aa4def7a4bba87d43f45cf552c51222cc19bf0416867d6f529685a8d031fec2b

Sharing

Copy URL Twitter E-mail

General

Target

aa4def7a4bba87d43f45cf552c51222cc19bf0416867d6f529685a8d031fec2b
Size

259KB
MD5

c75d961a65d5cc72dcb9bbd6e5556080
SHA1

b582aa98039e9f1f287f0c62fa23f361180fb1c3
SHA256

aa4def7a4bba87d43f45cf552c51222cc19bf0416867d6f529685a8d031fec2b
SHA512

17f9b2ee3ab7c1acbb79be548177acc8e1f45c6fa66532974de359d74cd68afd5d1060422a70fc2ac86bf4686542993fdf00e88826a7a9a5bb7cc04c9662d53e
SSDEEP

6144:dUU5kp7PuCcZIOm2lyHtEQVpkBYm0pss20/SHI:dUU5khcZIlfHhVKBYosV6HI

Score

N/A

Malware Config

Signatures

Files

aa4def7a4bba87d43f45cf552c51222cc19bf0416867d6f529685a8d031fec2b
.exe windows x86

0ed15710f78a40cb1615bf829f2d2fa1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GlobalHandle
FindClose
SetTimerQueueTimer
GetTapeStatus
GetConsoleHardwareState
lstrcpyA
HeapUnlock
_lcreat
GlobalAddAtomA
GlobalUnlock
SetComputerNameExW
IsBadCodePtr
UTRegister
BuildCommDCBA
GetFileInformationByHandle
ZombifyActCtx
IsValidCodePage
UnhandledExceptionFilter
GetCurrentProcessId
lstrcmpi
LocalAlloc
LoadLibraryA
GetLogicalDriveStringsW
SetFilePointerEx
HeapCreate
HeapValidate
OpenFileMappingW
GetShortPathNameW
CreateSocketHandle
GetProcAddress
GetNumaAvailableMemoryNode
ContinueDebugEvent
EnumSystemCodePagesA
PrivMoveFileIdentityW
GetDiskFreeSpaceW
GetCPInfoExW
Heap32First
Process32Next
GetThreadPriorityBoost
GetTapePosition
ReadFile
ReadConsoleOutputA
CreateMailslotW
VirtualAlloc
RegisterWaitForSingleObject
SetStdHandle
BaseUpdateAppcompatCache
lstrlenW
FileTimeToLocalFileTime
PrepareTape
CopyFileExA
lstrcpyW
CancelIo
SetProcessShutdownParameters
SetErrorMode
GetDriveTypeW
QueryDosDeviceA
FindNextVolumeW
CancelDeviceWakeupRequest
CreateFileMappingW
WaitForMultipleObjectsEx
GetLocaleInfoA
GetFullPathNameW
SetCommBreak
ClearCommBreak
GetProfileSectionW
SetConsoleNumberOfCommandsA
ConvertThreadToFiber
LZOpenFileA
MoveFileWithProgressW
GetSystemTimeAsFileTime
GetFileTime
SetTimeZoneInformation
SearchPathA
CloseConsoleHandle
IsValidLocale
GetPrivateProfileStructA
SetEnvironmentVariableW
GetEnvironmentStrings
SetLastError
GlobalLock
GetConsoleWindow
SetNamedPipeHandleState
GetLocaleInfoW

atl

AtlPixelToHiMetric
AtlModuleLoadTypeLib
AtlModuleInit
AtlHiMetricToPixel
AtlSetErrorInfo
AtlModuleRegisterServer
AtlFreeMarshalStream
AtlModuleAddCreateWndData
AtlUnadvise
AtlIPersistPropertyBag_Save
AtlUnmarshalPtr
AtlAxCreateControlEx
AtlModuleUnRegisterTypeLib
AtlCreateTargetDC
AtlGetVersion
AtlComPtrAssign
AtlMarshalPtrInProc
AtlModuleGetClassObject
AtlAxDialogBoxA
AtlIPersistPropertyBag_Load
AtlComQIPtrAssign
AtlModuleRegisterWndClassInfoW
AtlAxCreateDialogA
AtlModuleAddTermFunc
AtlAxCreateDialogW
AtlModuleRegisterWndClassInfoA
AtlModuleUnregisterServerEx
AtlModuleUnregisterServer
AtlGetObjectSourceInterface
AtlWaitWithMessageLoop
AtlModuleRevokeClassObjects
AtlAxGetHost
AtlAxAttachControl
DllGetClassObject
AtlModuleExtractCreateWndData
AtlDevModeW2A

crtdll

_execv
fflush
ftell
_flsbuf
perror
_pwctype_dll
_ecvt
strlen
_vsnprintf
_HUGE_dll
isspace
_ftime
_getch
_execl
_findnext
strchr
_mbsspnp
_mbsstr
isgraph
_clearfp
_ismbbprint
_CIcosh
_CItan
_isctype
_putw
_heapchk
_fileinfo_dll
_vsnwprintf
_stricoll
_CIsinh
_CIcos
bsearch
_snwprintf

netapi32

NetShareDelSticky
NetErrorLogRead
DsRoleGetDatabaseFacts
NetDfsEnum
NetServerSetInfo
NetAuditRead
DsAddressToSiteNamesExW
DsRoleGetDcOperationProgress
I_NetGetDCList
NetEnumerateComputerNames
NetScheduleJobEnum
NetScheduleJobDel
I_BrowserServerEnum
RxNetAccessEnum
NetpwNameCompare
NetAuditWrite
NetpGetConfigBool
NetReplExportDirSetInfo
NetUseEnum
NetShareEnum
NetAlertRaiseEx
NetAddAlternateComputerName
NetLogonGetTimeServiceParentDomain
I_NetLogonGetDomainInfo
NetpGetConfigDword
NetWkstaSetInfo

certcli

CACloneCertType
CACertTypeAccessCheck
CASetCertTypeProperty
CASetCASecurity
CAFindByCertType
CAEnumCertTypes
CAUpdateCertType
CAFindByIssuerDN
CAGetDN
DllInstall
CAFindCertTypeByName
CASetCertTypeExtension
CAEnumNextCertType
CADeleteCA
DllGetClassObject
CACertTypeSetSecurity
CASetCertTypeFlags
CAInstallDefaultCertType
CACountCertTypes
CACreateLocalAutoEnrollmentObject
CASetCACertificate
CACertTypeRegisterQuery
CADeleteLocalAutoEnrollmentObject
CAGetCertTypeExtensions
GetProxyDllInfo
CAAccessCheckEx
CACertTypeAccessCheckEx
CACreateAutoEnrollmentObjectEx
CACertTypeGetSecurity
CAFreeCAProperty
CAGetCertTypeFlagsEx

Sections

.text
Size: 135KB - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 428KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 113KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0ed15710f78a40cb1615bf829f2d2fa1

Headers

File Characteristics

Imports

kernel32

atl

crtdll

netapi32

certcli

Sections

.text Size: 135KB - Virtual size: 135KB

.rdata Size: 116KB - Virtual size: 116KB

.data Size: 1KB - Virtual size: 428KB

.rsrc Size: 113KB - Virtual size: 113KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 135KB - Virtual size: 135KB

.rdata
Size: 116KB - Virtual size: 116KB

.data
Size: 1KB - Virtual size: 428KB

.rsrc
Size: 113KB - Virtual size: 113KB

.reloc
Size: 1024B - Virtual size: 1024B