c17afdb1f1bd4e51742dcd1590b4c44cf2aad9bb83b196e4d92b35681fecaaa3

Sharing

Copy URL Twitter E-mail

General

Target

c17afdb1f1bd4e51742dcd1590b4c44cf2aad9bb83b196e4d92b35681fecaaa3
Size

289KB
MD5

040052bcedbcc43a970c3deb6c162214
SHA1

6541d60a3c4e929df5a0a2c4ea1379ff04016946
SHA256

c17afdb1f1bd4e51742dcd1590b4c44cf2aad9bb83b196e4d92b35681fecaaa3
SHA512

cf88372261debf524fac223c925736f8bd6c5314d682cbfb35a781f6aabd0d35204af0cb584f63b8cf6c20c2255c362421f3306f232de358f012bf46786ce4a8
SSDEEP

6144:B4LDrJOtgg++dz2DTCUw8ikbWnk+Gc1Q/KlXNL6+EFKc:yLW+p4Jkb9+GTKldZMj

Score

N/A

Malware Config

Signatures

Files

c17afdb1f1bd4e51742dcd1590b4c44cf2aad9bb83b196e4d92b35681fecaaa3
.exe windows x86

56020379cf47c80aedfe560028792555

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetLastError
GetOEMCP
GetSystemTimeAsFileTime
LeaveCriticalSection
VirtualAlloc
FindFirstFileA
UnhandledExceptionFilter
GetModuleHandleA
GetSystemInfo
SetStdHandle
GetFileType
GetACP
DeleteCriticalSection
VirtualFree
HeapAlloc
LCMapStringA
GetThreadLocale
TlsGetValue
SetUnhandledExceptionFilter
WideCharToMultiByte
TlsFree
LCMapStringW
SetFilePointer
WriteFile
SetEndOfFile
HeapFree
DeleteFileA
GetStdHandle
CreateFileA
HeapSize
HeapDestroy
SetEnvironmentVariableA
SetHandleCount
GetCommandLineA
GetFullPathNameA
CompareStringA
WaitForSingleObject
EnterCriticalSection
ReleaseMutex
FreeLibrary
RaiseException
RtlUnwind
CloseHandle
FileTimeToSystemTime
FlushFileBuffers
FreeEnvironmentStringsW
GetCurrentThreadId
GetTimeZoneInformation
TlsAlloc
CompareStringW
lstrcmpiA
IsBadCodePtr
VirtualProtect
TlsSetValue
LoadLibraryExA
CreateMutexA
ReadFile
GetDriveTypeA
FindClose
FreeEnvironmentStringsA
GetCurrentDirectoryA
HeapReAlloc
VirtualQuery
GetLocalTime

user32

GetSystemMetrics

advapi32

RegOpenKeyExA
GetSidSubAuthority
AddAccessAllowedAce
RegCloseKey
InitializeSid
InitializeSecurityDescriptor
IsValidSecurityDescriptor
RegQueryValueExA
InitializeAcl
GetSidLengthRequired
SetSecurityDescriptorDacl

shlwapi

PathAppendA

esent

JetCreateIndex
JetDupCursor
JetEscrowUpdate
JetPrepareToCommitTransaction
JetGetLogInfoInstance
JetBeginExternalBackupInstance
JetStopBackupInstance
JetBeginTransaction2
JetRollback
JetSetColumnDefaultValue
JetSetColumn
JetRestore
JetRetrieveKey

mspatcha

ApplyPatchToFileA

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 256KB - Virtual size: 505KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

56020379cf47c80aedfe560028792555

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

esent

mspatcha

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 256KB - Virtual size: 505KB

.rsrc Size: 4KB - Virtual size: 4KB

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 256KB - Virtual size: 505KB

.rsrc
Size: 4KB - Virtual size: 4KB