cb10187383ad172900f74a2296202959094652895ddf5dbd01470e62099abc91

Sharing

Copy URL Twitter E-mail

General

Target

cb10187383ad172900f74a2296202959094652895ddf5dbd01470e62099abc91
Size

92KB
MD5

b68b2cd25335db6a3b93a94b4a918512
SHA1

8bf0a8468faef2419cd2f60631f272b32a4d6db1
SHA256

cb10187383ad172900f74a2296202959094652895ddf5dbd01470e62099abc91
SHA512

f572c5689ab5cda95a56a2051636c9597eae670e6c8e5c737335eabcc949c22bca0c3d2ebd3707332337a8ae9295d88da571575b0c04f026b5685b3ba4d50577
SSDEEP

1536:e2mxPcHJ38R+MatRWhofbp00V/pQKTbl0hFa71GrVo0aOwmMHAsbOEDFcW:PiAJsRwRDmZ588O0aOwmTsHxL

Score

N/A

Malware Config

Signatures

Files

cb10187383ad172900f74a2296202959094652895ddf5dbd01470e62099abc91
.exe windows x86

e60d08a5221759ad19d63f5ffebd8a20

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlCreateAcl
RtlCreateHeap
RtlEnterCriticalSection
NtCreatePort
RtlLeaveCriticalSection
RtlInitializeSid
RtlUnwind
RtlExitUserThread
NtQueryVirtualMemory
NtReadRequestData
NtWaitForMultipleObjects
NtCreateFile
NtQueryValueKey
NtQuerySystemInformation
NtSetInformationThread
NtResetEvent
NtDelayExecution
NtOpenProcess
RtlSetDaclSecurityDescriptor
RtlAllocateAndInitializeSid
RtlFreeHeap
NtImpersonateThread
NtClose
NtCreateEvent
NtAcceptConnectPort
RtlLengthRequiredSid
RtlSubAuthoritySid
RtlCreateSecurityDescriptor
NtRequestWaitReplyPort
NtOpenThread
NtDuplicateObject
RtlRegisterWait
RtlLengthSid
NtOpenKey
NtResumeThread
RtlCreateUserThread
_vsnprintf
NtSetEvent
RtlInitUnicodeString
RtlInitializeCriticalSection
RtlDeleteCriticalSection
NtReplyPort
NtCompleteConnectPort
RtlAllocateHeap
NtTerminateThread
RtlAddAccessAllowedAce
NtReplyWaitReceivePort
NtWriteRequestData
RtlDestroyHeap

advapi32

ReportEventW
DeregisterEventSource
RegisterEventSourceW
SetServiceStatus
RegisterServiceCtrlHandlerExW

kernel32

GetLastError
GetSystemInfo
QueryPerformanceCounter
GetTickCount
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentThreadId
DisableThreadLibraryCalls
UnhandledExceptionFilter
TerminateProcess
GetCurrentProcess
GetCurrentProcessId
VirtualAlloc

cmdial32

AutoDialFunc

atmlib

ATMEnumFonts

apphelp

ApphelpCheckRunApp
ApphelpQueryModuleData

crypt32

RegCreateHKCUKeyExU

Sections

.textbss
Size: - Virtual size: 432KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512B - Virtual size: 460B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 892B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e60d08a5221759ad19d63f5ffebd8a20

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

advapi32

kernel32

cmdial32

atmlib

apphelp

crypt32

Sections

.textbss Size: - Virtual size: 432KB

.text Size: 512B - Virtual size: 460B

.idata Size: 88KB - Virtual size: 88KB

.rdata Size: 512B - Virtual size: 32B

.data Size: 1024B - Virtual size: 892B

.reloc Size: 512B - Virtual size: 32B

.textbss
Size: - Virtual size: 432KB

.text
Size: 512B - Virtual size: 460B

.idata
Size: 88KB - Virtual size: 88KB

.rdata
Size: 512B - Virtual size: 32B

.data
Size: 1024B - Virtual size: 892B

.reloc
Size: 512B - Virtual size: 32B