Administer_Security[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Administer_Security.exe
Size

144KB
MD5

40bbce659afe9d4798db5d25459ff875
SHA1

59e2f1bf2fe0770aa989cc29b7308f549e66d295
SHA256

c46aff1e492cad493ba4e6b3045d9294caaaa78bdc658264bb34e3259d7d8de6
SHA512

22451e7da575ca0ce77a185813fa236f6a3fd3dcf677a2839bc82b03e8fd4a7f7cf246f0b6961eb70dc164ff435037cb9f2b74c30921fab79d72a5aac32c6c73
SSDEEP

1536:gj4QhXSes8Z0rts8ymx33GhbGbVlvIUTo2L5DDXwFiavMHeOPDmq6nUnErr:Wh7Zkki2hbGbVlzX5v5DHeUZ6nUnEr

Score

N/A

Malware Config

Signatures

Files

Administer_Security.exe
.exe windows x86

a94296528291a9742b0884b25c36331e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ocxwrap

CloseOcxWrap
GetAddressBookPointer

tapi32

tapiGetLocationInfo
lineInitialize
lineGetDevCaps
lineGetCountry
lineNegotiateAPIVersion

vamem

?VaAllocMemDebug@@YAPAXHKPADH@Z
?VaFreeMemDebug@@YAXPAXKPADH@Z

mfc42

ord1727
ord5261
ord2446
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4425
ord3699
ord802
ord800
ord693
ord609
ord768
ord860
ord542
ord540
ord489
ord2370
ord2302
ord4258
ord6334
ord858
ord4710
ord2765
ord535
ord6905
ord6028
ord3301
ord2642
ord4358
ord6569
ord5601
ord4188
ord3438
ord825
ord2575
ord6055
ord1776
ord4396
ord5290
ord4837
ord3402
ord4424
ord3574
ord567
ord2582
ord4402
ord3370
ord3640
ord2862
ord3998
ord537
ord823
ord2614
ord4673
ord4274
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord815
ord397
ord561
ord699
ord617
ord1199
ord5214
ord296
ord4160
ord2621
ord1134
ord641
ord616
ord2725
ord5065
ord1158
ord5683
ord2818
ord1168
ord5271
ord2299
ord2358
ord2294
ord2362
ord2289
ord801
ord654
ord6140
ord6143
ord341
ord541
ord2737
ord2763
ord3092
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord1907
ord656
ord1200
ord5609
ord922
ord2915
ord2938
ord1783
ord5953
ord6215
ord5572
ord2919
ord941
ord2764
ord4204
ord1086
ord3437
ord3610
ord4224
ord1908
ord1576
ord1690
ord2528
ord5288
ord4439
ord2054
ord4431
ord496
ord497
ord771
ord4259
ord940
ord6283
ord6282
ord4376
ord5280
ord3597
ord324
ord4234
ord4853
ord5981
ord2826
ord3811
ord3337
ord939
ord2825
ord1008
ord4187
ord5630
ord911
ord5818
ord3645
ord3663
ord396
ord698
ord5592
ord3646
ord686
ord2096
ord384
ord5651
ord3127
ord3616
ord703
ord5445
ord6389
ord403
ord1979
ord5442
ord665
ord3318
ord5186
ord350
ord354
ord6385
ord1989
ord1567
ord6153
ord3790
ord268
ord1574
ord1099
ord912
ord5858
ord6883
ord5861
ord3749
ord6376
ord2055
ord2648
ord4441
ord4835
ord3798
ord5287
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord2514
ord4998
ord4854
ord4377
ord5265
ord4948
ord4976
ord4742
ord4905
ord5160
ord5162
ord5161
ord924
ord4715

msvcrt

__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
??1type_info@@UAE@XZ
_controlfp
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
atol
time
_ismbcalnum
_mbctoupper
_mbsnbcpy
strcat
_mbsrchr
atoi
_mbscmp
_mbslwr
_mbsstr
_strdup
srand
rand
strlen
free
malloc
memset
_mbsicmp
sprintf
_CxxThrowException
wcslen
_setmbcp
__CxxFrameHandler
strcpy

kernel32

WideCharToMultiByte
FreeLibrary
GetProcAddress
LoadLibraryA
lstrlenA
DeleteFileA
GetModuleFileNameA
lstrcmpA
LocalFree
GetSystemDirectoryA
GetVersionExA
CreateEventA
CreateMutexA
CloseHandle
GetLastError
ReleaseMutex
WaitForSingleObject
PulseEvent
lstrcpyA
lstrlenW
MultiByteToWideChar
GetModuleHandleA
GetStartupInfoA
GetWindowsDirectoryA
InterlockedIncrement
InterlockedDecrement

user32

MessageBoxA
SetForegroundWindow
GetDlgItem
SendDlgItemMessageA
SetDlgItemTextA
GetDlgItemTextA
EndDialog
DialogBoxParamA
WinHelpA
FindWindowA
SendMessageA
GetWindowLongA
SetWindowLongA
EnableWindow

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegEnumKeyExA
RegQueryValueA
RegCreateKeyExA
RegDeleteValueA
RegDeleteKeyA

shell32

SHGetPathFromIDListA
ExtractIconA
SHBrowseForFolderA

comctl32

ImageList_ReplaceIcon

ole32

StringFromCLSID
CoGetMalloc
CLSIDFromProgID

oleaut32

SysStringByteLen
SysAllocStringByteLen
SysFreeString
VariantChangeType
CreateErrorInfo
VariantInit
SysAllocString
VariantClear

Sections

.text
Size: 76KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a94296528291a9742b0884b25c36331e

Headers

File Characteristics

Imports

ocxwrap

tapi32

vamem

mfc42

msvcrt

kernel32

user32

advapi32

shell32

comctl32

ole32

oleaut32

Sections

.text Size: 76KB - Virtual size: 72KB

.rdata Size: 20KB - Virtual size: 17KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 40KB - Virtual size: 37KB

.text
Size: 76KB - Virtual size: 72KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 40KB - Virtual size: 37KB