a5e5b63688c55ab6ca7b19218b91357c3dd5b2b5beec33afca250b5004e945f4

Sharing

Copy URL

Twitter E-mail

General

Target

a5e5b63688c55ab6ca7b19218b91357c3dd5b2b5beec33afca250b5004e945f4
Size

174KB
MD5

e02b57afe1954e692ae0109c666a9aa8
SHA1

d46e5476ba6592a3a1795c56cd54efcc090765b7
SHA256

a5e5b63688c55ab6ca7b19218b91357c3dd5b2b5beec33afca250b5004e945f4
SHA512

a08b8a06455830b3a1865b5ffbaf5fb8736d5e968a10f444cc9fd582ad4170084470cdc461504b4211fc5a08615d55edd7f7cb4a5d5193af6aa85e73d60752ad
SSDEEP

3072:Wx1f7Xhi3wvlHaBxeCBe6/MnPdpZjIJulHNUfdzzIJEIKJliUThCKLCpjzrI0G:WvvtHanfBe60PIulHNUfdzzxdTh6hzr

Score

N/A

Malware Config

Signatures

Files

a5e5b63688c55ab6ca7b19218b91357c3dd5b2b5beec33afca250b5004e945f4
.exe windows x86

18936e52cbedae8e34f010017fb0f435

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

_lfind
NtContinue
RtlDetermineDosPathNameType_U
RtlQueryTimeZoneInformation
RtlNtStatusToDosErrorNoTeb
wcsncpy
ZwSetVolumeInformationFile
RtlTimeFieldsToTime
NtWriteFile
RtlNtStatusToDosError
ZwSetDefaultUILanguage
DbgUiRemoteBreakin
isxdigit
NtLoadDriver
memmove
NtSetBootOptions
ZwReplyWaitReceivePort
RtlAdjustPrivilege
RtlRegisterSecureMemoryCacheCallback
RtlAddAccessDeniedObjectAce
ZwQueryDirectoryObject
RtlCreateUnicodeStringFromAsciiz
_CIsqrt
ZwCreateSymbolicLinkObject
NtExtendSection
RtlGetNtProductType
RtlLookupAtomInAtomTable
ZwClose
NtFlushWriteBuffer
RtlCaptureStackBackTrace
CsrGetProcessId
RtlTraceDatabaseLock
strpbrk
ZwCreateKey
RtlInsertElementGenericTableAvl
NtImpersonateThread
ZwQueryVirtualMemory
_ui64tow
RtlTimeToSecondsSince1970
ZwWaitHighEventPair
NtSetDefaultUILanguage
ZwQueryQuotaInformationFile
_ltoa
ZwLockProductActivationKeys
RtlNumberOfClearBits
iscntrl
RtlUnicodeToCustomCPN
RtlReAllocateHeap
RtlInitializeGenericTable
RtlSetDaclSecurityDescriptor
RtlValidateProcessHeaps
NtResumeProcess
ZwInitializeRegistry
RtlQueryProcessDebugInformation
RtlDestroyAtomTable
RtlSetIoCompletionCallback
RtlEnableEarlyCriticalSectionEventCreation
NtWriteFileGather
RtlTimeToElapsedTimeFields
RtlDestroyProcessParameters
LdrSetAppCompatDllRedirectionCallback
RtlQueryInformationActiveActivationContext
RtlTraceDatabaseValidate
RtlCreateEnvironment
_alloca_probe

advapi32

AddAccessDeniedAce
CredReadW
LsaOpenAccount
LookupAccountNameA
InitiateSystemShutdownW
SetInformationCodeAuthzLevelW
SetServiceStatus
QueryServiceObjectSecurity
I_ScIsSecurityProcess
ElfOpenEventLogW
SetTokenInformation
TreeResetNamedSecurityInfoW
QueryAllTracesA
SetPrivateObjectSecurity
DuplicateToken
SystemFunction017
LookupPrivilegeDisplayNameA
GetEffectiveRightsFromAclW
GetOldestEventLogRecord
LsaDeleteTrustedDomain
AddAccessDeniedObjectAce
CredProfileLoaded
IsTokenRestricted
GetNamedSecurityInfoA
StartServiceCtrlDispatcherW
SystemFunction031
DeleteService
LsaGetQuotasForAccount
ObjectDeleteAuditAlarmA
ElfOldestRecord
CredWriteW
GetTraceEnableLevel
AddAuditAccessAce
EnumServicesStatusA
MD4Final
MD4Update
GetTokenInformation
CreateServiceW
GetAccessPermissionsForObjectA
GetPrivateObjectSecurity
BuildImpersonateExplicitAccessWithNameW
RegQueryValueW
ControlService
RegConnectRegistryW
ElfBackupEventLogFileA
CryptGenRandom
StartServiceA
AccessCheckByTypeResultListAndAuditAlarmA
StartTraceA
RegReplaceKeyA
LsaNtStatusToWinError
ElfOpenEventLogA
SaferiIsExecutableFileType
A_SHAFinal
QueryServiceLockStatusA
InitializeSid
AccessCheckByTypeAndAuditAlarmW
BuildSecurityDescriptorA
CredWriteDomainCredentialsA
ImpersonateAnonymousToken
RegSetValueExW
EncryptedFileKeyInfo
SaferComputeTokenFromLevel
SetServiceObjectSecurity
ConvertStringSecurityDescriptorToSecurityDescriptorA
LogonUserW
CryptSetProviderA
CredRenameA
LsaSetSystemAccessAccount
InitiateSystemShutdownExW
SystemFunction013
CryptGetDefaultProviderA
ProcessTrace
ControlTraceW
CryptDecrypt
EnumServicesStatusW
FileEncryptionStatusW
ObjectDeleteAuditAlarmW
GetLocalManagedApplicationData
LsaAddPrivilegesToAccount
A_SHAUpdate
MakeSelfRelativeSD
GetInformationCodeAuthzLevelW
GetSecurityDescriptorDacl

wintrust

CryptSIPVerifyIndirectData
IsCatalogFile
CatalogCompactHashDatabase
OfficeCleanupPolicy
WTHelperGetAgencyInfo
WTHelperCheckCertUsage
WTHelperCertFindIssuerCertificate
WVTAsn1SpcSpAgencyInfoEncode
SoftpubLoadMessage
WVTAsn1CatMemberInfoDecode
WintrustLoadFunctionPointers
CryptCATHandleFromStore
WTHelperGetKnownUsages
WTHelperGetProvSignerFromChain
CryptCATAdminEnumCatalogFromHash
CryptCATAdminCalcHashFromFileHandle
WVTAsn1CatNameValueEncode
WVTAsn1SpcMinimalCriteriaInfoDecode
CryptSIPGetInfo
WVTAsn1SpcPeImageDataEncode
SoftpubDefCertInit
CryptCATAdminPauseServiceForBackup
WintrustAddDefaultForUsage
WTHelperIsInRootStore
SoftpubCheckCert
WTHelperGetProvCertFromChain
SoftpubLoadSignature
CryptCATStoreFromHandle
TrustFindIssuerCertificate
CryptCATAdminAddCatalog
mssip32DllRegisterServer
WTHelperGetFileName
CryptSIPGetRegWorkingFlags
CryptCATClose
AddPersonalTrustDBPages
WVTAsn1CatNameValueDecode
WintrustGetDefaultForUsage
CryptCATCatalogInfoFromContext
CryptCATPutAttrInfo
WVTAsn1CatMemberInfoEncode
HTTPSFinalProv
WintrustGetRegPolicyFlags
SoftpubDumpStructure
WTHelperProvDataFromStateData

kernel32

SetTimeZoneInformation
DebugBreak
VirtualFreeEx
GetFileInformationByHandle
IsValidCodePage
QueryPerformanceFrequency
LZDone
LocalReAlloc
SetConsoleTitleW
GetNumberOfConsoleFonts
GetModuleHandleA
GetCommProperties
SwitchToFiber
GetDateFormatA
DisconnectNamedPipe
EnumCalendarInfoExA
DeleteVolumeMountPointW
VirtualAlloc
PulseEvent
GetNumaAvailableMemoryNode
GetUserDefaultLCID
GlobalAlloc
LoadLibraryExW
SetCommConfig
GetHandleInformation
GetDiskFreeSpaceExW
GetCurrentThread
DosDateTimeToFileTime
InvalidateConsoleDIBits
LCMapStringA
LoadLibraryA
SetConsoleCP

Sections

.text
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 85KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 868B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

18936e52cbedae8e34f010017fb0f435

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

advapi32

wintrust

kernel32

Sections

.text Size: 52KB - Virtual size: 52KB

.rdata Size: 30KB - Virtual size: 30KB

.data Size: 85KB - Virtual size: 260KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 1024B - Virtual size: 868B

.text
Size: 52KB - Virtual size: 52KB

.rdata
Size: 30KB - Virtual size: 30KB

.data
Size: 85KB - Virtual size: 260KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 1024B - Virtual size: 868B