d060e2d61fc9e72ba27ed852cdc77ed569a27084a0c7de86f74079fb980ebac1

Sharing

Copy URL Twitter E-mail

General

Target

d060e2d61fc9e72ba27ed852cdc77ed569a27084a0c7de86f74079fb980ebac1
Size

161KB
MD5

895c88be4f695d272ede9227c683874d
SHA1

c593a4724132ac96bb70118f46282a7aa05fa3e8
SHA256

d060e2d61fc9e72ba27ed852cdc77ed569a27084a0c7de86f74079fb980ebac1
SHA512

5e64472e379909f920fcacd6dfad01f7fcaca70b48b6c89a6d5d67ce5d28e12f76f852a7e8c779fe9bf63090d483ce4f62de1a56a2a0dabe1b7c026d2485bbbb
SSDEEP

3072:nBJTqEcxEoyiUAHK0lFulAe29RsqA7n1eJp0Gagu1Ys7CTc/vb:oqoy4TuWsqAbQu1YtTc/

Score

N/A

Malware Config

Signatures

Files

d060e2d61fc9e72ba27ed852cdc77ed569a27084a0c7de86f74079fb980ebac1
.exe windows x86

e0032522a175f1b02d8aa02e00b5f7c5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crtdll

_wcsicmp
gmtime
iscntrl
longjmp
_daylight_dll
_ltoa
_CIpow
strerror
_rmdir
_CIacos
iswspace
setlocale
_filbuf
_rmtmp
_toupper
strcpy
toupper
iswupper
_isnan
freopen
_cscanf
wcsncat
_mbslwr
iswcntrl
_nextafter
_wcsupr
__fpecode
setvbuf
_mbsncmp
_mbstrlen
_initterm
putchar
memmove
isxdigit

advapi32

ConvertStringSDToSDDomainW
EnumServicesStatusW
SaferiCompareTokenLevels
QueryServiceObjectSecurity
QueryUsersOnEncryptedFile
WmiSetSingleItemW
CryptVerifySignatureA
LsaDelete
LsaEnumeratePrivilegesOfAccount
UpdateTraceA
BuildTrusteeWithSidW
RegEnumKeyA
DecryptFileA
MD5Final
LsaClearAuditLog
RegRestoreKeyW
LsaStorePrivateData
InitializeAcl
ReadEventLogW
WmiMofEnumerateResourcesW
LookupAccountNameW
ImpersonateNamedPipeClient
EnumDependentServicesA
SystemFunction041
StopTraceA
RegLoadKeyA
LsaSetDomainInformationPolicy
GetPrivateObjectSecurity
I_ScSetServiceBitsW
SystemFunction023
RegUnLoadKeyA
RegisterTraceGuidsA
RegSaveKeyW
LsaCreateAccount
CloseEncryptedFileRaw
FreeEncryptedFileKeyInfo
BuildImpersonateExplicitAccessWithNameA
CryptVerifySignatureW
LookupAccountSidW
ElfNumberOfRecords
RegEnumValueW
WmiQueryAllDataW
ConvertAccessToSecurityDescriptorW

msvcrt40

??1fstream@@UAE@XZ
_getdrives
?fill@ios@@QBEDXZ
??0fstream@@QAE@PBDHH@Z
_snprintf
strcoll
_beginthreadex
strcspn
??_Giostream@@UAEPAXI@Z
fgetwc
??0ifstream@@QAE@H@Z
??_7istream_withassign@@6B@
??_8ostream@@7B@
_itoa
_chdrive
isleadbyte
?freeze@strstreambuf@@QAEXH@Z
?oct@@YAAAVios@@AAV1@@Z
_vsnwprintf
__iscsym
_atodbl
?open@ofstream@@QAEXPBDHH@Z
?dec@@YAAAVios@@AAV1@@Z
?sputbackc@streambuf@@QAEHD@Z
ungetc
??0ofstream@@QAE@PBDHH@Z
??0Iostream_init@@QAE@XZ
??_7fstream@@6B@
??_8ostrstream@@7B@
_CIsin
_safe_fdiv
_gcvt
??4ostream_withassign@@QAEAAVostream@@ABV1@@Z
??0iostream@@IAE@ABV0@@Z
_open_osfhandle
_daylight
_ismbbgraph
?is_open@fstream@@QBEHXZ

msi

MsiSetFeatureAttributesA
MsiCreateTransformSummaryInfoA
MsiConfigureProductW
MsiAdvertiseProductExA
MsiReinstallFeatureW
MsiIsProductElevatedA
MsiProvideComponentW
MsiGetUserInfoW
MsiGetProductPropertyA
MsiAdvertiseProductW
MsiSetPropertyW
MsiGetFileSignatureInformationW
MsiSummaryInfoPersist
MsiProvideQualifiedComponentA
MsiPreviewDialogA
MsiEnumRelatedProductsW
DllGetVersion
MsiSetFeatureStateA
MsiDecomposeDescriptorW
MsiRecordSetStringW
MsiProvideQualifiedComponentExA
MsiCreateTransformSummaryInfoW
MsiSetExternalUIW
MsiSourceListAddSourceW
MsiDatabaseOpenViewA
MsiUseFeatureW
MsiEnumComponentsA
MsiRecordSetStringA
MsiEnableUIPreview
MsiDatabaseGenerateTransformW
MsiRecordIsNull

msasn1

ASN1BEREncS32
ASN1BEREncUTCTime
ASN1BERDecLength
ASN1BERDecS16Val
ASN1BERDecZeroChar16String
ASN1BEREncBitString
ASN1octetstring_cmp
ASN1utf8string_free
ASN1BEREncUTF8String
ASN1DecSetError
ASN1BERDecU16Val
ASN1CEREncChar32String
ASN1char32string_cmp
ASN1objectidentifier_cmp
ASN1ztcharstring_cmp
ASN1CEREncMultibyteString
ASN1_CloseDecoder
ASN1BEREncRemoveZeroBits
ASN1_Encode
ASN1intx_sub
ASN1_CloseModule
ASN1BEREncU32
ASN1BEREncDouble
ASN1BERDecS32Val
ASN1BEREncTag
ASN1BERDecZeroMultibyteString
ASN1BERDecS8Val
ASN1objectidentifier_free
ASN1_GetDecoderOption
ASN1charstring_cmp
ASN1BEREncZeroMultibyteString
ASN1_CreateDecoderEx
ASN1BERDecBitString2
ASN1BERDecChar16String
ASN1generalizedtime_cmp

kernel32

HeapValidate
InitAtomTable
ResetEvent
GetOverlappedResult
SetConsoleIcon
ProcessIdToSessionId
GetDiskFreeSpaceW
OpenSemaphoreW
GlobalAlloc
ReleaseSemaphore
GetModuleHandleA
GetConsoleDisplayMode
IsValidLocale
GetPrivateProfileSectionA
DebugSetProcessKillOnExit
FreeLibraryAndExitThread
ResumeThread
GetVolumePathNameW
GetVolumePathNamesForVolumeNameA
UnmapViewOfFile
HeapWalk
CloseProfileUserMapping
CompareStringW
CreateEventA
GetConsoleCommandHistoryA
AllocConsole
SetFirmwareEnvironmentVariableW
EnumTimeFormatsA
SetConsoleMaximumWindowSize
LockFile
GetProcessWorkingSetSize
SetConsoleOS2OemFormat
AddRefActCtx
GetUserDefaultLCID
CreateSocketHandle
IsWow64Process
VirtualAlloc
LoadLibraryA
DeleteFileA
BaseUpdateAppcompatCache
GlobalCompact
GetCurrentThread
GetConsoleAliasExesLengthA
ChangeTimerQueueTimer

msisip

MsiSIPIsMyTypeOfFile
MsiSIPPutSignedDataMsg
MsiSIPVerifyIndirectData
MsiSIPCreateIndirectData
MsiSIPRemoveSignedDataMsg
MsiSIPGetSignedDataMsg

Sections

.text
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 900B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e0032522a175f1b02d8aa02e00b5f7c5

Headers

DLL Characteristics

File Characteristics

Imports

crtdll

advapi32

msvcrt40

msi

msasn1

kernel32

msisip

Sections

.text Size: 54KB - Virtual size: 54KB

.rdata Size: 26KB - Virtual size: 26KB

.data Size: 76KB - Virtual size: 155KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 900B

.text
Size: 54KB - Virtual size: 54KB

.rdata
Size: 26KB - Virtual size: 26KB

.data
Size: 76KB - Virtual size: 155KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 900B