abd6ba1766599803ab04c932bc073a5f6f87d0cf56864fe59d74da5a8dc184ba

Sharing

Copy URL Twitter E-mail

General

Target

abd6ba1766599803ab04c932bc073a5f6f87d0cf56864fe59d74da5a8dc184ba
Size

823KB
MD5

78f666903552dc6ef0e7de9005e44858
SHA1

0deeb6268580b90e833e2aa66345d45c914f3f60
SHA256

abd6ba1766599803ab04c932bc073a5f6f87d0cf56864fe59d74da5a8dc184ba
SHA512

b540ad023dba8324a71f0ea457724bd02565f789b6894ea46c865a33f5dbb8bb3eddbd532f4934efb5a3eeb119b2513570bd63d070ea9ad5a80b78fba2403a3c
SSDEEP

24576:37GmaaEYV5ZsDy+wcBM0h8doQdv9itaOA8FVKP:37N7F7+w2MWQdcu8F4P

Score

N/A

Malware Config

Signatures

Files

abd6ba1766599803ab04c932bc073a5f6f87d0cf56864fe59d74da5a8dc184ba
.exe windows x86

67bf5465bb5f9c15780c98d16eac545b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

FtpRenameFileA
IsUrlCacheEntryExpiredA
FtpGetFileW
PrivacySetZonePreferenceW
InternetQueryDataAvailable
FindFirstUrlCacheContainerA
HttpAddRequestHeadersA
RetrieveUrlCacheEntryStreamW
InternetAutodialHangup
InternetCheckConnectionW
InternetSecurityProtocolToStringW
FtpGetFileA
HttpEndRequestA
InternetQueryOptionW
UnlockUrlCacheEntryFileW
FtpCommandW
HttpOpenRequestW
FtpDeleteFileW
GopherCreateLocatorW
InternetGetCookieExW
GetUrlCacheGroupAttributeW
FindNextUrlCacheEntryExW
GetUrlCacheEntryInfoW
InternetHangUp
GopherGetAttributeA
RegisterUrlCacheNotification

rasapi32

RasEnumConnectionsW
RasSetSharedAutoDial
RasGetConnectStatusW
RasAutoDialSharedConnection
RasHangUpA
RasGetAutodialParamA
RasFreeEapUserIdentityW
RasValidateEntryNameW
RasCreatePhonebookEntryA
RasGetSubEntryPropertiesA
RasGetEntryDialParamsW
RasGetCredentialsA
RasScriptSend
RasSetEntryPropertiesA
RasSetAutodialEnableW
RasScriptGetIpAddress
RasInvokeEapUI
UnInitializeRAS
RasSetCredentialsW
RasDeleteEntryW
DwEnumEntryDetails
DwRasUninitialize
RasDeleteSubEntryW
RasGetAutodialAddressW
RasGetEntryPropertiesA
RasCreatePhonebookEntryW
RasGetHport
RasScriptTerm
RasSetEapUserDataW
RasSetCredentialsA
RasGetSubEntryHandleA
RasSetOldPassword
RasGetCustomAuthDataW

kernel32

SetSystemTime
Module32FirstW
AllocConsole
GetConsoleCommandHistoryLengthW
ExitProcess
WriteConsoleInputW
LZRead
GetPrivateProfileIntA
LockResource
VirtualAlloc
SetStdHandle
BuildCommDCBAndTimeoutsA
GetSystemTimeAsFileTime
RemoveDirectoryW
EnumCalendarInfoA
BindIoCompletionCallback
GetTapePosition
EnumDateFormatsExW
GetMailslotInfo
LocalShrink
GetUserDefaultUILanguage
ReadConsoleOutputCharacterA
GetPrivateProfileIntW
TryEnterCriticalSection
LoadLibraryA
QueryPerformanceCounter
SetFirmwareEnvironmentVariableW
GetVersionExW
GetPrivateProfileStructW
DeleteFileW
GetModuleHandleA
DeleteFiber
FileTimeToDosDateTime
GetProfileStringA

cryptui

CryptUIWizQueryCertRequestNoDS
CryptUIDlgCertMgr
CryptUIGetCertificatePropertiesPagesW
CryptUIDlgViewCRLA
CryptUIWizSubmitCertRequestNoDS
CryptUIDlgViewCRLW
CryptUIDlgSelectStoreW
CryptUIFreeCertificatePropertiesPagesA
CryptUIWizDigitalSign
CryptUIDlgViewContext
CryptUIDlgViewCTLA
CryptUIDlgSelectCertificateA
CryptUIWizCertRequest
CryptUIDlgViewCertificateW
CryptUIDlgViewCertificatePropertiesW
CryptUIDlgViewSignerInfoA
CryptUIFreeViewSignaturesPagesW
CryptUIDlgViewCertificatePropertiesA
CryptUIWizBuildCTL
CryptUIWizCreateCertRequestNoDS
CryptUIWizFreeCertRequestNoDS
CryptUIDlgViewCertificateA
CryptUIFreeCertificatePropertiesPagesW
ACUIProviderInvokeUI
CryptUIDlgSelectCertificateW
CryptUIDlgSelectCertificateFromStore
CryptUIWizFreeDigitalSignContext
CryptUIGetCertificatePropertiesPagesA
CryptUIGetViewSignaturesPagesA
CryptUIDlgViewCTLW
WizardFree
RetrievePKCS7FromCA
CryptUIWizExport
CryptUIDlgSelectCA
I_CryptUIProtectFailure

advapi32

LsaOpenAccount
EnumServiceGroupW
StartServiceCtrlDispatcherA
StartServiceW
ImpersonateSelf
CreateProcessWithLogonW
LsaQueryDomainInformationPolicy
QueryServiceConfig2W
I_ScSetServiceBitsA
ConvertSecurityDescriptorToAccessNamedW
EnumDependentServicesA
LsaClose
MSChapSrvChangePassword
SystemFunction017
ChangeServiceConfigA
GetEffectiveRightsFromAclW
UninstallApplication
GetFileSecurityW
DeleteAce
LsaICLookupSids
CreateServiceW
MSChapSrvChangePassword2
CryptDestroyHash
GetWindowsAccountDomainSid
CreateServiceA
LsaEnumerateAccounts
SystemFunction005
SetSecurityDescriptorDacl
MD5Init
LsaSetSystemAccessAccount

Sections

.text
Size: 380KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 154KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 172KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

67bf5465bb5f9c15780c98d16eac545b

Headers

DLL Characteristics

File Characteristics

Imports

wininet

rasapi32

kernel32

cryptui

advapi32

Sections

.text Size: 380KB - Virtual size: 380KB

.rdata Size: 154KB - Virtual size: 153KB

.data Size: 172KB - Virtual size: 1.5MB

.rsrc Size: 114KB - Virtual size: 113KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 380KB - Virtual size: 380KB

.rdata
Size: 154KB - Virtual size: 153KB

.data
Size: 172KB - Virtual size: 1.5MB

.rsrc
Size: 114KB - Virtual size: 113KB

.reloc
Size: 1KB - Virtual size: 1KB