9b6f17231b437b7c39bd1f9920e8e0a60e1ae86ad340dfcb3dfa52dc7e1ae62d

Sharing

Copy URL Twitter E-mail

General

Target

9b6f17231b437b7c39bd1f9920e8e0a60e1ae86ad340dfcb3dfa52dc7e1ae62d
Size

863KB
MD5

76a8ab2af19b7d66db19d6ebe348d103
SHA1

d8a744498599cdc8ce76a95eff37c6620d421f75
SHA256

9b6f17231b437b7c39bd1f9920e8e0a60e1ae86ad340dfcb3dfa52dc7e1ae62d
SHA512

748a3f72e6bf26963a7318c5b0e04d41242bc51ce4d7664adc938a01af7d72edfcf7169a2330fc951a24a0d02d6e0f10cc35471221907ba8d7b73f7f42010735
SSDEEP

12288:UjiCIsrCHnm6jX/Ig3BCnjC9vpxgmzhYIor2XrTW6tziz6lc3zKkXVvo4tstYpgF:UjWswRjDonG5ZtYI427TW6xsMcjAtsw

Score

N/A

Malware Config

Signatures

Files

9b6f17231b437b7c39bd1f9920e8e0a60e1ae86ad340dfcb3dfa52dc7e1ae62d
.exe windows x86

8754a3fe79c8d178045d4d8974009a6f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt40

__p__winmajor
__p__wenviron
_HUGE
??0exception@@QAE@XZ
??1__non_rtti_object@@UAE@XZ
_pwctype
?sputbackc@streambuf@@QAEHD@Z
_ismbcprint
??0istream@@IAE@ABV0@@Z
??_Estreambuf@@UAEPAXI@Z
_adj_fdiv_m64
_wremove
?underflow@filebuf@@UAEHXZ
?open@filebuf@@QAEPAV1@PBDHH@Z
_pctype
system
_getch
??4ifstream@@QAEAAV0@ABV0@@Z
fseek
??4ostream@@IAEAAV0@ABV0@@Z
??0istream@@IAE@XZ
_cprintf
?seekg@istream@@QAEAAV1@J@Z
_outpw
_memicmp
??_Eostream@@UAEPAXI@Z
_mbsnbcmp
isprint
?clear@ios@@QAEXH@Z
?unsetf@ios@@QAEJJ@Z
srand
??_7istrstream@@6B@
strtoul
_CItanh
?sputn@streambuf@@QAEHPBDH@Z

advapi32

LsaGetSystemAccessAccount
AddAccessDeniedAceEx
OpenThreadToken
DeregisterEventSource
SaferRecordEventLogEntry
ElfReadEventLogA
LsaEnumerateAccounts
SetServiceObjectSecurity
LsaLookupNames
RegDeleteKeyA
ConvertSecurityDescriptorToAccessNamedA
WmiNotificationRegistrationA
EncryptionDisable
SystemFunction023
RegisterServiceCtrlHandlerExW
ElfCloseEventLog
CryptAcquireContextW
GetTrusteeNameA
ObjectOpenAuditAlarmW
LookupAccountSidA
BuildExplicitAccessWithNameA
RegCloseKey
CloseEventLog
GetInheritanceSourceW
CredMarshalCredentialA
LockServiceDatabase
IsTokenRestricted
CryptSignHashA
SaferGetPolicyInformation
AreAnyAccessesGranted
CryptGenKey
CredUnmarshalCredentialW
LookupPrivilegeDisplayNameA
SaferiRecordEventLogEntry
GetExplicitEntriesFromAclA
LookupAccountSidW
GetWindowsAccountDomainSid

crypt32

CryptRegisterDefaultOIDFunction
CertFindCRLInStore
CertStrToNameW
RegCreateHKCUKeyExU
I_CryptReadTrustedPublisherDWORDValueFromRegistry
CryptMsgVerifyCountersignatureEncoded
I_CryptAddRefLruEntry
CertAddEncodedCertificateToSystemStoreW
CertGetCertificateChain
I_CryptAddSmartCardCertToStore
PFXExportCertStore
I_CertProtectFunction
I_CryptRemoveLruEntry
CryptSIPRemoveSignedDataMsg
CryptCloseAsyncHandle
PFXExportCertStoreEx
CryptEnumOIDFunction
I_CryptGetAsn1Encoder
CryptVerifyMessageHash
CertSaveStore
RegDeleteValueU
CertFindChainInStore
CryptVerifyCertificateSignatureEx
RegOpenKeyExU
CryptSignCertificate
I_CertSyncStore
CryptSIPRetrieveSubjectGuidForCatalogFile
CertVerifySubjectCertificateContext
CryptMemFree
CertAddStoreToCollection
CertAddCertificateContextToStore
CertVerifyValidityNesting
I_CryptFindLruEntryData
CryptMsgCountersign
I_CryptGetFileVersion
CertEnumCTLContextProperties
CryptImportPublicKeyInfoEx
CertGetNameStringA
RegOpenHKCUKeyExU
CertOpenStore
CryptGetDefaultOIDFunctionAddress
CryptSetKeyIdentifierProperty
CryptSignAndEncryptMessage
CryptSignMessage

apphelp

ApphelpFixMsiPackageExe
SdbReadDWORDTag
SdbGetTagDataSize
SdbEnumMsiTransforms
SdbFindFirstTag
ApphelpShowDialog
SdbGetEntryFlags
ApphelpGetFileAttributes
ApphelpCheckInstallShieldPackage
SdbGetMsiPackageInformation
SdbUnregisterDatabase
SdbGetPermLayerKeys
SdbReadStringTagRef
SdbReadQWORDTag
SdbFindNextTag
SdbGetDatabaseMatch
SdbGetDatabaseID
SdbGrabMatchingInfoEx
SdbFindNextMsiPackage
SdbFindNextTagRef
AllowPermLayer
SdbCloseApphelpInformation
SdbSetPermLayerKeys
ApphelpFixMsiPackage
SdbReadBYTETagRef
SdbReadMsiTransformInfo
SdbGetNextChild
ApphelpCheckMsiPackage
SdbReadDWORDTagRef
SdbTagToString
ApphelpCheckIME
ApphelpFreeFileAttributes
SdbInitDatabase
SdbReadWORDTag
SdbGetStringTagPtr
ApphelpCheckShellObject
SdbGetTagFromTagID
GetPermLayers

winmm

mmioAscend
waveInReset
mciFreeCommandResource
auxGetVolume
mciGetYieldProc
midiInUnprepareHeader
mmioInstallIOProcW
PlaySound
timeSetEvent
joy32Message
waveOutGetErrorTextA
OpenDriver
SendDriverMessage
joyGetDevCapsA
midiInClose
mmioOpenW
midiStreamOpen
waveOutGetID
waveOutReset
waveInMessage
timeGetTime
waveInAddBuffer
waveOutBreakLoop
mciGetDeviceIDA
timeKillEvent
mciExecute
mixerGetControlDetailsA
midiOutMessage
waveInGetNumDevs
mmTaskCreate
mmsystemGetVersion

kernel32

SetThreadPriorityBoost
ReadConsoleA
SetupComm
GetCurrentThread
VirtualLock
SetConsoleScreenBufferSize
GlobalGetAtomNameW
GlobalFlags
CloseConsoleHandle
TlsSetValue
LoadLibraryA
QueryPerformanceCounter
MoveFileExA
TerminateThread
WriteProcessMemory
LocalAlloc
TerminateJobObject
AttachConsole
VirtualAlloc
BeginUpdateResourceA
SetFileValidData
PeekConsoleInputA
GetEnvironmentStringsW
GetAtomNameA
DeleteTimerQueue
SwitchToThread
LeaveCriticalSection
BaseCleanupAppcompatCacheSupport
ReadConsoleInputExA
GetFileAttributesA
GetNamedPipeHandleStateA
GlobalAddAtomW
GetTapeStatus
Module32First
Heap32ListFirst

Sections

.text
Size: 170KB - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 327KB - Virtual size: 327KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 364KB - Virtual size: 364KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8754a3fe79c8d178045d4d8974009a6f

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt40

advapi32

crypt32

apphelp

winmm

kernel32

Sections

.text Size: 170KB - Virtual size: 170KB

.rdata Size: 327KB - Virtual size: 327KB

.data Size: 512B - Virtual size: 1.8MB

.rsrc Size: 364KB - Virtual size: 364KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 170KB - Virtual size: 170KB

.rdata
Size: 327KB - Virtual size: 327KB

.data
Size: 512B - Virtual size: 1.8MB

.rsrc
Size: 364KB - Virtual size: 364KB

.reloc
Size: 1024B - Virtual size: 1024B