBadHugeReadPtr

Sections

.text
Size: 398KB - Virtual size: 397KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 181KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 908B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ae984ab2b79505a1115857d550b1e22e

Headers

DLL Characteristics

File Characteristics

Imports

security

ntdll

pdh

imm32

activeds

msdart

kernel32

Sections

.text Size: 398KB - Virtual size: 397KB

.rdata Size: 161KB - Virtual size: 161KB

.data Size: 181KB - Virtual size: 1.5MB

.rsrc Size: 86KB - Virtual size: 85KB

.reloc Size: 1024B - Virtual size: 908B

.text
Size: 398KB - Virtual size: 397KB

.rdata
Size: 161KB - Virtual size: 161KB

.data
Size: 181KB - Virtual size: 1.5MB

.rsrc
Size: 86KB - Virtual size: 85KB

.reloc
Size: 1024B - Virtual size: 908B