93839afb92f593e2ed6a2157179c63e6e19d85640427287ab93ed3451e5754c3

Sharing

Copy URL Twitter E-mail

General

Target

93839afb92f593e2ed6a2157179c63e6e19d85640427287ab93ed3451e5754c3
Size

366KB
MD5

c58653a629fb0d75a05e5d26e499345a
SHA1

5893b851c0b82c6ddd7c65a14cbf2af5d507240d
SHA256

93839afb92f593e2ed6a2157179c63e6e19d85640427287ab93ed3451e5754c3
SHA512

0dc0491217202b19a3e15d42205ec76ab98f70588d5959d7bc2086e563820764ca0926b4d2ffefd56a8fa9f12a5622e7213968b953d5f878cc094ce7b9d8b330
SSDEEP

6144:tB0LvJS2b6VZsxcE2JqOTXliXs6Mx+0mKYF1atodP6bd1GEwF45eWeaMEY:D0LhLOnguVcs6MxKKGvde1GEXe1Q

Score

N/A

Malware Config

Signatures

Files

93839afb92f593e2ed6a2157179c63e6e19d85640427287ab93ed3451e5754c3
.exe windows x86

0a65936b72a3fcbf27ff58c1553a2849

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetConsoleInputExeNameA
GetConsoleAliasesLengthA
DeleteCriticalSection
GetLastError
WaitForDebugEvent
IsValidLocale
LZCloseFile
BeginUpdateResourceA
VirtualAlloc
GetDefaultCommConfigA
WaitNamedPipeW
ConvertDefaultLocale
RegisterWowBaseHandlers
FreeEnvironmentStringsW
CreateConsoleScreenBuffer
SearchPathW
LocalAlloc
QueryPerformanceCounter
BaseCleanupAppcompatCacheSupport
IsBadStringPtrA
GetConsoleCommandHistoryLengthW
GetCurrencyFormatW
DebugActiveProcessStop
LoadLibraryA
FatalExit
VDMConsoleOperation
WaitForSingleObjectEx
CallNamedPipeW
InvalidateConsoleDIBits
GetCommandLineW
lstrcmpiA
GetEnvironmentStringsW
GetVersionExW
DebugActiveProcess
GetDateFormatA
VirtualAllocEx
SetHandleCount
EnumSystemCodePagesW
GetFileSize
GetCommModemStatus
GetExitCodeThread
GetDateFormatW
QueryDosDeviceW
GetCurrentThread
ConnectNamedPipe
LZStart
CreateFileA
RequestDeviceWakeup
GetEnvironmentStrings

advapi32

ObjectCloseAuditAlarmA
CreatePrivateObjectSecurity
LookupPrivilegeNameA
QueryServiceLockStatusA
GetNamedSecurityInfoW
GetSidLengthRequired
GetAuditedPermissionsFromAclW
ControlService
LsaQueryTrustedDomainInfo
QueryServiceStatus
QueryServiceConfigA
SystemFunction002
FlushTraceA
IsTextUnicode
SetAclInformation
RegSaveKeyExA
RegUnLoadKeyW
CredReadDomainCredentialsW
QueryServiceConfigW
MakeAbsoluteSD
ElfBackupEventLogFileA
SaferiCompareTokenLevels
CloseCodeAuthzLevel
BuildTrusteeWithObjectsAndSidA
AdjustTokenPrivileges
GetSecurityInfoExA
LookupPrivilegeNameW
OpenServiceW
CredReadDomainCredentialsA
CredWriteDomainCredentialsW
CredUnmarshalCredentialW
ConvertStringSecurityDescriptorToSecurityDescriptorW
AddAccessDeniedAce
SetFileSecurityW
GetExplicitEntriesFromAclA
CreateProcessAsUserA
GetTokenInformation
LsaQueryTrustedDomainInfoByName
WmiDevInstToInstanceNameA
CryptAcquireContextW
I_ScSetServiceBitsW
RegisterEventSourceA
SystemFunction023
RegReplaceKeyW

crypt32

CryptImportPKCS8
CryptMsgClose
CryptVerifyDetachedMessageSignature
CertEnumSubjectInSortedCTL
CertDuplicateStore
CertEnumCRLsInStore
CertGetStoreProperty
CertUnregisterSystemStore
I_CryptFlushLruCache
CertDuplicateCRLContext
CertGetValidUsages
I_CryptAddRefLruEntry
CertGetIssuerCertificateFromStore
CertAddCertificateContextToStore
CertNameToStrW
CryptFindOIDInfo
CertSetCTLContextProperty
I_CryptGetAsn1Decoder
I_CryptAddSmartCardCertToStore
PFXExportCertStoreEx
CryptImportPublicKeyInfoEx
I_CryptGetAsn1Encoder
I_CryptUninstallOssGlobal
I_CertSrvProtectFunction
CertFreeCertificateChain
CryptInstallOIDFunctionAddress
CryptSIPCreateIndirectData
CertRegisterPhysicalStore
CryptSIPPutSignedDataMsg
CertCreateCRLContext
CryptCreateKeyIdentifierFromCSP
CertGetIntendedKeyUsage
CryptExportPublicKeyInfoEx
CryptMsgOpenToDecode
CryptFindLocalizedName
CryptUnregisterOIDFunction
CertCreateCTLEntryFromCertificateContextProperties

msvcrt

_longjmpex
_utime
_ismbbgraph
_mbctoupper
perror
_wstat
_Gettnames
strerror
__p__winminor
_onexit
_snscanf
_wsetlocale
tmpnam
_CIacos
_execvpe
??0__non_rtti_object@@QAE@ABV0@@Z
_spawnlp
__crtCompareStringA
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
__mb_cur_max
_osplatform
_CIlog10
_aligned_malloc
_mbctolower
signal

pdh

PdhGetRawCounterArrayA
PdhValidatePathW
PdhEnumMachinesW
PdhSetCounterScaleFactor
PdhBrowseCountersW
PdhGetFormattedCounterValue
PdhGetDefaultPerfObjectW
PdhUpdateLogW
PdhExpandWildCardPathHW
PdhConnectMachineA
PdhRelogA
PdhRelogW
PdhSetQueryTimeRange
PdhGetDataSourceTimeRangeH
PdhExpandCounterPathW
PdhReadRawLogRecord
PdhLookupPerfIndexByNameA
PdhParseCounterPathA
PdhGetDefaultPerfCounterHW
PdhGetDefaultPerfObjectHW
PdhBrowseCountersHA
PdhGetDefaultPerfCounterHA
PdhGetDataSourceTimeRangeW
PdhGetDefaultPerfObjectA
PdhComputeCounterStatistics
PdhEnumLogSetNamesA
PdhGetFormattedCounterArrayA
PdhGetLogSetGUID
PdhCollectQueryDataEx
PdhParseInstanceNameA
PdhVbCreateCounterPathList
PdhGetLogFileSize
PdhGetRawCounterValue

cscdll

CSCFindClose
CSCFindFirstFileForSidW
CSCFindFirstFileW
CSCIsServerOfflineW
CSCSetMaxSpace
CSCQueryFileStatusW
CSCTransitionServerOnlineW
CSCEnumForStatsExW
CSCFindNextFileW
CSCIsCSCEnabled
CSCDoEnableDisable
CSCPinFileW
CSCEnumForStatsW
CSCUnpinFileW
CSCDeleteW

user32

EndDialog

Sections

.text
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 500KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 185KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0a65936b72a3fcbf27ff58c1553a2849

Headers

File Characteristics

Imports

kernel32

advapi32

crypt32

msvcrt

pdh

cscdll

user32

Sections

.text Size: 71KB - Virtual size: 71KB

.rdata Size: 107KB - Virtual size: 107KB

.data Size: 512B - Virtual size: 500KB

.rsrc Size: 185KB - Virtual size: 185KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 71KB - Virtual size: 71KB

.rdata
Size: 107KB - Virtual size: 107KB

.data
Size: 512B - Virtual size: 500KB

.rsrc
Size: 185KB - Virtual size: 185KB

.reloc
Size: 1024B - Virtual size: 1024B