a4d2bcab40a6fe518036e784bf899f54a8a80c2457dabd824e28e8ba220287b9

Sharing

Copy URL Twitter E-mail

General

Target

a4d2bcab40a6fe518036e784bf899f54a8a80c2457dabd824e28e8ba220287b9
Size

719KB
MD5

51a290affb05d15c6851ca389eddd81b
SHA1

5e7af8ba06c15ca96981e30c9f7ebceaca30e7e6
SHA256

a4d2bcab40a6fe518036e784bf899f54a8a80c2457dabd824e28e8ba220287b9
SHA512

c8a5674fc7aab441658143b43941493e614251c938cc66ccc66667ae9101f7d9d7318a1436a386cd8334161e2f1e6ca0d400cd0bbd5710568fd1238287b34322
SSDEEP

12288:UyyfNYj671Tw3QW68iM96tIm+GPFfCWil+/V5PW3Ndhz+itugWfiAzl9:U7FYGN6QWJim6tRdxCWXV5+ciw

Score

N/A

Malware Config

Signatures

Files

a4d2bcab40a6fe518036e784bf899f54a8a80c2457dabd824e28e8ba220287b9
.exe windows x86

a29e0e2769164bc4a7fba3f4b45e9634

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

crypt32

I_CertSrvProtectFunction

userenv

GetDefaultUserProfileDirectoryW
RsopSetPolicySettingStatus
RegisterGPNotification
DestroyEnvironmentBlock
ProcessGroupPolicyCompleted
LoadUserProfileW
DeleteProfileW
RsopResetPolicySettingStatus
GetUserProfileDirectoryA
UnregisterGPNotification
ExpandEnvironmentStringsForUserW
GetAppliedGPOListW
ProcessGroupPolicyCompletedEx
GetAllUsersProfileDirectoryW
ForceSyncFgPolicy
CreateEnvironmentBlock
GetProfileType
RefreshPolicy
EnterCriticalPolicySection
GetUserProfileDirectoryW
LeaveCriticalPolicySection
FreeGPOListW
GetProfilesDirectoryW
UnloadUserProfile

wintrust

CryptCATGetAttrInfo
CryptCATAdminEnumCatalogFromHash
IsCatalogFile
WintrustRemoveActionID
CryptCATGetCatAttrInfo
CryptCATAdminAddCatalog
WintrustLoadFunctionPointers
WTHelperGetProvSignerFromChain
CryptCATEnumerateCatAttr
CryptCATEnumerateMember
CryptCATClose
CryptCATAdminAcquireContext
WinVerifyTrustEx
WinVerifyTrust
CryptCATCatalogInfoFromContext
CryptCATOpen
CryptCATAdminReleaseContext
WTHelperGetFileHash
CryptCATAdminReleaseCatalogContext
CryptCATGetMemberInfo
CryptCATEnumerateAttr
WTHelperGetProvCertFromChain

shell32

SHUpdateRecycleBinIcon
Shell_NotifyIconA
ExtractAssociatedIconA
SHBindToParent
Shell_NotifyIconW
SHGetInstanceExplorer
ShellExecuteExW
SHGetSettings
SHChangeNotifySuspendResume
ShellAboutW
SHGetFileInfoW
ExtractAssociatedIconW
SheChangeDirExW
SHOpenFolderAndSelectItems
SHGetDataFromIDListW
CommandLineToArgvW
SHGetDesktopFolder
DuplicateIcon
SHGetFolderPathA
SHParseDisplayName
SHFormatDrive
SHGetIconOverlayIndexW
SHGetSpecialFolderPathA
SHGetFolderLocation
ExtractIconExW

oleaut32

SysFreeString
SafeArrayGetLBound
SafeArrayPtrOfIndex
VariantCopy
SafeArrayCreate
SysAllocStringByteLen
GetActiveObject
SysReAllocStringLen
SafeArrayGetUBound
VariantClear
VariantChangeType
SysAllocStringLen
SysStringLen
GetErrorInfo
VariantInit

msvcrt

strtok
_winminor
_wpopen
scanf
_ui64tow
_fpclass
memcpy
iswspace
_strlwr
_itow
atoi
_CIatan2
_cabs
wcspbrk
??1exception@@UAE@XZ
_wcsnset
_vsnwprintf
_Getmonths
_eof
ldiv
iswprint
clock
_mbsnbcpy
strchr
_wfindnext64

kernel32

GetUserDefaultLangID
SetVolumeLabelA
IsProcessorFeaturePresent
GetFileAttributesExW
GetModuleFileNameW
SetFilePointer
GetPrivateProfileStringW
GetDefaultCommConfigW
GetPrivateProfileStringA
GetCommModemStatus
VirtualUnlock
GetDateFormatA
FormatMessageW
SetTimeZoneInformation
TlsAlloc
IsBadCodePtr
Sleep
EnumTimeFormatsW
FindFirstChangeNotificationW
FormatMessageA
GetCurrentThread
CreateSemaphoreW
SetPriorityClass
VirtualAlloc
GetSystemWindowsDirectoryA
GetSystemTimeAsFileTime
PeekConsoleInputW
AllocConsole
OpenSemaphoreA
VirtualProtect
GetCurrentProcess
ClearCommError
GetFileAttributesA
GetComputerNameA
EnumResourceNamesA
EnterCriticalSection
GetCommandLineA

advapi32

AddAccessDeniedObjectAce
RegisterTraceGuidsW
CommandLineFromMsiDescriptor
LsaClose
RegQueryValueA
RegCreateKeyExA
SystemFunction036
SystemFunction009
OpenEncryptedFileRawW
CryptGetDefaultProviderW
BuildTrusteeWithSidW
FreeEncryptionCertificateHashList
RegSaveKeyW
CryptSignHashW
GetSidLengthRequired
IsValidSid
LsaQueryInformationPolicy
CreateServiceW
CryptHashData
ConvertStringSidToSidW
AccessCheckAndAuditAlarmA
SetKernelObjectSecurity
EqualDomainSid
RegOpenUserClassesRoot
RegEnumKeyExA
RegisterServiceCtrlHandlerA
TraceEvent
CryptCreateHash
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegEnumValueW
GetSidSubAuthority
GetSecurityDescriptorControl
LsaQueryDomainInformationPolicy
RegQueryMultipleValuesW
GetCurrentHwProfileA

winspool.drv

AddFormW
EnumPrinterDataW
EnumPrinterDriversA
XcvDataW
EnumFormsW
DocumentPropertiesA
DeviceCapabilitiesW
EndPagePrinter
SetPrinterDataW
GetFormW
WritePrinter
EnumPortsW
GetPrinterDataA
EnumPrintersA
SetPrinterW
EnumJobsW
FindClosePrinterChangeNotification
GetPrinterDriverDirectoryA
DevicePropertySheets
GetPrinterA
SetPrinterDataExW
EnumPrinterDataExW
GetPrintProcessorDirectoryW
GetJobA

Sections

.text
Size: 29KB - Virtual size: 484KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CRT
Size: 230KB - Virtual size: 398KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 200KB - Virtual size: 396KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 98KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a29e0e2769164bc4a7fba3f4b45e9634

Headers

DLL Characteristics

File Characteristics

Imports

crypt32

userenv

wintrust

shell32

oleaut32

msvcrt

kernel32

advapi32

winspool.drv

Sections

.text Size: 29KB - Virtual size: 484KB

CRT Size: 230KB - Virtual size: 398KB

.rdata Size: 200KB - Virtual size: 396KB

.data Size: 98KB - Virtual size: 187KB

.rsrc Size: 160KB - Virtual size: 159KB

.reloc Size: 1024B - Virtual size: 220B

.text
Size: 29KB - Virtual size: 484KB

CRT
Size: 230KB - Virtual size: 398KB

.rdata
Size: 200KB - Virtual size: 396KB

.data
Size: 98KB - Virtual size: 187KB

.rsrc
Size: 160KB - Virtual size: 159KB

.reloc
Size: 1024B - Virtual size: 220B