272987766b444fdf0e91288ec54f0ec44b7b0bdcc8b5c2f147c5f9c26283c0ef

Sharing

Copy URL

Twitter E-mail

General

Target

272987766b444fdf0e91288ec54f0ec44b7b0bdcc8b5c2f147c5f9c26283c0ef
Size

1.0MB
MD5

e61ce14bbd2295df306fbc40b0406ce8
SHA1

877aea7eb1cf9dbce93d884e11e1530fecd077f8
SHA256

272987766b444fdf0e91288ec54f0ec44b7b0bdcc8b5c2f147c5f9c26283c0ef
SHA512

43424d1aa471938997fe2c720d4c10d9924f935ebd1039a6035c67af494afc725a0bc9f4d7910ea0aacad2b32487c114e63f870fa6b2baad459d9e729cc8adb5
SSDEEP

6144:4qe/cEm0uQeO+AuitgSIXKf8Vb60ZyXXBZRt6mhL:s/cEm0XtD8Vm0ZyXXBZCmN

Score

N/A

Malware Config

Signatures

Files

272987766b444fdf0e91288ec54f0ec44b7b0bdcc8b5c2f147c5f9c26283c0ef
.exe windows x86

7f6941913a1da20db85c55713d7f6fe1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
VirtualAlloc
VirtualFree
VirtualProtect
GetModuleHandleA
GetLastError
GetCurrentThreadId
GetProcessId
lstrcmpA
OpenMutexA
VerLanguageNameW
GetVersion
LCMapStringA
TryEnterCriticalSection
VerLanguageNameA
WaitForMultipleObjects
GetNumaProcessorNode
GlobalSize
PeekConsoleInputW
EraseTape

user32

GetCaretBlinkTime
GetCapture
GetWindowDC
GetWindowThreadProcessId
LoadIconW
IsHungAppWindow
LoadCursorFromFileA
GetUserObjectInformationW
ShowCursor
GetMessageExtraInfo
GetMenuCheckMarkDimensions
AdjustWindowRectEx
DrawMenuBar
RemoveMenu
GetSystemMetrics
GetWindowTextLengthA
SetCursorContents
SendMessageCallbackW
SetClipboardViewer
DragObject
FreeDDElParam
GetMenuItemInfoA
SetDebugErrorLevel
GetPropA

comctl32

InitCommonControls
UninitializeFlatSB
ShowHideMenuCtl
DPA_EnumCallback
DPA_DestroyCallback
ImageList_ReplaceIcon
FlatSB_SetScrollInfo
ImageList_Write
FlatSB_SetScrollProp
FreeMRUList
PropertySheetW
SetWindowSubclass
ImageList_DrawIndirect
CreatePropertySheetPageW
ImageList_LoadImageA
CreateStatusWindowA
CreatePropertySheetPage
RemoveWindowSubclass
PropertySheetA
FlatSB_GetScrollProp
ImageList_DragMove
ImageList_GetImageInfo
DefSubclassProc

oledlg

OleUIPasteSpecialW
OleUIAddVerbMenuA
OleUIInsertObjectA
OleUIBusyW
OleUIConvertA
OleUIConvertW
OleUIEditLinksW
OleUIPromptUserW
OleUIAddVerbMenuW
OleUIInsertObjectW
OleUIObjectPropertiesA
OleUIPasteSpecialA
OleUIPromptUserA
OleUIChangeIconW

winmm

mmioSendMessage
timeEndPeriod
waveOutGetErrorTextW
midiOutGetVolume
auxOutMessage
midiStreamClose
midiInGetErrorTextW
mixerGetNumDevs
waveOutGetVolume
mixerMessage
joyGetNumDevs
mciGetDeviceIDA
OpenDriver
mmioOpenW
mmioDescend
midiOutGetErrorTextW
mmioAdvance
mid32Message
DefDriverProc
auxGetVolume
midiInGetDevCapsA

shell32

DragQueryPoint
SHGetFileInfoA
DAD_DragEnterEx2
SheChangeDirExW
InternalExtractIconListA
SHCreatePropSheetExtArray
SheChangeDirA
DragQueryFileW
SHAppBarMessage
Shell_NotifyIconW
ExtractAssociatedIconW
FreeIconList
StrNCmpW
SHFlushSFCache
ExtractIconW
ExtractIconEx
SHOpenFolderAndSelectItems
SHGetFolderPathAndSubDirA
SHGetDiskFreeSpaceExW
CDefFolderMenu_Create2
SHSetLocalizedName
StrChrIA
SignalFileOpen
Shell_NotifyIconA
SHQueryRecycleBinW
SHFileOperationA

imagehlp

SymMatchFileName
SymUnDName
SymGetTypeFromName
GetImageUnusedHeaderBytes
SymGetLinePrev
ImageDirectoryEntryToData
SymGetSymFromName64
SymEnumerateSymbolsW64
SymGetSymFromAddr64
SymEnumerateModules
SymFunctionTableAccess
ImageNtHeader
SymGetLineFromName64
SplitSymbols
RemovePrivateCvSymbolicEx
FindDebugInfoFile
MapFileAndCheckSumW
BindImageEx
SymGetLineNext
ImageEnumerateCertificates
SymGetModuleInfoW64

advapi32

GetAuditedPermissionsFromAclA
ObjectPrivilegeAuditAlarmA
ObjectOpenAuditAlarmA
ElfCloseEventLog
ElfReadEventLogW
CryptSignHashA
WmiMofEnumerateResourcesA
CryptSetProviderW
SetServiceBits
DuplicateToken
SetSecurityDescriptorControl
QueryAllTracesA
ObjectCloseAuditAlarmA
RegGetKeySecurity
InitializeAcl
WmiExecuteMethodA
GetSecurityInfo
SystemFunction025
MakeAbsoluteSD
WmiEnumerateGuids
CryptGetUserKey
RegisterIdleTask
LsaQueryDomainInformationPolicy
BuildImpersonateExplicitAccessWithNameA
CredpEncodeCredential

oleaut32

OleCreateFontIndirect
VarUI1FromUI8
VarR4FromBool
VarFormatFromTokens
VarUI2FromStr
VarSub
VarR8FromUI8
VarIdiv
SafeArrayPutElement
VarI1FromUI1
VarUI2FromDate
RegisterTypeLibForUser
VarInt
VarUI4FromDec
OleLoadPicture
UnRegisterTypeLibForUser
SysReAllocString
VarI2FromStr
ClearCustData
VarR8FromDec
VarDecFromI8
VarDateFromR8
VarUI2FromR8

winspool.drv

EnumMonitorsW
GetFormA
PrinterMessageBoxA
EnumPrinterDataExA
EndDocPrinter
GetPrinterDriverW
FindClosePrinterChangeNotification
PerfCollect
EnumFormsW
EnumPrinterDataA
ConfigurePortW
DeletePrinterDataA
GetPrinterDriverA
AddPrinterA
ConnectToPrinterDlg
SplDriverUnloadComplete
StartPagePrinter
IsValidDevmodeW
EnumPortsA
EXTDEVICEMODE

ole32

DllGetClassObject
EnableHookObject
CoCopyProxy
CoRegisterSurrogate
CoPopServiceDomain
HDC_UserFree
OleSetAutoConvert
StringFromIID
CoUninitialize
HkOleRegisterObject
CoRegisterMallocSpy
OleConvertOLESTREAMToIStorageEx
OleRun
OleSetContainedObject
CoLockObjectExternal
CoSetState
CLSIDFromProgIDEx
HPALETTE_UserMarshal
IsAccelerator
HMENU_UserSize
PropStgNameToFmtId
OleCreateLink
IsValidPtrOut
CLSIDFromString

gdiplus

GdipAddPathEllipseI
GdipPlayMetafileRecord
GdipResetPageTransform
GdipSetPenWidth
GdipSetPathGradientPresetBlend
GdipDeletePrivateFontCollection
GdipTranslateClipI
GdipGetImageBounds
GdipGetPenTransform
GdipGetPathWorldBoundsI
GdipLoadImageFromStream
GdipResetLineTransform
GdipIsVisibleClipEmpty
GdipScaleLineTransform
GdipIsEmptyRegion
GdipAddPathCurve
GdipClonePen
GdipGetImageDimension
GdipAddPathPie
GdipCreateBitmapFromResource
GdipGetDC
GdipAddPathPieI
GdipGetWorldTransform
GdipCreateFont
GdipGetLinePresetBlendCount
GdipSetPenEndCap
GdipEnumerateMetafileSrcRectDestRect

version

VerQueryValueA
GetFileVersionInfoW
VerFindFileA
GetFileVersionInfoA
VerFindFileW
VerInstallFileW
VerQueryValueW

Sections

.code
Size: 924KB - Virtual size: 924KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: 141KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7f6941913a1da20db85c55713d7f6fe1

Headers

File Characteristics

Imports

kernel32

user32

comctl32

oledlg

winmm

shell32

imagehlp

advapi32

oleaut32

winspool.drv

ole32

gdiplus

version

Sections

.code Size: 924KB - Virtual size: 924KB

.bss Size: 141KB - Virtual size: 141KB

.rsrc Size: 512B - Virtual size: 428B

.code
Size: 924KB - Virtual size: 924KB

.bss
Size: 141KB - Virtual size: 141KB

.rsrc
Size: 512B - Virtual size: 428B