b0e5cb12fe477ab630d3b29d6b5cc4aee0f4769212dea280455f2785c3cc5314

Sharing

Copy URL

Twitter E-mail

General

Target

b0e5cb12fe477ab630d3b29d6b5cc4aee0f4769212dea280455f2785c3cc5314
Size

850KB
MD5

82c87adc007f4f3c0ca29af26d66df46
SHA1

6df11211a78617570e11242ebd1dbe572de042ea
SHA256

b0e5cb12fe477ab630d3b29d6b5cc4aee0f4769212dea280455f2785c3cc5314
SHA512

3fb3392e793211fee1a5af44b655ecc8d07b2a511ea0a21be516716b67e9dd6106ced1806c62bf8aba82c984cb205dec88c99ac35c04ecc01c933b163b39c5d5
SSDEEP

24576:6AtU6bMGq6WxNMj2FLDHeZbKQiJWhu1O6Qej5Mvk8qCLAfJo:IfEK5NDeZVikhuABet5CLA2

Score

N/A

Malware Config

Signatures

Files

b0e5cb12fe477ab630d3b29d6b5cc4aee0f4769212dea280455f2785c3cc5314
.exe windows x86

95abb6d8121649974fc2e39954a548a7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

softpub

AddPersonalTrustDBPages
OpenPersonalTrustDBDialog
DriverInitializePolicy
GenericChainFinalProv
SoftpubCleanup
DriverFinalPolicy
DriverCleanupPolicy
SoftpubCheckCert
OfficeInitializePolicy
SoftpubInitialize
SoftpubLoadMessage
SoftpubLoadSignature
SoftpubLoadDefUsageCallData
SoftpubFreeDefUsageCallData
OfficeCleanupPolicy
SoftpubAuthenticode
SoftpubDefCertInit
FindCertsByIssuer

advapi32

GetAuditedPermissionsFromAclW
TraceEventInstance
TraceMessage
LsaEnumerateAccounts
DecryptFileW
WmiQuerySingleInstanceW
WmiOpenBlock
RegRestoreKeyA
NotifyChangeEventLog
SaferiCompareTokenLevels
CredIsMarshaledCredentialA
EqualDomainSid
PrivilegeCheck
BackupEventLogW
LsaEnumerateTrustedDomainsEx
GetInformationCodeAuthzLevelW

kernel32

WaitForDebugEvent
CopyFileExA
GlobalReAlloc
WritePrivateProfileStructA
HeapCreate
LZInit
InterlockedDecrement
ExpandEnvironmentStringsW
ResumeThread
VirtualAlloc
GetModuleHandleW
GetLocaleInfoA
GetHandleInformation
PulseEvent
CreateTapePartition
InitializeCriticalSection
LoadLibraryA
GetSystemTime
CreateMutexA
EnumSystemGeoID
ConvertFiberToThread
SetConsoleLocalEUDC
OpenFile

cmpbk32

PhoneBookGetCurrentCountryId
PhoneBookGetCountryNameA
PhoneBookEnumNumbers
PhoneBookGetPhoneCanonicalA
PhoneBookParseInfoA
PhoneBookGetPhoneType
PhoneBookGetPhoneDUNA
PhoneBookLoad
PhoneBookCopyFilter
PhoneBookGetCountryId
PhoneBookEnumRegions
PhoneBookMatchFilter
PhoneBookHasPhoneType
PhoneBookEnumCountries
PhoneBookMergeChanges
PhoneBookUnload
PhoneBookGetPhoneDispA
PhoneBookFreeFilter
PhoneBookGetCountryNameW
PhoneBookGetRegionNameA
PhoneBookGetPhoneNonCanonicalA
PhoneBookGetPhoneDescA
PhoneBookEnumNumbersWithRegionsZero

Sections

.text
Size: 734KB - Virtual size: 734KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

95abb6d8121649974fc2e39954a548a7

Headers

DLL Characteristics

File Characteristics

Imports

softpub

advapi32

kernel32

cmpbk32

Sections

.text Size: 734KB - Virtual size: 734KB

.rdata Size: 107KB - Virtual size: 107KB

.data Size: 4KB - Virtual size: 1.5MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 734KB - Virtual size: 734KB

.rdata
Size: 107KB - Virtual size: 107KB

.data
Size: 4KB - Virtual size: 1.5MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB