28eeab141ea4376986a29e60966bfafaff490284dd838eb90ae6b36ea64c2df0

Sharing

Copy URL Twitter E-mail

General

Target

28eeab141ea4376986a29e60966bfafaff490284dd838eb90ae6b36ea64c2df0
Size

739KB
MD5

f2b4015c11da0247e8834703b892889f
SHA1

96009b839eedde6740b7edb8ff6752c506f7128e
SHA256

28eeab141ea4376986a29e60966bfafaff490284dd838eb90ae6b36ea64c2df0
SHA512

25a60ab86664cb6ac20cf80e24f5620836220d92b1fa151fcd2f8be7cdda581617a92586e5f3a679bb2a489a097b42658079bc974caae3650d6b69bc9d629ffc
SSDEEP

12288:/x0c+RJrSw64fMHm4W1QMbPzxIr0T/ekI3Cc1JhK73y:/xSUwPMIQMTzmr0rekqCcfhM3y

Score

N/A

Malware Config

Signatures

Files

28eeab141ea4376986a29e60966bfafaff490284dd838eb90ae6b36ea64c2df0
.exe windows x86

83aa95bc21db0702b0523e55b92ca5d6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

SetProcessAffinityMask
ConvertDefaultLocale
VirtualAlloc
GetTempPathA
LCMapStringW
GlobalGetAtomNameW
DefineDosDeviceW
EnumSystemLocalesW
FormatMessageW
lstrcpyW
QueryPerformanceCounter
Module32Next
HeapFree
GetLastError
GetLongPathNameW
GetCurrentDirectoryA
PostQueuedCompletionStatus
lstrcmpA
MapViewOfFile
ReadConsoleA
EnumDateFormatsW
GetCommProperties
GetSystemDefaultUILanguage
IsBadWritePtr
WaitNamedPipeW
ExitProcess
DebugActiveProcess
GetFileType
GetProfileStringW
FindResourceA

imagehlp

ImageRvaToVa
ImageGetCertificateData
ImageUnload
ImageEnumerateCertificates
SymSetOptions
SymInitialize
ImageRvaToSection
EnumerateLoadedModules64
ImageDirectoryEntryToData
ImageLoad
CheckSumMappedFile
ImageNtHeader

rtutils

TraceVprintfExA
TracePutsExA
RouterLogRegisterA
RouterLogEventExW
TracePrintfExA
RouterLogEventDataA
MprSetupProtocolFree
TracePrintfW
RouterLogEventW
LogEventW
LogErrorA
MprSetupProtocolEnum
RouterLogEventExA
TraceRegisterExA
TraceDumpExA
RouterLogRegisterW
TracePrintfExW
TraceDeregisterW
TraceDeregisterExA
RouterLogDeregisterW
TracePrintfA
RouterLogEventA
RouterLogEventStringW
TraceDeregisterA
LogEventA
RouterLogDeregisterA
RouterLogEventStringA
TraceRegisterExW

msvcrt

_strdup
strtol
system
difftime
perror
ispunct
setvbuf
_mbsnbcmp
_fullpath
rand
strcat
feof
__setusermatherr
fgetc
wcschr
_wcmdln
mbstowcs
strtod
isalpha
ungetc
_winminor
_wfindfirst64
fabs
_ftol

crypt32

CertDeleteCertificateFromStore

comctl32

ImageList_Replace
PropertySheetW
InitCommonControlsEx
CreateStatusWindowA
ImageList_Create
ImageList_Read
ImageList_DragLeave
ImageList_LoadImageA
ImageList_DragEnter
ImageList_Write
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_SetDragCursorImage
CreateStatusWindowW
CreatePropertySheetPageA
ImageList_DrawIndirect
PropertySheetA
DestroyPropertySheetPage
ImageList_Remove
ImageList_SetOverlayImage
ImageList_GetIcon
ImageList_DragShowNolock
CreatePropertySheetPageW
CreateToolbarEx
_TrackMouseEvent
ImageList_BeginDrag
ImageList_Add
ImageList_GetBkColor
ImageList_DragMove
ImageList_GetDragImage
InitCommonControls

advapi32

CreateProcessAsUserA
RegRestoreKeyW
LsaGetSystemAccessAccount
CreateProcessAsUserW
QueryServiceStatus
EnumServicesStatusExW
RegisterServiceCtrlHandlerW
RegRestoreKeyA
CryptCreateHash
GetTraceEnableLevel
LsaFreeMemory
StartServiceCtrlDispatcherW
RegQueryValueA
GetKernelObjectSecurity
WmiQueryAllDataW
CryptGenRandom
ClearEventLogW
SystemFunction009
I_ScSetServiceBitsW
FileEncryptionStatusW
CryptExportKey
InitializeAcl
ReadEncryptedFileRaw
WmiCloseBlock
ConvertStringSecurityDescriptorToSecurityDescriptorA
RegSetValueW
CryptGetProvParam
SetNamedSecurityInfoA
LsaRetrievePrivateData
SystemFunction007
RegQueryValueExA
RegLoadKeyA
EnumServicesStatusW
CryptSetHashParam
RegCloseKey
UpdateTraceW
CryptDeriveKey
SetKernelObjectSecurity
RegEnumKeyExA
AllocateLocallyUniqueId
AllocateAndInitializeSid
RegQueryInfoKeyW
RegGetKeySecurity
LookupAccountSidW
RegFlushKey
LsaOpenTrustedDomainByName
RegCreateKeyExW
LookupPrivilegeValueA
GetOldestEventLogRecord

Sections

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 52KB - Virtual size: 468KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 79KB - Virtual size: 210KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 235KB - Virtual size: 442KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 328KB - Virtual size: 403KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

83aa95bc21db0702b0523e55b92ca5d6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

imagehlp

rtutils

msvcrt

crypt32

comctl32

advapi32

Sections

.data Size: 2KB - Virtual size: 1KB

.text Size: 52KB - Virtual size: 468KB

.idata Size: 79KB - Virtual size: 210KB

.bss Size: 235KB - Virtual size: 442KB

.data Size: 328KB - Virtual size: 403KB

.rsrc Size: 39KB - Virtual size: 39KB

.reloc Size: 1KB - Virtual size: 1KB

.data
Size: 2KB - Virtual size: 1KB

.text
Size: 52KB - Virtual size: 468KB

.idata
Size: 79KB - Virtual size: 210KB

.bss
Size: 235KB - Virtual size: 442KB

.data
Size: 328KB - Virtual size: 403KB

.rsrc
Size: 39KB - Virtual size: 39KB

.reloc
Size: 1KB - Virtual size: 1KB