acec8913557cce5cc98bfa8054cecbbad1932188c61e0536f1464d42b25790e1

Sharing

Copy URL Twitter E-mail

General

Target

acec8913557cce5cc98bfa8054cecbbad1932188c61e0536f1464d42b25790e1
Size

826KB
MD5

f18f36d1c434552986c8b245ecf5a77f
SHA1

01dfef939c504931d6c49aaad63c0def40143655
SHA256

acec8913557cce5cc98bfa8054cecbbad1932188c61e0536f1464d42b25790e1
SHA512

3d581721c49af197b530219fd96ffc877313f2177490dbc92adec0a7bc70e426a99ae9fc3d9635be876dc12305648687e72638bb1e90cdf265bcef89f3807a07
SSDEEP

24576:mS5mvbVBNa+q1nXwYOMPU12vuLmSuY9v6DMl77V:mpN6ngYlc1XGYoMl77V

Score

N/A

Malware Config

Signatures

Files

acec8913557cce5cc98bfa8054cecbbad1932188c61e0536f1464d42b25790e1
.exe windows x86

193b6f248d385bb84529b79762e91c8e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalHandle
RemoveDirectoryW
WriteConsoleInputA
GetPrivateProfileStringA
lstrcpyn
AllocConsole
_hread
LoadLibraryW
OpenWaitableTimerA
GetOEMCP
SetPriorityClass
CancelIo
UnmapViewOfFile
WritePrivateProfileSectionW
GetStringTypeW
GetVolumeNameForVolumeMountPointW
BuildCommDCBA
lstrcpyW
CreateSocketHandle
GetFirmwareEnvironmentVariableA
FindClose
HeapCreate

atmlib

ATMGetMenuNameA
ATMFontStatus
ATMEnumFontsA
ATMGetFontPathsA
ATMAddFontW
ATMXYShowTextW
ATMProperlyLoaded
ATMEnumMMFontsA
ATMGetOutlineA
ATMGetFontInfoA
ATMGetBuildStr
ATMGetBuildStrW
ATMGetPostScriptNameW
ATMFontAvailable
ATMGetFontPathsW
ATMBBoxBaseXYShowText
ATMEnumFontsW
ATMRemoveFont
ATMGetVersionExA
ATMRemoveFontA
ATMAddFontExW
ATMAddFontEx
ATMGetFontBBox
ATMGetVersionExW
ATMRemoveFontW

secur32

AddCredentialsA
LsaCallAuthenticationPackage
GetSecurityUserInfo
SecpTranslateName
LsaFreeReturnBuffer
CredMarshalTargetInfo
RevertSecurityContext
DeleteSecurityPackageW
SaslEnumerateProfilesA
EncryptMessage
LsaGetLogonSessionData
QuerySecurityPackageInfoA
SaslGetProfilePackageW
LsaUnregisterPolicyChangeNotification
ApplyControlToken
CompleteAuthToken
TranslateNameA
ImportSecurityContextA
SaslAcceptSecurityContext
UnsealMessage
LsaDeregisterLogonProcess
SaslInitializeSecurityContextW
SaslGetProfilePackageA
SaslIdentifyPackageW
GetUserNameExA
GetComputerObjectNameW
ImportSecurityContextW
CredUnmarshalTargetInfo
LsaEnumerateLogonSessions
QueryCredentialsAttributesW

rtm

RtmReadInstanceConfig
RtmRegisterEntity
MgmAddGroupMembershipEntry
RtmIsMarkedForChangeNotification
InsertIntoTable
RtmDeleteRouteList
MgmDeInitialize
RtmGetNextHopInfo
RtmGetNetworkCount
RtmCloseEnumerationHandle
RtmGetDestInfo
RtmGetRouteAge
DestroyTable
RtmLockDestination
MgmGroupEnumerationEnd
RtmReadAddressFamilyConfig

user32

DdeSetUserHandle
SetWindowsHookExA
CreateWindowStationW
DlgDirSelectExA
GetClassInfoW
GetActiveWindow
IMPSetIMEW
RemovePropA
DrawCaption
InSendMessage

Sections

.text
Size: 360KB - Virtual size: 359KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 113KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 173KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 177KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

193b6f248d385bb84529b79762e91c8e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

atmlib

secur32

rtm

user32

Sections

.text Size: 360KB - Virtual size: 359KB

.rdata Size: 113KB - Virtual size: 113KB

.data Size: 173KB - Virtual size: 1.6MB

.rsrc Size: 177KB - Virtual size: 176KB

.reloc Size: 1024B - Virtual size: 824B

.text
Size: 360KB - Virtual size: 359KB

.rdata
Size: 113KB - Virtual size: 113KB

.data
Size: 173KB - Virtual size: 1.6MB

.rsrc
Size: 177KB - Virtual size: 176KB

.reloc
Size: 1024B - Virtual size: 824B