a5115118908268569db2b1187b5b13b2cec9480585728d7da0abff38ecd771a6

Sharing

Copy URL Twitter E-mail

General

Target

a5115118908268569db2b1187b5b13b2cec9480585728d7da0abff38ecd771a6
Size

5.0MB
MD5

3acfb7c694b259158fe042fd3392b0d1
SHA1

f39b260a9209013d9559173f12fbc2bd5332c52a
SHA256

a5115118908268569db2b1187b5b13b2cec9480585728d7da0abff38ecd771a6
SHA512

936898bf59a1cf9b88b93a0ea082a508ea4bd86b15f82f9d5cce887cbb7fdef0415c06dfc630bd47e00b0e513e99b509c8fc5cba9ebcf0820a8be2274ee0d660
SSDEEP

98304:I5eulHzWo2Z3LwtG2G1GmGTGOGGGxGCGMG8GLGfGv7E/K9:vgzWtZMG2G1GmGTGOGGGxGCGMG8GLGfh

Score

1^/10

Malware Config

Signatures

Files

a5115118908268569db2b1187b5b13b2cec9480585728d7da0abff38ecd771a6
.exe windows x86

3273f59812aa0c24f0a32984b752a4a3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winhttp

WinHttpReadData
WinHttpWriteData
WinHttpQueryDataAvailable
WinHttpQueryOption
WinHttpCloseHandle
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpSetCredentials
WinHttpQueryAuthSchemes
WinHttpConnect
WinHttpOpen
WinHttpGetDefaultProxyConfiguration
WinHttpSetOption
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpSetTimeouts
WinHttpSetStatusCallback

crypt32

CertDuplicateCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CryptUnprotectMemory
CertFreeCertificateContext
CertGetCertificateChain
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CertGetCertificateContextProperty

kernel32

CreateProcessA
GetSystemTimeAsFileTime
GetModuleHandleA
FormatMessageW
GetLastError
VerSetConditionMask
CloseHandle
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
WaitForSingleObject
WaitForMultipleObjects
QueueUserAPC
TerminateThread
Sleep
TlsFree
GlobalFree
LocalFree
FormatMessageA
VerifyVersionInfoW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStringsW
FindFirstFileExW
GetTimeZoneInformation
GetFullPathNameW
GetCurrentDirectoryW
SetStdHandle
GetFileSizeEx
SetFilePointerEx
GetConsoleOutputCP
FlushFileBuffers
HeapReAlloc
LCMapStringW
CompareStringW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
GetOEMCP
GetACP
IsValidCodePage
GetFileAttributesExW
CreateProcessW
GetExitCodeProcess
HeapFree
HeapAlloc
GetCommandLineW
GetCommandLineA
SetConsoleCtrlHandler
SetEnvironmentVariableW
GetProcessHeap
HeapSize
WriteConsoleW
SetEndOfFile
TlsAlloc
SetLastError
InitializeCriticalSectionAndSpinCount
GetCurrentThreadId
TlsGetValue
TlsSetValue
GetModuleHandleExW
FreeLibrary
GetProcAddress
LoadLibraryA
LoadLibraryW
GetStdHandle
GetEnvironmentVariableW
GetFileType
WriteFile
GetModuleHandleW
MultiByteToWideChar
DeleteFiber
FindClose
FindFirstFileW
FindNextFileW
QueryPerformanceCounter
GetCurrentProcessId
ConvertFiberToThread
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
IsProcessorFeaturePresent
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
RaiseException
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
InitOnceComplete
InitOnceBeginInitialize
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionEx
TryEnterCriticalSection
InitOnceExecuteOnce
GetStringTypeW
EncodePointer
DecodePointer
LCMapStringEx
GetCPInfo
WaitForSingleObjectEx
GetCurrentProcess
GetCurrentThread
GetThreadTimes
GetModuleFileNameW
LoadLibraryExW
InitializeSListHead
CreateEventW
ResetEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsDebuggerPresent
GetStartupInfoW
RtlUnwind
ExitProcess
ReadFile
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime

ws2_32

WSACleanup
WSAStartup
recv
send
WSASetLastError
closesocket
WSAGetLastError

bcrypt

BCryptOpenAlgorithmProvider
BCryptGetProperty
BCryptCloseAlgorithmProvider
BCryptCreateHash
BCryptHashData
BCryptFinishHash
BCryptDestroyHash
BCryptGenRandom

user32

GetUserObjectInformationW
MessageBoxW
GetProcessWindowStation

advapi32

CryptGetProvParam
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
DeregisterEventSource
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
ReportEventW
RegisterEventSourceW

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3273f59812aa0c24f0a32984b752a4a3

Headers

DLL Characteristics

File Characteristics

Imports

winhttp

crypt32

kernel32

ws2_32

bcrypt

user32

advapi32

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 3.1MB - Virtual size: 3.1MB

.data Size: 56KB - Virtual size: 71KB

.reloc Size: 75KB - Virtual size: 74KB

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 3.1MB - Virtual size: 3.1MB

.data
Size: 56KB - Virtual size: 71KB

.reloc
Size: 75KB - Virtual size: 74KB