de3fa4e214ede7e987120a49c3cc9994162307f6b33d49523dd43ab88e992a3a

Sharing

Copy URL

Twitter E-mail

General

Target

de3fa4e214ede7e987120a49c3cc9994162307f6b33d49523dd43ab88e992a3a
Size

124KB
MD5

9ca096d168d715a3ceaee5c8986944d1
SHA1

7090bba387624e46eb3b96a947798cd1b0ef07c1
SHA256

de3fa4e214ede7e987120a49c3cc9994162307f6b33d49523dd43ab88e992a3a
SHA512

2bcc7fbb66c452f3672dbbd506b058927aae64a8507a4429eab68f296715fed976f69be8ee978f4ee0055951894fb0f94109b7ba4352a38e278c2556bfe2c937
SSDEEP

3072:wmBsSskhdir690Y8hplH1pBJm08Kll46pAEMa3ul:wXcdi+9wpJ1pjm0dzAEMV

Score

N/A

Malware Config

Signatures

Files

de3fa4e214ede7e987120a49c3cc9994162307f6b33d49523dd43ab88e992a3a
.exe windows x86

3f6febac4eb7a500317df6d60921558e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_except_handler3
sprintf
_vsnprintf
wcscat
_resetstkoflw
wcslen
wcsncpy
strncmp
wcsrchr
wcschr
strncpy
wcscpy

kernel32

InterlockedExchange
FlushFileBuffers
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
GetModuleHandleW
GetModuleFileNameW
lstrcpyW
lstrlenW
InterlockedExchangeAdd
LocalFree
LocalAlloc
InterlockedDecrement
InterlockedCompareExchange
SetLastError
GetVersionExW
CreateEventW
RegisterWaitForSingleObjectEx
ExpandEnvironmentStringsW

advapi32

OpenServiceW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
ImpersonateSelf
RegisterTraceGuidsW
GetTraceLoggerHandle
SystemFunction036
IsTextUnicode
CredUnmarshalCredentialW
LsaClose
AdjustTokenPrivileges
SetThreadToken
GetTokenInformation
RegNotifyChangeKeyValue
RegDeleteValueW
A_SHAInit
A_SHAUpdate
A_SHAFinal
MD5Init
MD5Update
MD5Final
OpenSCManagerW
RevertToSelf
QueryServiceConfigW
QueryServiceStatus
CloseServiceHandle
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
TraceEvent
SystemFunction009
SystemFunction008
SystemFunction006
SystemFunction007
SystemFunction011
LsaOpenPolicy
LsaQueryInformationPolicy
LsaClose
LsaFreeMemory

secur32

CredUnmarshalTargetInfo
CredMarshalTargetInfo
FreeContextBuffer

iphlpapi

GetAdaptersAddresses

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fhj5
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fhj50
Size: 512B - Virtual size: 202B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fhj51
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fhj52
Size: 203KB - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fhj53
Size: 203KB - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fhj54
Size: 512B - Virtual size: 238B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fhj55
Size: 512B - Virtual size: 222B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.fhj56
Size: 512B - Virtual size: 222B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.fhj57
Size: 512B - Virtual size: 222B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fhj58
Size: 512B - Virtual size: 222B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.fhj59
Size: 512B - Virtual size: 222B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3f6febac4eb7a500317df6d60921558e

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

advapi32

secur32

iphlpapi

Sections

.text Size: 13KB - Virtual size: 13KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 1KB - Virtual size: 2KB

.fhj5 Size: 512B - Virtual size: 180B

.fhj50 Size: 512B - Virtual size: 202B

.fhj51 Size: 512B - Virtual size: 176B

.fhj52 Size: 203KB - Virtual size: 202KB

.fhj53 Size: 203KB - Virtual size: 202KB

.fhj54 Size: 512B - Virtual size: 238B

.fhj55 Size: 512B - Virtual size: 222B

.fhj56 Size: 512B - Virtual size: 222B

.fhj57 Size: 512B - Virtual size: 222B

.fhj58 Size: 512B - Virtual size: 222B

.fhj59 Size: 512B - Virtual size: 222B

.rsrc Size: 16KB - Virtual size: 16KB

.reloc Size: 512B - Virtual size: 260B

Size: 4KB - Virtual size: 4KB

.text
Size: 13KB - Virtual size: 13KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 1KB - Virtual size: 2KB

.fhj5
Size: 512B - Virtual size: 180B

.fhj50
Size: 512B - Virtual size: 202B

.fhj51
Size: 512B - Virtual size: 176B

.fhj52
Size: 203KB - Virtual size: 202KB

.fhj53
Size: 203KB - Virtual size: 202KB

.fhj54
Size: 512B - Virtual size: 238B

.fhj55
Size: 512B - Virtual size: 222B

.fhj56
Size: 512B - Virtual size: 222B

.fhj57
Size: 512B - Virtual size: 222B

.fhj58
Size: 512B - Virtual size: 222B

.fhj59
Size: 512B - Virtual size: 222B

.rsrc
Size: 16KB - Virtual size: 16KB

.reloc
Size: 512B - Virtual size: 260B