c5c5bac05cc593f333224832afa2806fe8a2e0406864c5b20a15deeb357487af

Sharing

Copy URL Twitter E-mail

General

Target

c5c5bac05cc593f333224832afa2806fe8a2e0406864c5b20a15deeb357487af
Size

401KB
MD5

fa76118d5048b6035f6148fa6df09d16
SHA1

1256ad25b235a944e0d24d088736b34b2bbab53c
SHA256

c5c5bac05cc593f333224832afa2806fe8a2e0406864c5b20a15deeb357487af
SHA512

a5c3d4c9809afe419d40ed996a133248e3285de3545ea079318f6c0199864b5faba9fcc5125953817eb3de71ad35b2294391c327fa83b96af661330943008b75
SSDEEP

6144:4w8sdCMRDzLS0AjEMRKY/N9yM0KKN6UANK5D+R4WXK8fL9LwYS6iB8k:l5LSfjEMIY/jF0KK43NfFfL9MZ6z

Score

N/A

Malware Config

Signatures

Files

c5c5bac05cc593f333224832afa2806fe8a2e0406864c5b20a15deeb357487af
.exe windows x86

681f1dcd75b84c9331541ed50449c358

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msi

MsiDatabaseExportW

shlwapi

StrCatBuffW

cfgmgr32

CM_Next_Range
CM_Get_Version

wmi

WmiNotificationRegistrationW

ntdll

RtlQueueWorkItem
RtlQueryRegistryValues
wcscpy
wcslen
RtlUnwind

rtutils

TraceRegisterExA
RouterLogRegisterA
RouterLogEventDataW
TraceVprintfExA
RouterLogDeregisterA
TraceDeregisterA
RouterLogEventA

user32

CallMsgFilterA

kernel32

HeapCreate
HeapAlloc
WaitForMultipleObjects
BindIoCompletionCallback
ExitProcess
LeaveCriticalSection
FileTimeToSystemTime
GetTickCount
HeapDestroy
CreateEventA
InterlockedDecrement
VirtualAlloc
GlobalFree
EnterCriticalSection
Sleep
GetModuleFileNameA
InitializeCriticalSection
FreeLibraryAndExitThread
HeapFree
CreateThread
CloseHandle
InterlockedIncrement
LoadLibraryA
SetEvent

rtm

RtmGetFirstRoute
RtmCloseEnumerationHandle
RtmRegisterClient
RtmDequeueRouteChangeMessage
RtmEnumerateGetNextRoute
RtmDeregisterClient
RtmDeleteRoute
RtmIsRoute
RtmBlockDeleteRoutes
RtmAddRoute
RtmCreateEnumerationHandle

Sections

.text
Size: 300KB - Virtual size: 300KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

681f1dcd75b84c9331541ed50449c358

Headers

DLL Characteristics

File Characteristics

Imports

msi

shlwapi

cfgmgr32

wmi

ntdll

rtutils

user32

kernel32

rtm

Sections

.text Size: 300KB - Virtual size: 300KB

.data Size: 4KB - Virtual size: 2.4MB

.rdata Size: 49KB - Virtual size: 49KB

.idata Size: 2KB - Virtual size: 1KB

.rsrc Size: 43KB - Virtual size: 43KB

.reloc Size: 512B - Virtual size: 36B

.text
Size: 300KB - Virtual size: 300KB

.data
Size: 4KB - Virtual size: 2.4MB

.rdata
Size: 49KB - Virtual size: 49KB

.idata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 43KB - Virtual size: 43KB

.reloc
Size: 512B - Virtual size: 36B