a2c4b46f630242d57fae0f1b2a276778292c07b78b261f0cfde2757928f5e1de

Sharing

Copy URL Twitter E-mail

General

Target

a2c4b46f630242d57fae0f1b2a276778292c07b78b261f0cfde2757928f5e1de
Size

855KB
MD5

f259c9472d513231c0384c2b9d63e235
SHA1

067792be52d31027fdc41283469540886f88d54b
SHA256

a2c4b46f630242d57fae0f1b2a276778292c07b78b261f0cfde2757928f5e1de
SHA512

769e9b9f52504a5293018adea40d9e5f8648a4adc52f7213ab06041ac72fb9d3c8960ca9db7092a99143805a7742d9297e74a5003f452772de3fbc4e2dcd1749
SSDEEP

24576:69CeTHx2N2i8Nhs//yIronXhhuE/p4HR9NU:6vHxY8NS50RhEx0

Score

N/A

Malware Config

Signatures

Files

a2c4b46f630242d57fae0f1b2a276778292c07b78b261f0cfde2757928f5e1de
.exe windows x86

941d175fae2fca888a4bb1280cd96a90

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msdart

?_ExtractKey@CLKRLinearHashTable@@ABE?BKPBX@Z
?IsWriteUnlocked@CLKRHashTable@@QBE_NXZ
?sm_llGlobalList@CLKRLinearHashTable@@0VCLockedDoubleList@@A
?_TryReadLockRecursive@CReaderWriterLock3@@AAE_NXZ
?IsWriteLocked@CReaderWriterLock2@@QBE_NXZ
?ReadUnlock@CSpinLock@@QAEXXZ
?Apply@CLKRHashTable@@QAEKP6G?AW4LK_ACTION@@PBXPAX@Z1W4LK_LOCKTYPE@@@Z
?MpHeapCompact@@YAKPAX@Z
?TryWriteLock@CSpinLock@@QAE_NXZ
?SetSpinCount@CSpinLock@@QAE_NG@Z
?ReadOrWriteUnlock@CReaderWriterLock3@@QAEX_N@Z
?ReadUnlock@CLKRHashTable@@QBEXXZ
?sm_pfnTryEnterCriticalSection@CCriticalSection@@0P6GHPAU_RTL_CRITICAL_SECTION@@@ZA
?ConvertSharedToExclusive@CCritSec@@QAEXXZ
?GetSpinCount@CCritSec@@QBEGXZ
MPCSUninitialize
??1CReaderWriterLock2@@QAE@XZ
?IsReadUnlocked@CFakeLock@@QBE_NXZ
??0CLockedDoubleList@@QAE@XZ
?_ReadLockSpin@CReaderWriterLock3@@AAEXW4SPIN_TYPE@1@@Z
MPInitializeCriticalSectionAndSpinCount
mpFree
?_EqualKeys@CLKRLinearHashTable@@ABE_NKK@Z
?GetDefaultSpinCount@CFakeLock@@SGGXZ
??4CReaderWriterLock3@@QAEAAV0@ABV0@@Z
??1CReaderWriterLock3@@QAE@XZ
MPCSInitialize
?sm_wDefaultSpinCount@CSmallSpinLock@@1GA
?ReadLock@CSmallSpinLock@@QAEXXZ
MpHeapReAlloc

msacm32

acmDriverMessage
acmFilterChooseW
acmFilterEnumA
acmFilterTagEnumW
acmDriverOpen
acmFilterChooseA
acmFormatTagDetailsW
acmFormatTagDetailsA
acmDriverID
acmDriverPriority
XRegThunkEntry
acmFormatEnumW
acmStreamConvert
acmFormatDetailsA
acmDriverAddW
acmMessage32
acmStreamMessage
acmFilterTagEnumA
acmFormatTagEnumW
acmFormatEnumA

schannel

QuerySecurityPackageInfoW
SslGenerateRandomBits
SpLsaModeInitialize
InitializeSecurityContextA
InitializeSecurityContextW
SpUserModeInitialize
DeleteSecurityContext
EnumerateSecurityPackagesW
SslLoadCertificate
ImpersonateSecurityContext
InitSecurityInterfaceA
AcceptSecurityContext
ApplyControlToken
SealMessage
AcquireCredentialsHandleA
SslCrackCertificate
VerifySignature
QuerySecurityPackageInfoA
FreeCredentialsHandle
SslEmptyCacheW
EnumerateSecurityPackagesA
QueryContextAttributesA
CompleteAuthToken
MakeSignature
QueryContextAttributesW
SslGetMaximumKeySize

ntdll

ZwSetHighWaitLowEventPair
ZwWriteFile
RtlWalkHeap
ZwOpenProcess
RtlConvertToAutoInheritSecurityObject
ZwRegisterThreadTerminatePort
ZwCreateNamedPipeFile
RtlFlushSecureMemoryCache
RtlTimeToTimeFields
RtlAreBitsClear
NtReadVirtualMemory
RtlCreateBootStatusDataFile
NtAlertResumeThread
ZwOpenObjectAuditAlarm
ZwQuerySystemEnvironmentValue
LdrInitializeThunk
ZwWaitForMultipleObjects
_aullrem
NtQueryInformationToken
NtStopProfile
NtOpenSymbolicLinkObject
_vsnwprintf
NtImpersonateAnonymousToken

sqlunirl

_GetServiceKeyName_@16
_GetLogicalDriveStrings_@8
_MessageBoxEx_@20
_LookupPrivilegeDisplayName_@20
_DlgDirListComboBox_@20
_ChangeMenu_@20
_GetKerningPairs_@12
_GetUnicodeRedirectionLayer@0
_SetCurrentDirectory_@4
_GetLocaleInfo_@16
_AddAtom_@4
wsprintf_
_ChooseColor_@4

usp10

ScriptGetGlyphABCWidth
UspAllocCache
ScriptXtoCP
ScriptString_pcOutChars
ScriptString_pSize
ScriptStringXtoCP
ScriptStringValidate
ScriptStringAnalyse
ScriptGetProperties
ScriptShape
LpkPresent
ScriptGetFontProperties
ScriptApplyDigitSubstitution
ScriptRecordDigitSubstitution
ScriptStringGetOrder
ScriptTextOut
ScriptIsComplex
ScriptStringGetLogicalWidths
ScriptJustify
ScriptCacheGetHeight
UspAllocTemp
ScriptGetCMap
ScriptBreak
ScriptCPtoX
ScriptGetLogicalWidths

kernel32

SetMailslotInfo
PeekConsoleInputW
SetNamedPipeHandleState
EnterCriticalSection
SetThreadExecutionState
SetCommMask
GetSystemTimeAsFileTime
lstrcmpA
AddAtomA
GetConsoleKeyboardLayoutNameA
GetVolumeNameForVolumeMountPointA
GetUserDefaultLCID
LoadLibraryW
SearchPathW
SetVolumeLabelW
GetConsoleFontInfo
WriteProfileSectionW
FindNextVolumeA
InitializeCriticalSection
HeapWalk
VirtualProtectEx
WaitNamedPipeA
TerminateJobObject
GetVersion
SetConsoleKeyShortcuts
QueueUserAPC
GetOverlappedResult
SetTimeZoneInformation

Sections

.text
Size: 416KB - Virtual size: 415KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 179KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

941d175fae2fca888a4bb1280cd96a90

Headers

DLL Characteristics

File Characteristics

Imports

msdart

msacm32

schannel

ntdll

sqlunirl

usp10

kernel32

Sections

.text Size: 416KB - Virtual size: 415KB

.rdata Size: 172KB - Virtual size: 172KB

.data Size: 179KB - Virtual size: 1.6MB

.rsrc Size: 86KB - Virtual size: 85KB

.reloc Size: 1024B - Virtual size: 920B

.text
Size: 416KB - Virtual size: 415KB

.rdata
Size: 172KB - Virtual size: 172KB

.data
Size: 179KB - Virtual size: 1.6MB

.rsrc
Size: 86KB - Virtual size: 85KB

.reloc
Size: 1024B - Virtual size: 920B