abba957043dabd3f46d51d0dd9cc21f9a2dfd2559cc740dee30bcbf30bf02be3

Sharing

Copy URL Twitter E-mail

General

Target

abba957043dabd3f46d51d0dd9cc21f9a2dfd2559cc740dee30bcbf30bf02be3
Size

449KB
MD5

1b98182e50ddc05acf64e486bbae8cf8
SHA1

ebf72c8bf397b3175614d5cedcc37576752dae75
SHA256

abba957043dabd3f46d51d0dd9cc21f9a2dfd2559cc740dee30bcbf30bf02be3
SHA512

876d764b9ca203bb3935a577422a1545e52fc57099dbee95e35268f98c647281c60aba004e9f3a875e6201fea49e122ce0c80faa13265c34be2d88ba01da5f6b
SSDEEP

12288:AiCmzTua890a2dlXW6OLCVQ6vNlCwBfQMG:xnx8v2dlG6Oei0EwBfQM

Score

N/A

Malware Config

Signatures

Files

abba957043dabd3f46d51d0dd9cc21f9a2dfd2559cc740dee30bcbf30bf02be3
.exe windows x86

5c8a48252f6ef814c85b2e573e5673b2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdsapi

DsFreeNameResultW
DsCrackNamesW
DsBindW
DsUnBindW

wintrust

WTHelperGetFileHash

kernel32

GetWindowsDirectoryW
SetUnhandledExceptionFilter
OpenEventW
IsBadReadPtr
TerminateProcess
GetSystemWindowsDirectoryW
InitializeCriticalSection
GetComputerNameW
IsBadWritePtr
GetSystemTime
InterlockedIncrement
UnmapViewOfFile
QueryPerformanceCounter
GetModuleFileNameW
CreateFileMappingW
GetCommandLineW
SetEvent
MapViewOfFileEx
GetProcAddress
GlobalUnlock
FormatMessageW
CloseHandle
CreateEventW
GetFileTime
DeleteCriticalSection
GlobalFree
lstrlenW
GlobalLock
GetFileSizeEx
FindResourceW
LoadResource
GetCurrentProcessId
LocalAlloc
CompareFileTime
GetCurrentProcess
GlobalAlloc
LoadLibraryA
GetTimeFormatW
SetLastError
GetVersionExW
lstrcmpiW
GetCurrentThreadId
GetTickCount
SystemTimeToFileTime
lstrcpynW
GetUserDefaultLangID
VirtualAlloc
MultiByteToWideChar
GetDateFormatW
lstrcpyW
GetShortPathNameW
InterlockedDecrement
GetLastError
CreateFileW
GetModuleHandleW
WaitForSingleObject
ReadFile
CompareStringW
ResetEvent
GetComputerNameExW
UnhandledExceptionFilter
GetFileSize
OutputDebugStringA
FreeLibrary
LoadLibraryW
LeaveCriticalSection
FileTimeToLocalFileTime
FileTimeToSystemTime
MapViewOfFile
GetSystemTimeAsFileTime
GetModuleHandleA
LocalFree

gdi32

GetDeviceCaps
DeleteObject
CreateFontIndirectW

certcli

CAGetCertTypePropertyEx
CAGetCAProperty
CAGetCertTypeExtensions
CACountCAs
CAEnumCertTypes
CAFindCertTypeByName
CACloseCertType
CAGetCertTypeProperty
CAFreeCertTypeProperty
CAFreeCAProperty
CAEnumNextCA
CAEnumNextCertType
CAGetCertTypeFlags
CAGetCACertificate
CACloseCA
CAEnumFirstCA

user32

SystemParametersInfoW
PostMessageW
ReleaseDC
MessageBoxW
SendDlgItemMessageW
GetMenu
LoadMenuW
GetSystemMetrics
ScreenToClient
SetMenu
wsprintfW
GetSubMenu
DrawStateA
CallNextHookEx
GetWindowLongW
DlgDirListA
RegisterClipboardFormatW
SetWindowsHookExW
GetDlgCtrlID
DestroyIcon
LoadIconW
EnableMenuItem
SendMessageW
WinHelpW
GetDC
GetWindowRect
InvalidateRect
LoadStringW
GetDlgItem
GetClientRect
UnhookWindowsHookEx
EnableWindow
GetParent
SetWindowTextW
ShowWindow
EnumPropsA
ChildWindowFromPointEx
GetCursorPos

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

crypt32

CertGetCertificateChain
CertGetStoreProperty
CertGetSubjectCertificateFromStore
CertAddCRLContextToStore
CertDuplicateCRLContext
CertGetEnhancedKeyUsage
CryptDecodeObject
CertFindCertificateInStore
CryptFindCertificateKeyProvInfo
CertAddSerializedElementToStore
CertEnumPhysicalStore
CertFreeCRLContext
CertFindCTLInStore
CertAddEncodedCTLToStore
CryptQueryObject
CertDeleteCertificateFromStore
CertSetCertificateContextProperty
CertAddCTLContextToStore
CertGetCertificateContextProperty
CertCompareCertificate
CryptMsgOpenToDecode
CertGetCRLFromStore
CryptMsgGetParam
CertNameToStrW
CertEnumCTLsInStore
CryptFindOIDInfo
CryptEnumOIDInfo
CertControlStore
CertDeleteCTLFromStore
CryptUnregisterOIDInfo
CertOpenStore
CertGetNameStringW
CertAddCertificateContextToStore
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertGetCTLContextProperty
CertCloseStore
CryptFindLocalizedName
CertEnumSystemStore
CryptMsgClose
CertFreeCertificateChain
CertFreeCertificateContext
CryptMsgEncodeAndSignCTL
CertFindExtension
CertEnumCRLsInStore
CryptMsgUpdate
CertFreeCTLContext
CertAddStoreToCollection
CertDuplicateCTLContext
CertDeleteCRLFromStore

advpack

AdvInstallFile

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 107KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 267KB - Virtual size: 267KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5c8a48252f6ef814c85b2e573e5673b2

Headers

DLL Characteristics

File Characteristics

Imports

ntdsapi

wintrust

kernel32

gdi32

certcli

user32

version

crypt32

advpack

Sections

.text Size: 1KB - Virtual size: 1KB

.data Size: 107KB - Virtual size: 1.8MB

.idata Size: 6KB - Virtual size: 5KB

.rsrc Size: 267KB - Virtual size: 267KB

.rdata Size: 65KB - Virtual size: 64KB

.reloc Size: 512B - Virtual size: 28B

.text
Size: 1KB - Virtual size: 1KB

.data
Size: 107KB - Virtual size: 1.8MB

.idata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 267KB - Virtual size: 267KB

.rdata
Size: 65KB - Virtual size: 64KB

.reloc
Size: 512B - Virtual size: 28B