094eb7232a831ad5e1988418ca04aaf2[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

094eb7232a831ad5e1988418ca04aaf2.exe
Size

92KB
MD5

094eb7232a831ad5e1988418ca04aaf2
SHA1

9568364d6092edf8f68ec7cf8e05c26a4bba1199
SHA256

8efd0ddff72ea81c08765428196b377f9a392340c71a1e4fd27af97ae8fa4cce
SHA512

9399fd176338c8310acb1c0510a37480b29176879ac4f44a1090be4c20c7fe7a2f81c5827164217002a4c072a70859bae24e42a0cc4cd0320c55adaebd0d0a3f
SSDEEP

1536:DKjvoJWqo6gW5p3xIdsxK1ZrZPto0RROrPoulv1rIUIo3WVdq2+dwDHxm3:DKjvojOW5XIXnPo0RErgA3/3WVd1AkR

Score

N/A

Malware Config

Signatures

Files

094eb7232a831ad5e1988418ca04aaf2.exe
.exe windows x86

5280356fe18fb8c7e846b35afbf6bb9f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

ZwDeleteAtom
RtlpNtSetValueKey
NtSetLowWaitHighEventPair
ZwAccessCheck
RtlAddAttributeActionToRXact
RtlSubAuthoritySid
ZwSetLowEventPair
RtlNtStatusToDosError
NtSetTimerResolution
NtSetSystemEnvironmentValue
NtInitializeRegistry
RtlNewInstanceSecurityObject
NtOpenMutant
RtlDecompressBuffer
RtlRandom
strchr
NtResetEvent
RtlUnhandledExceptionFilter2
RtlUpcaseUnicodeToOemN
ZwInitializeRegistry
RtlTraceDatabaseDestroy
NtSetSystemEnvironmentValueEx
RtlGetControlSecurityDescriptor
LdrFindResource_U
RtlConvertExclusiveToShared
ZwSecureConnectPort
RtlEnlargedUnsignedMultiply
RtlEnumerateGenericTableLikeADirectory
NtRaiseException
strcspn

msoert2

PszSkipWhiteA
CleanupGlobalTempFiles
strtrimW
RicheditStreamIn
CreateLogFile
HrIndexOfWeek
IsDigit
IsValidFileIfFileUrlW
PszDupA
HrGetBodyElement
PszFromANSIStreamA
CreateEnumFormatEtc
CleanupFileNameInPlaceW
HrCopyStream
HrGetElementImpl
FIsHTMLFileW
FIsSpaceW
DeleteTempFile
CryptFreeFunc
StrToUintA
GetHtmlCharset
BrowseForFolder
CopyRegistry
BrowseForFolderW
PszMonthFromIndex
FIsEmptyA
HrCopyLockBytesToStream
ShellUtil_GetSpecialFolderPath
IUnknownList_CreateInstance
RicheditStreamOut
HrGetMsgParam
FIsSpaceA
FBuildTempPath
HrCreatePhonebookEntry
CreateTempFile

rtm

RtmGetRegisteredEntities
RtmGetEnumNextHops
RtmLookupIPDestination
MgmGetProtocolOnInterface
RtmDeregisterFromChangeNotification
RtmBlockDeleteRoutes
MgmGetMfe
MgmRegisterMProtocol
RtmIgnoreChangedDests
RtmReleaseEntities
RtmCreateRouteEnum
MgmDeleteGroupMembershipEntry
MgmInitialize
RtmIsMarkedForChangeNotification
MgmGetMfeStats
RtmGetRouteInfo
RtmRegisterEntity
RtmGetInstanceInfo
DumpTable
RtmReleaseNextHopInfo
MgmTakeInterfaceOwnership
RtmHoldDestination
RtmReadInstanceConfig
RtmWriteAddressFamilyConfig
RtmReleaseDests
RtmGetNextHopInfo
RtmGetDestInfo
RtmReleaseEntityInfo
RtmDeleteNextHop
RtmDeleteRouteToDest
RtmGetListEnumRoutes
DeleteFromTable
RtmIsRoute

kernel32

GetConsoleKeyboardLayoutNameW
LZClose
CmdBatNotification
GetModuleHandleW
SetComputerNameW
RemoveLocalAlternateComputerNameA
DosPathToSessionPathW
LoadResource
SetTimerQueueTimer
DeleteFileA
SetFirmwareEnvironmentVariableA
SetFilePointer
DeleteVolumeMountPointW
UnhandledExceptionFilter
GetSystemWow64DirectoryA
RtlUnwind
GlobalAlloc
SetCalendarInfoA
WriteConsoleOutputA
DeleteFileW
GetVolumeNameForVolumeMountPointA
GetDateFormatW
SetThreadContext
EnumCalendarInfoExW
SetConsoleCursorPosition
GetFileSize
SizeofResource
SetLastError
GetSystemPowerStatus
LocalUnlock
SetConsolePalette
VirtualQueryEx
SetConsoleFont
DnsHostnameToComputerNameA
UpdateResourceW
ConvertThreadToFiber
LocalLock
EnumResourceNamesW
OpenFileMappingW
OpenFileMappingA
FindResourceExW
ReadConsoleInputExW
WritePrivateProfileStructW
GetEnvironmentVariableW
_lread
GetBinaryType
GetCurrentDirectoryA
SetConsoleScreenBufferSize
FreeLibrary
ReadConsoleInputExA
VerifyVersionInfoA
BuildCommDCBW
ActivateActCtx
PostQueuedCompletionStatus
FileTimeToDosDateTime
GetExpandedNameA
FlushViewOfFile
QueryActCtxW
EnumTimeFormatsW
WriteProfileStringW
ConsoleMenuControl
GetConsoleOutputCP
SetThreadLocale
QueryDosDeviceW
SetWaitableTimer
AddVectoredExceptionHandler
AllocConsole
IsBadStringPtrA
GetNativeSystemInfo
GetDiskFreeSpaceA
SetEnvironmentVariableA
EnumCalendarInfoW
RegisterWowExec
GetTempFileNameA
EraseTape
Module32First
WTSGetActiveConsoleSessionId
GetCurrentThread
VirtualAlloc
GetThreadContext
GlobalCompact
SetConsoleInputExeNameA
CreateFileA
GetModuleHandleA
SetCurrentDirectoryA
SetProcessShutdownParameters
LoadLibraryA
InitAtomTable
ScrollConsoleScreenBufferA
ReplaceFile
GetNumaAvailableMemoryNode

cryptdll

CDRegisterCheckSum
CDRegisterCSystem
CDGenerateRandomBits
MD5Final
MD5Init
CDLocateRng
MD5Update
CDLocateCSystem
CDBuildIntegrityVect
CDBuildVect
CDFindCommonCSystemWithKey
CDFindCommonCSystem
CDLocateCheckSum
CDRegisterRng

mshtmled

DllGetClassObject
DllEnumClassObjects

Sections

.text
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5280356fe18fb8c7e846b35afbf6bb9f

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

msoert2

rtm

kernel32

cryptdll

mshtmled

Sections

.text Size: 46KB - Virtual size: 46KB

.rdata Size: 26KB - Virtual size: 25KB

.data Size: 512B - Virtual size: 81KB

.rsrc Size: 17KB - Virtual size: 16KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 46KB - Virtual size: 46KB

.rdata
Size: 26KB - Virtual size: 25KB

.data
Size: 512B - Virtual size: 81KB

.rsrc
Size: 17KB - Virtual size: 16KB

.reloc
Size: 1KB - Virtual size: 1KB