de3535e1664b08a27afa713631a8e53fe31c75246171ede610b646e1bd41717f

Sharing

Copy URL Twitter E-mail

General

Target

de3535e1664b08a27afa713631a8e53fe31c75246171ede610b646e1bd41717f
Size

171KB
MD5

9286f0dce03fec6e72bfa5cb49fee67e
SHA1

2db08deef497d53b3a07cf45cf014fef4c9506b4
SHA256

de3535e1664b08a27afa713631a8e53fe31c75246171ede610b646e1bd41717f
SHA512

3b009ddbc66a6c92865f7cd63c3a42bb84ec9ad4ae262be33112a06fbb026e78d478f1ff0426542c7f290f8cfbc6ba25eb6be331b475a970a82c69132f49153b
SSDEEP

3072:2ddstlJ6q40/2YiDu0XmL+T46SA9edCCPxtd9xTU/QmtCwHyNq/X5X1:2HsJt/vpO46UdHLFU/6Nq/N

Score

N/A

Malware Config

Signatures

Files

de3535e1664b08a27afa713631a8e53fe31c75246171ede610b646e1bd41717f
.exe windows x86

c5a50cb9d86a22b53b088aeccf8b7694

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoBuildVersion
CoTaskMemFree
StringFromCLSID
CoCreateInstance
StringFromIID
CoGetInterfaceAndReleaseStream
ReleaseStgMedium
CoTaskMemAlloc

shlwapi

PathIsUNCServerShareW
PathAppendW

gdi32

GetTextExtentPoint32W
CreateFontIndirectW
CreatePatternBrush
DeleteObject
GetDeviceCaps
SetTextColor
CreateBitmap
SetBkColor

apphelp

GetPermLayers

credui

CredUIParseUserNameW
CredUIInitControls

cryptui

CryptUIDlgViewCertificateW
CryptUIDlgSelectCertificateW

dnsapi

DnsNameCompareEx_W

advapi32

LsaNtStatusToWinError
FreeSid
EqualPrefixSid
GetNamedSecurityInfoW
SystemFunction041
GetSidSubAuthorityCount
InitializeAcl
SetNamedSecurityInfoW
LsaRetrievePrivateData
LsaClose
LsaCreateTrustedDomainEx
LsaOpenTrustedDomainByName
CryptAcquireContextW
GetSidSubAuthority
LsaLookupSids
SetEntriesInAclW
GetSecurityDescriptorLength
LsaQueryTrustedDomainInfo
CryptGenRandom
ImpersonateLoggedOnUser
BuildTrusteeWithObjectsAndSidW
IsValidSid
OpenSCManagerW
BuildTrusteeWithSidW
GetSidLengthRequired
RegDeleteKeyW
LsaOpenPolicy
LsaSetTrustedDomainInfoByName
GetLengthSid
LsaFreeMemory
LogonUserW
SystemFunction040
RegCloseKey
RegSetValueExW
CloseServiceHandle
MakeSelfRelativeSD
GetSecurityDescriptorDacl
LsaQueryForestTrustInformation
RegQueryValueExW
LsaOpenTrustedDomain
GetSidIdentifierAuthority
GetSecurityDescriptorControl
QueryServiceStatus
RegCreateKeyExW
AllocateAndInitializeSid
CryptReleaseContext
InitializeSecurityDescriptor
RegOpenKeyExW
ImpersonateAnonymousToken
GetExplicitEntriesFromAclW
LsaSetForestTrustInformation
EqualSid
RevertToSelf
OpenServiceW
LsaQueryTrustedDomainInfoByName
LsaQueryInformationPolicy
LsaDelete

ntdll

RtlNtStatusToDosError
NtQuerySystemTime
RtlSubAuthoritySid
RtlInitUnicodeString
RtlSubAuthorityCountSid
RtlIdentifierAuthoritySid

shell32

SHGetFolderPathW

version

GetFileVersionInfoW

dsprop

ADsPropCreateNotifyObj
ADsPropSendErrorMessage
FindSheet
ADsPropGetInitInfo
ADsPropShowErrorDialog
ADsPropSetHwndWithTitle
ADsPropSetHwnd

kernel32

VirtualAlloc
GetLastError

crypt32

CertCloseStore
CertDuplicateCertificateContext
CryptFindOIDInfo
CertGetCertificateContextProperty
CryptDecodeObject
CertEnumSystemStore
CertFreeCertificateContext
CertAddCertificateContextToStore
CertDuplicateStore
CertGetNameStringW
CertGetEnhancedKeyUsage
CertFindCertificateInStore
CertControlStore
CertOpenStore
CertEnumCertificatesInStore
CertSaveStore
CryptQueryObject
CertDeleteCertificateFromStore

ntdsapi

DsUnBindW
DsFreeNameResultW
DsBindW
DsIsMangledDnW
DsCrackNamesW
DsCrackSpn3W

user32

GetWindowRect
GetDlgCtrlID
FrameRect
SetScrollInfo
MessageBoxA
SendMessageW
DialogBoxParamW
GetScrollInfo
FindWindowExW
ScrollWindow
CreateWindowExW
SystemParametersInfoW
SetDlgItemTextW
DefWindowProcW
GetDlgItem
SetScrollPos
SetWindowLongW
IsWindowEnabled
EnableWindow
SetCursor
CallWindowProcW
PostMessageW
MapDialogRect
SetForegroundWindow
SetWindowTextW
SetScrollRange
BeginPaint
LoadIconW
IsWindow
IsDlgButtonChecked
OffsetRect
CheckRadioButton
GetWindowLongW
LoadStringW
DestroyWindow
GetWindowTextW
GetClientRect
WinHelpW
SetFocus
DrawIcon
MoveWindow
RegisterWindowMessageW
MessageBoxW
GetParent
wsprintfW
SetWindowContextHelpId
SetWindowPos
RegisterClassW
LoadCursorW
GetWindow
MapWindowPoints
UpdateWindow
SendDlgItemMessageW
ScreenToClient
ReleaseDC
GetSystemMetrics
DrawFocusRect
CheckDlgButton
GetWindowTextLengthW
EndPaint
GetDlgItemTextW
GetSysColor
GetDesktopWindow
RegisterClipboardFormatW
ShowWindow
EndDialog
GetSysColorBrush
GetDC
DestroyIcon
LoadBitmapW
InflateRect
GetWindowThreadProcessId
MessageBeep

Sections

.text
Size: 512B - Virtual size: 404B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.data
Size: 50KB - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c5a50cb9d86a22b53b088aeccf8b7694

Headers

DLL Characteristics

File Characteristics

Imports

ole32

shlwapi

gdi32

apphelp

credui

cryptui

dnsapi

advapi32

ntdll

shell32

version

dsprop

kernel32

crypt32

ntdsapi

user32

Sections

.text Size: 512B - Virtual size: 404B

.rsrc Size: 59KB - Virtual size: 59KB

.idata Size: 6KB - Virtual size: 5KB

.rdata Size: 53KB - Virtual size: 53KB

.reloc Size: 512B - Virtual size: 28B

.data Size: 50KB - Virtual size: 3.5MB

.text
Size: 512B - Virtual size: 404B

.rsrc
Size: 59KB - Virtual size: 59KB

.idata
Size: 6KB - Virtual size: 5KB

.rdata
Size: 53KB - Virtual size: 53KB

.reloc
Size: 512B - Virtual size: 28B

.data
Size: 50KB - Virtual size: 3.5MB