c53e99b56edcd108c58d90b67e814d1bf4aa72309bc65ac2809cfb9a88b6264d

Sharing

Copy URL Twitter E-mail

General

Target

c53e99b56edcd108c58d90b67e814d1bf4aa72309bc65ac2809cfb9a88b6264d
Size

48KB
MD5

10d9c14d39a5baaeb8cc6f574d37f377
SHA1

279c513356e55353350ae912e3618fda9794df40
SHA256

c53e99b56edcd108c58d90b67e814d1bf4aa72309bc65ac2809cfb9a88b6264d
SHA512

a54d51dc6ff008d16edb9f16d7bd9842d2d4377044c10198d09c06c4ceb2870c05f0bb9dd717a8d08d11578b71f51077a5cd4febc00bec26068b26c4d56f07bb
SSDEEP

768:KJWsQw3Dd55S24NMHTib8T8/yVVd3W+AC7jczM+oafRVHfzZbG0hNoNU6:uWO33Y+TXQ/ytWG7EoafRtfzZbEK6

Score

N/A

Malware Config

Signatures

Files

c53e99b56edcd108c58d90b67e814d1bf4aa72309bc65ac2809cfb9a88b6264d
.exe windows x86

e19ec3df51adbd1935b279b8f2016129

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

strchr
_tell
_mbsupr
__argv
__getmainargs
remove
_memicmp
_fcloseall
_fullpath
_aligned_offset_malloc
_CIsinh
fgetws
_localtime64
fscanf
__set_app_type
__crtCompareStringW
_msize
_wcsrev
iswcntrl
_stat64
_mbsrchr
_adj_fpatan
_inpd
_fsopen
_wspawnlpe
vprintf
_seh_longjmp_unwind
__crtLCMapStringA
_aexit_rtn
_mbctohira
_mbsinc
iswalnum
___setlc_active_func
_ismbchira
_y0
__p__commode
__p__dstbias

userenv

GetAppliedGPOListW
ExpandEnvironmentStringsForUserA
DeleteProfileW
WaitForMachinePolicyForegroundProcessing
GetUserProfileDirectoryA
ProcessGroupPolicyCompletedEx
GetPreviousFgPolicyRefreshInfo
RsopFileAccessCheck
GetNextFgPolicyRefreshInfo
ProcessGroupPolicyCompleted
RefreshPolicy
DeleteProfileA
GetProfileType
GetDefaultUserProfileDirectoryW
DestroyEnvironmentBlock
GetProfilesDirectoryA
LoadUserProfileA
UnregisterGPNotification
GetProfilesDirectoryW
GetUserProfileDirectoryW
RsopLoggingEnabled
FreeGPOListA
ExpandEnvironmentStringsForUserW
CreateEnvironmentBlock
RsopSetPolicySettingStatus
LeaveCriticalPolicySection
WaitForUserPolicyForegroundProcessing
GetGPOListW
RegisterGPNotification
RefreshPolicyEx
LoadUserProfileW
GetGPOListA
RsopResetPolicySettingStatus

msdart

??0CDoubleList@@QAE@XZ
?TryReadLock@CCritSec@@QAE_NXZ
??1CSingleList@@QAE@XZ
?IsReadLocked@CCritSec@@QBE_NXZ
??0CCritSec@@QAE@XZ
MPCSInitialize
?_TryLock@CSmallSpinLock@@AAE_NXZ
?GetDefaultSpinCount@CSpinLock@@SGGXZ
MpHeapAlloc
?ReadOrWriteUnlock@CFakeLock@@QAEX_N@Z
?_ReadOrWriteUnlock@CLKRLinearHashTable@@ABEX_N@Z
?RemoveTail@CDoubleList@@QAEQAVCListEntry@@XZ
?First@CLockedDoubleList@@QAEQAVCListEntry@@XZ
?ReadUnlock@CReaderWriterLock2@@QAEXXZ
?WriteUnlock@CLKRLinearHashTable@@QBEXXZ
?SetSpinCount@CReaderWriterLock2@@QAE_NG@Z
?ConvertExclusiveToShared@CReaderWriterLock@@QAEXXZ
??4CLockedDoubleList@@QAEAAV0@ABV0@@Z
?_TryWriteLock@CReaderWriterLock2@@AAE_NJ@Z
FXMemDetach
?IsWriteUnlocked@CCritSec@@QBE_NXZ
??0CLKRHashTableStats@@QAE@XZ
?WriteLock@CReaderWriterLock2@@QAEXXZ
?ReadUnlock@CLKRHashTable@@QBEXXZ
??4CSingleList@@QAEAAV0@ABV0@@Z
?IsWriteUnlocked@CReaderWriterLock@@QBE_NXZ
??1CLockedSingleList@@QAE@XZ
?Push@CLockedSingleList@@QAEXQAVCSingleListEntry@@@Z
?InsertTail@CDoubleList@@QAEXQAVCListEntry@@@Z
?_InsertThisIntoGlobalList@CLKRHashTable@@AAEXXZ
MpHeapValidate
?ReadOrWriteLock@CSpinLock@@QAE_NXZ
?First@CDoubleList@@QBEQAVCListEntry@@XZ
MPInitializeCriticalSectionAndSpinCount
?IsWriteUnlocked@CFakeLock@@QBE_NXZ
?GetDefaultSpinCount@CCritSec@@SGGXZ
?IsReadLocked@CSpinLock@@QBE_NXZ
?WriteLock@CLKRLinearHashTable@@QAEXXZ
?SetSpinCount@CReaderWriterLock@@QAE_NG@Z
?TryWriteLock@CReaderWriterLock3@@QAE_NXZ
?_TryReadLock@CReaderWriterLock2@@AAE_NXZ
?ReadUnlock@CReaderWriterLock@@QAEXXZ
?_CmpExch@CReaderWriterLock2@@AAE_NJJ@Z
FXMemAttach
?ValidSignature@CLKRHashTable@@QBE_NXZ
?ReadOrWriteUnlock@CReaderWriterLock3@@QAEX_N@Z
?_LockSpin@CReaderWriterLock3@@AAEXW4SPIN_TYPE@1@@Z
?IsWinNT@CMdVersionInfo@@SAHXZ
?_RemoveThisFromGlobalList@CLKRHashTable@@AAEXXZ
?GetSpinCount@CCritSec@@QBEGXZ
?_Lock@CSpinLock@@AAEXXZ
?WriteLock@CReaderWriterLock3@@QAEXXZ
?SetSpinCount@CSmallSpinLock@@QAE_NG@Z
?GetDefaultSpinCount@CSmallSpinLock@@SGGXZ
?IsReadUnlocked@CLKRLinearHashTable@@QBE_NXZ
?ConvertSharedToExclusive@CReaderWriterLock@@QAEXXZ
?GetSpinCount@CFakeLock@@QBEGXZ
?sm_dblDfltSpinAdjFctr@CFakeLock@@1NA
MpHeapFree
mpRealloc

wininet

ShowX509EncodedCertificate
InternetReadFile
DeleteUrlCacheGroup
InternetDialA
HttpEndRequestW
FindFirstUrlCacheGroup
FtpPutFileW
InternetSetOptionW
FtpSetCurrentDirectoryA
UnlockUrlCacheEntryFileA
InternetWriteFile
InternetSetOptionExW
InternetShowSecurityInfoByURL
InternetShowSecurityInfoByURLA
GopherGetLocatorTypeA
ShowCertificate
FtpFindFirstFileA
InternetHangUp
FindNextUrlCacheEntryExA
InternetQueryDataAvailable
InternetSetStatusCallbackW
InternetConnectA
InternetErrorDlg
HttpAddRequestHeadersW
GetUrlCacheGroupAttributeA
InternetAutodialHangup
RetrieveUrlCacheEntryFileW
InternetTimeToSystemTime
InternetOpenW
SetUrlCacheEntryGroupW
LoadUrlCacheContent
InternetCheckConnectionA

kernel32

GlobalGetAtomNameW
VirtualAlloc
SetLastError
GetProfileStringW
GetCurrentThread
RemoveVectoredExceptionHandler
EnumDateFormatsW
Toolhelp32ReadProcessMemory
GetModuleHandleA
CancelDeviceWakeupRequest
GetFileAttributesA
GlobalAddAtomW
LocalAlloc
GetProcessId
PurgeComm
SetComputerNameA
CloseHandle
EnumSystemGeoID
TlsFree
GetWindowsDirectoryA
Module32NextW
GetExpandedNameA
SetConsoleWindowInfo
SetWaitableTimer
SetConsoleNlsMode
DefineDosDeviceA
ChangeTimerQueueTimer
GetSystemDefaultLCID
SetConsoleTitleW
LoadLibraryA
TryEnterCriticalSection
GetNumberOfConsoleMouseButtons
SetCommTimeouts
FindResourceW
CreateSemaphoreA
GetACP

Sections

.text
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e19ec3df51adbd1935b279b8f2016129

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

userenv

msdart

wininet

kernel32

Sections

.text Size: 34KB - Virtual size: 34KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 512B - Virtual size: 260B

.rsrc Size: 2KB - Virtual size: 2KB

.text
Size: 34KB - Virtual size: 34KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 512B - Virtual size: 260B

.rsrc
Size: 2KB - Virtual size: 2KB