e06ad30420afde620f28b511e6302fa83dc0aeb233e1e10318776ae33bad6363

Sharing

Copy URL Twitter E-mail

General

Target

e06ad30420afde620f28b511e6302fa83dc0aeb233e1e10318776ae33bad6363
Size

869KB
MD5

2b3dd6afa00398561c045aed795ef12a
SHA1

4ef3c39cb42e0077c2e1d860d627d1fed868e6c0
SHA256

e06ad30420afde620f28b511e6302fa83dc0aeb233e1e10318776ae33bad6363
SHA512

f8a309aa771e2d0a15c17509adfcf0d124db7ea2eeed7e6a97c933d5b3a8293f36e52f17e7275680113b05e1bc6f52391407ca8429b15beb0e823a5b24fda094
SSDEEP

24576:YTDiqFxc4Ywz4WBhNDpyQJBR6CMXf0HdzmqJCSW:OBx77zftD8UR6Ti+

Score

N/A

Malware Config

Signatures

Files

e06ad30420afde620f28b511e6302fa83dc0aeb233e1e10318776ae33bad6363
.exe windows x86

333bb2db73821aecba319c83185a40b6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlFindSetBitsAndClear
_allshl
RtlQueryEnvironmentVariable_U
NtQueryInformationJobObject
RtlDosPathNameToNtPathName_U
RtlQueueApcWow64Thread
RtlSetThreadPoolStartFunc
RtlLockHeap
RtlTraceDatabaseUnlock
LdrShutdownThread
DbgUiWaitStateChange
RtlFindMostSignificantBit
ZwUnloadKey
RtlCaptureContext
ZwResumeThread
ZwQueryInformationFile
RtlCompareMemory
NtLoadKey2
NtImpersonateClientOfPort
RtlGenerate8dot3Name
ZwAddBootEntry
RtlNewSecurityObjectEx
RtlInitString
RtlDosApplyFileIsolationRedirection_Ustr
LdrLoadDll
RtlSystemTimeToLocalTime
ZwSaveMergedKeys
RtlGetControlSecurityDescriptor
RtlCopyUnicodeString
RtlSetHeapInformation
RtlEnumerateGenericTableAvl
LdrGetDllHandleEx
ZwPulseEvent
NtOpenFile
RtlNumberGenericTableElementsAvl
strrchr
NtQueryEaFile
_snwprintf
NtDuplicateToken
RtlComputeCrc32
ZwEnumerateSystemEnvironmentValuesEx
NtReadRequestData
NtResumeThread
RtlGetNtProductType
RtlDeleteAce
DbgQueryDebugFilterState
NtQueryObject
RtlEraseUnicodeString
ceil
DbgUserBreakPoint
_wcsnicmp
NtSetLowWaitHighEventPair
RtlIsDosDeviceName_U
ZwQuerySemaphore
RtlUnlockBootStatusData
RtlDnsHostNameToComputerName
ZwNotifyChangeDirectoryFile
RtlSetLastWin32Error
NtDebugContinue
NtCreateMutant
_allrem
RtlAppendUnicodeStringToString
RtlConsoleMultiByteToUnicodeN
_CIlog
LdrEnumResources
strpbrk
RtlQueryInformationActivationContext
NtSetHighEventPair
RtlRunEncodeUnicodeString
ZwDuplicateToken
RtlImageDirectoryEntryToData
ZwUnmapViewOfSection

crypt32

CertAddSerializedElementToStore
CryptDecryptAndVerifyMessageSignature
CryptMsgControl
CertStrToNameA
I_CertSrvProtectFunction
CertGetSubjectCertificateFromStore
I_CryptFreeLruCache
CryptSIPPutSignedDataMsg
CertAddCertificateContextToStore
CryptCloseAsyncHandle
CertEnumCTLContextProperties
I_CryptEnableLruOfEntries
CryptGetKeyIdentifierProperty
CertGetCRLContextProperty
CertAlgIdToOID
CertFindRDNAttr
CryptMemFree
I_CryptSetTls
CryptSignMessageWithKey
CryptMsgOpenToEncode
CertGetIssuerCertificateFromStore
CryptSignAndEncodeCertificate
CertGetCRLFromStore
CertCreateCertificateChainEngine
I_CryptReleaseLruEntry
I_CryptGetFileVersion
CryptFreeOIDFunctionAddress
CryptFormatObject
CryptMsgCountersignEncoded
CertEnumPhysicalStore
CertVerifyRevocation
I_CryptGetDefaultCryptProvForEncrypt
CryptDecryptMessage
I_CryptGetTls
CertOpenSystemStoreW
CertVerifyCRLRevocation
CertEnumSystemStoreLocation
CertGetCertificateChain
CertFindCTLInStore
CertEnumCertificatesInStore
CryptFindOIDInfo
CertFindSubjectInCTL
CertEnumCertificateContextProperties
I_CryptGetOssGlobal

msls31

LsdnResetPenNode
LsQueryPointPcpSubline
LsFindPrevBreakSubline
LsFindNextBreakSubline
LsDestroySubline
LsGetRubyLsimethods
LsDisplaySubline
LsPointUV2FromPointUV1
LsGetHihLsimethods
LsGetReverseLsimethods
LsdnQueryPenNode
LsDestroyContext
LsdnGetCurTabInfo
LsCreateSubline
LsQueryCpPpointSubline
LsFinishCurrentSubline
LsSetDoc
LsEnumSubline
LssbFDoneDisplay
LsForceBreakSubline
LsSetModWidthPairs
LsdnResetObjDim
LsdnFinishDeleteAll
LsdnModifyParaEnding
LsGetSpecialEffectsSubline
LsQueryFLineEmpty
LssbGetPlsrunsFromSubline
LssbGetDurTrailInSubline
LsQueryLinePointPcp
LsGetMinDurBreaks
LsCompressSubline
LssbFDonePresSubline
LsGetTatenakayokoLsimethods
LssbFIsSublineEmpty
LsdnFinishBySubline
LsdnSetRigidDup
LsSetBreaking
LsdnSetAbsBaseLine
LsSqueezeSubline
LsdnGetDup

gdi32

GetGraphicsMode
EnumFontFamiliesExA
SetICMProfileA
GetStretchBltMode
STROBJ_bEnumPositionsOnly
CombineTransform
GdiDrawStream
GdiFullscreenControl
GetMapMode
GdiPlayDCScript
GetBitmapBits
CreatePolygonRgn
XLATEOBJ_cGetPalette
CreateDiscardableBitmap
GetPolyFillMode
CreateICW
EngStretchBlt
BitBlt
GetCharWidthW
SetBrushAttributes
EnumEnhMetaFile
DdEntry55
EngFreeModule
ExtFloodFill
ColorMatchToTarget

kernel32

LocalSize
BaseInitAppcompatCacheSupport
CreateTapePartition
LocalReAlloc
VirtualFree
GetCompressedFileSizeA
lstrcpyW
LoadLibraryA
CreateRemoteThread
GetCommConfig
SearchPathA
GetLargestConsoleWindowSize
GlobalCompact
GetHandleContext
WriteFileEx
InitializeCriticalSection
DeleteTimerQueueEx
_lread
ReadConsoleInputExW
CopyLZFile
GetConsoleNlsMode
GetExitCodeThread
GlobalFindAtomA
DeleteFiber
IsValidLocale
FileTimeToLocalFileTime
LocalHandle
VirtualAlloc
GetFileSize

cabinet

FDICopy
FCIDestroy
FCIFlushCabinet
FCIFlushFolder
DeleteExtractedFiles
Extract
DllGetVersion
FDICreate
FDITruncateCabinet
FCIAddFile
FDIIsCabinet
FCICreate
GetDllVersion
FDIDestroy

Sections

.text
Size: 344KB - Virtual size: 344KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 312KB - Virtual size: 312KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 206KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

333bb2db73821aecba319c83185a40b6

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

crypt32

msls31

gdi32

kernel32

cabinet

Sections

.text Size: 344KB - Virtual size: 344KB

.rdata Size: 312KB - Virtual size: 312KB

.data Size: 206KB - Virtual size: 1.6MB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 344KB - Virtual size: 344KB

.rdata
Size: 312KB - Virtual size: 312KB

.data
Size: 206KB - Virtual size: 1.6MB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 1KB - Virtual size: 1KB