bcbf2a19463d80b28eab07a0c2aa2e684c54f587807b61c3985e32fb903a9e23

Sharing

Copy URL Twitter E-mail

General

Target

bcbf2a19463d80b28eab07a0c2aa2e684c54f587807b61c3985e32fb903a9e23
Size

261KB
MD5

925123a1d1595032af1b44606cd5c032
SHA1

0257f3c9d2f18489811fb913d2b3f8b56bcc53f7
SHA256

bcbf2a19463d80b28eab07a0c2aa2e684c54f587807b61c3985e32fb903a9e23
SHA512

f7c9aa94bb775656417f104768664fad694870dd45b5ad2218121dcddef1ff2b25b1b01fca972fd31e27160eea31b86b75ff118beefe4957a1b81de08e46ac17
SSDEEP

6144:7KVIzwKwesZgzKGcTgonX7PlDWES2v1/pyLOc6rzY2jnW9XbsFcvAJNz:7KVbKpsZgR4goX7PVB94j6rz9jnW9A64

Score

N/A

Malware Config

Signatures

Files

bcbf2a19463d80b28eab07a0c2aa2e684c54f587807b61c3985e32fb903a9e23
.exe windows x86

621d3c00368d90ff5a0a9f29485e44f8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegDeleteValueA
RegQueryValueExA
RegCreateKeyExA
RegCloseKey
RegSetValueExA
RegOpenKeyExA
RegQueryValueExW
RegOpenKeyExW
RegQueryInfoKeyA
RegOpenKeyA
RegDeleteKeyA
RegOpenCurrentUser
RegEnumKeyExA
GetSidSubAuthority
CredReadA
DuplicateTokenEx
SetTraceCallback
SetPrivateObjectSecurityEx
LsaSetSecret
GetTraceLoggerHandle
ElfReadEventLogA
AddAuditAccessObjectAce
FileEncryptionStatusA
SystemFunction016
WmiQuerySingleInstanceW
WmiQueryAllDataMultipleA
AccessCheckByTypeAndAuditAlarmA
GetExplicitEntriesFromAclA
GetManagedApplicationCategories
LsaRetrievePrivateData
QueryServiceConfigA
CryptCreateHash
GetServiceDisplayNameW
SetEntriesInAuditListW
RegQueryMultipleValuesW
GetAuditedPermissionsFromAclW
OpenEncryptedFileRawA
CreateServiceW
QueryServiceConfig2W
ConvertSecurityDescriptorToAccessW
ControlTraceA
SystemFunction002
GetMultipleTrusteeA
FreeEncryptedFileKeyInfo
ElfOpenEventLogW
BuildTrusteeWithNameA
ComputeAccessTokenFromCodeAuthzLevel
GetOverlappedAccessResults
EnumerateTraceGuids
CreateProcessAsUserA
ProcessIdleTasks
BuildTrusteeWithNameW
CryptSignHashA
CredRenameA
AddAccessDeniedAceEx
GetInheritanceSourceW
SetServiceStatus
ConvertToAutoInheritPrivateObjectSecurity
A_SHAUpdate
CryptAcquireContextW
MD5Update
ElfRegisterEventSourceW
GetEffectiveRightsFromAclW
LsaICLookupNamesWithCreds
ObjectPrivilegeAuditAlarmA
WmiOpenBlock
RegisterEventSourceW
GetSecurityInfoExA
ChangeServiceConfig2A
SaferiChangeRegistryScope
EqualPrefixSid
AddAccessAllowedAceEx
SetPrivateObjectSecurity
I_ScIsSecurityProcess
RegLoadKeyA
MakeSelfRelativeSD
ConvertAccessToSecurityDescriptorA
SystemFunction011
CloseServiceHandle
RegQueryInfoKeyW
CryptSetKeyParam
ConvertSidToStringSidW
WmiMofEnumerateResourcesA
LsaEnumerateAccountRights
LsaGetSystemAccessAccount
CryptDuplicateHash
CryptSignHashW
BuildTrusteeWithSidA
OpenEventLogA
EncryptionDisable
QueryAllTracesA
CloseCodeAuthzLevel
CreateWellKnownSid
BuildSecurityDescriptorW
ElfClearEventLogFileW
MD4Update
EncryptedFileKeyInfo
TraceMessage
LsaCreateTrustedDomainEx
WmiQuerySingleInstanceMultipleA
BuildExplicitAccessWithNameA
AbortSystemShutdownA
SetSecurityInfoExW
IsWellKnownSid
CryptVerifySignatureW
SystemFunction036
FlushTraceA
TraceEvent

gdi32

SetViewportOrgEx
DeleteMetaFile
CreateMetaFileA
SetMapMode
CreateRectRgnIndirect
LPtoDP
SaveDC
TextOutA
RestoreDC
CreateDCA
SetWindowExtEx
SetWindowOrgEx
DeleteDC
SetTextAlign
GetDeviceCaps
CloseMetaFile

user32

GetKeyState
SetWindowPos
GetWindowLongA
UnregisterClassA
UnionRect
MessageBoxA
SetFocus
DestroyWindow
SetWindowLongA
CallWindowProcA
GetFocus
CharNextA
IsChild
SetCursor
DefWindowProcA
ShowWindow
PtInRect
IsWindow
GetParent
ReleaseDC
EqualRect
InvalidateRect
wsprintfA
SetWindowRgn
GetForegroundWindow
LoadCursorA
OffsetRect
GetDC
GetClientRect
IntersectRect

ole32

OleRegGetUserType
OleRegGetMiscStatus
CoCreateInstance
OleLoadFromStream
CoTaskMemRealloc
CreateOleAdviseHolder
WriteClassStm
OleSaveToStream
StringFromGUID2
CoTaskMemFree
CoTaskMemAlloc
CreateDataAdviseHolder
OleRegEnumVerbs

oleaut32

VariantChangeType
SysStringLen
OleCreatePropertyFrame
VarUI4FromStr
VariantInit
SysAllocStringByteLen
LoadRegTypeLi
RegisterTypeLi
LoadTypeLi
VariantCopy
DispCallFunc
VariantClear
SysAllocString
SysFreeString
UnRegisterTypeLi
SysStringByteLen

kernel32

LeaveCriticalSection
GetLocalTime
IsValidCodePage
DeleteCriticalSection
FindFirstFileA
TlsAlloc
FindClose
WaitForSingleObject
FreeLibrary
FindNextFileA
TlsGetValue
MulDiv
GetConsoleOutputCP
WritePrivateProfileStringA
ReadFile
SetFileAttributesA
CreateFileW
SetStdHandle
FlushFileBuffers
FlushInstructionCache
CreateMutexA
WriteFile
ReleaseMutex
OutputDebugStringA
LoadResource
CreateThread
IsProcessorFeaturePresent
LCMapStringA
FreeEnvironmentStringsA
lstrcmpA
DeleteFileW
LoadLibraryExA
CreateDirectoryW
GlobalAlloc
WideCharToMultiByte
lstrcmpiA
GetStdHandle
IsDebuggerPresent
UnhandledExceptionFilter
HeapReAlloc
lstrlenA
GlobalLock
CreateMutexW
GetFileType
GetSystemTimeAsFileTime
GetTempPathW
SizeofResource
HeapAlloc
WriteConsoleW
VirtualQuery
RaiseException
GlobalUnlock
DeleteFileA
VirtualFree
HeapFree
TerminateThread
FreeEnvironmentStringsW
WriteConsoleA
WaitForSingleObjectEx
lstrcatA
GetTempFileNameW
GetCurrentThreadId
SetHandleCount
FindResourceA
GetOEMCP
GetCommandLineA
VirtualAlloc
VirtualProtect
CreateEventA
GetThreadLocale
TlsFree
EnterCriticalSection
CreateFileA
GetProcessHeap
GetModuleHandleA
GetConsoleMode
CloseHandle
GetSystemInfo
HeapDestroy
lstrcpyA
lstrlenW
WaitForMultipleObjects
RtlUnwind
SetLastError
LCMapStringW
IsDBCSLeadByte
GetConsoleCP
SetUnhandledExceptionFilter
GetTempPathA
HeapSize
SetFilePointer
TlsSetValue
GetACP
GetModuleHandleW
VirtualAllocEx

pngfilt

DllCanUnloadNow

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.UkYQ
Size: 1024B - Virtual size: 983B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tFEXkll
Size: 1024B - Virtual size: 727B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.cTKx
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sBTERq
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.taks
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 213KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.OvsSex
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.uIzUOi
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.jrKcq
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.GNLoLmn
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

621d3c00368d90ff5a0a9f29485e44f8

Headers

File Characteristics

Imports

advapi32

gdi32

user32

ole32

oleaut32

kernel32

pngfilt

Sections

.text Size: 19KB - Virtual size: 19KB

.UkYQ Size: 1024B - Virtual size: 983B

.tFEXkll Size: 1024B - Virtual size: 727B

.cTKx Size: 2KB - Virtual size: 1KB

.sBTERq Size: 1KB - Virtual size: 1KB

.taks Size: 2KB - Virtual size: 2KB

.rdata Size: 213KB - Virtual size: 212KB

.OvsSex Size: 1KB - Virtual size: 1KB

.data Size: 8KB - Virtual size: 1.4MB

.rsrc Size: 2KB - Virtual size: 2KB

.uIzUOi Size: 2KB - Virtual size: 1KB

.jrKcq Size: 2KB - Virtual size: 1KB

.GNLoLmn Size: 3KB - Virtual size: 2KB

.text
Size: 19KB - Virtual size: 19KB

.UkYQ
Size: 1024B - Virtual size: 983B

.tFEXkll
Size: 1024B - Virtual size: 727B

.cTKx
Size: 2KB - Virtual size: 1KB

.sBTERq
Size: 1KB - Virtual size: 1KB

.taks
Size: 2KB - Virtual size: 2KB

.rdata
Size: 213KB - Virtual size: 212KB

.OvsSex
Size: 1KB - Virtual size: 1KB

.data
Size: 8KB - Virtual size: 1.4MB

.rsrc
Size: 2KB - Virtual size: 2KB

.uIzUOi
Size: 2KB - Virtual size: 1KB

.jrKcq
Size: 2KB - Virtual size: 1KB

.GNLoLmn
Size: 3KB - Virtual size: 2KB