ba1898ffe453c29adc295a4989f9c6cf17d5aa2a3c70eacfceec65db129c6db3

Sharing

Copy URL Twitter E-mail

General

Target

ba1898ffe453c29adc295a4989f9c6cf17d5aa2a3c70eacfceec65db129c6db3
Size

361KB
MD5

5569f0714028f7be6b064eb6a523d226
SHA1

db7ff3f7efc4d45040e20c73ab8b75523b21c700
SHA256

ba1898ffe453c29adc295a4989f9c6cf17d5aa2a3c70eacfceec65db129c6db3
SHA512

c6d5ba0d12d3ac0cb95415dfe871a87f3f4a9b41af17c3c55e9f399e2a3f1f13e16eea19adb18d6cdff1e53cf2f388d4d772ff3ad697c2cbecc4644ed17ee837
SSDEEP

6144:nV6d3R1C5Bt1GTw+FL0sDudZgBa0LsQDjvZSO065nw3+ov5emgZ:ng3zC5BK3FZub0LlBFovA

Score

N/A

Malware Config

Signatures

Files

ba1898ffe453c29adc295a4989f9c6cf17d5aa2a3c70eacfceec65db129c6db3
.exe windows x86

e23f0cc76dd58a76c3e43f852a7d1b26

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

RemoveMenu
CharToOemW
DdeEnableCallback
SwitchToThisWindow
ClipCursor
WINNLSEnableIME
SetDoubleClickTime
RegisterLogonProcess
SendNotifyMessageW
MessageBoxW
FindWindowExW
ScrollWindowEx
SendMessageCallbackA
ReplyMessage
LoadKeyboardLayoutW
RegisterTasklist
MsgWaitForMultipleObjectsEx
SendMessageTimeoutA
GetKeyboardLayoutNameA
IMPSetIMEA
DrawFocusRect
LockWindowStation
RegisterClassW
EnumDisplaySettingsExW

atmlib

ATMBBoxBaseXYShowTextW
ATMGetFontPathsA
ATMGetVersion
ATMAddFontEx
ATMEnumFontsA
ATMFontAvailableW
ATMGetOutlineW
ATMGetFontInfo
ATMGetNtmFieldsW
ATMXYShowText
ATMGetBuildStrW
ATMEnumFontsW
ATMMakePSSA
ATMAddFontA
ATMSelectEncoding

kernel32

CreateFileA
GetProfileSectionA
AttachConsole
GetConsoleMode
SetCriticalSectionSpinCount
MoveFileWithProgressA
CreateNamedPipeW
VirtualAlloc
CreateDirectoryW
OutputDebugStringA
IsValidLocale
CloseHandle
SetConsoleLocalEUDC
GlobalWire
IsDebuggerPresent
LoadLibraryA
SetLastError
GetCurrentDirectoryA
EnumerateLocalComputerNamesW
GetPrivateProfileStructW
InitializeCriticalSection
VerSetConditionMask
GetEnvironmentStringsW
SetConsoleTextAttribute
DnsHostnameToComputerNameA

advapi32

DuplicateToken
SystemFunction026
LookupPrivilegeDisplayNameW
WmiReceiveNotificationsA
AllocateLocallyUniqueId
BuildTrusteeWithObjectsAndNameW
RegUnLoadKeyA
LsaOpenTrustedDomainByName
LsaCreateTrustedDomainEx
SystemFunction004
SetFileSecurityW
GetServiceKeyNameA
BuildImpersonateExplicitAccessWithNameW
LsaOpenPolicySce
AccessCheck
SystemFunction033

Sections

.text
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 155KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 98KB - Virtual size: 495KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e23f0cc76dd58a76c3e43f852a7d1b26

Headers

DLL Characteristics

File Characteristics

Imports

user32

atmlib

kernel32

advapi32

Sections

.text Size: 99KB - Virtual size: 99KB

.rdata Size: 155KB - Virtual size: 154KB

.data Size: 98KB - Virtual size: 495KB

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 99KB - Virtual size: 99KB

.rdata
Size: 155KB - Virtual size: 154KB

.data
Size: 98KB - Virtual size: 495KB

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 1KB - Virtual size: 1KB