1dbabe1818acd9f12d0fc6d59b30cab3f39b4acb96b7a417477e73ec960c07ff

Sharing

Copy URL

Twitter E-mail

General

Target

1dbabe1818acd9f12d0fc6d59b30cab3f39b4acb96b7a417477e73ec960c07ff
Size

196KB
MD5

56519ab5a36ba2929f46a1a50b8a92bd
SHA1

620af7d7cc2dba6be37dd8d17a7a9d09fcf1770e
SHA256

1dbabe1818acd9f12d0fc6d59b30cab3f39b4acb96b7a417477e73ec960c07ff
SHA512

b4e152558ac17d9e87cfd960af9cf6546fbbe8bab06e7555c860063f231d99247b9d2d73578a36a2b9ff86fd15d67a304807e6b814e57a6f9aa7240f89e08d29
SSDEEP

6144:6z9pMMnMMMMMavVrOqCOPMrMg1MtukZnWVbnS:6fMMnMMMMMUVrOqpwa9WV

Score

N/A

Malware Config

Signatures

Files

1dbabe1818acd9f12d0fc6d59b30cab3f39b4acb96b7a417477e73ec960c07ff
.exe windows x86

d75904f0e19dc0ac433d560033733af7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ddraw

DirectDrawCreate

kernel32

GetVersionExA
ExpandEnvironmentStringsW
GetPrivateProfileStringW
GetModuleHandleW
CreateProcessInternalA
FindNextFileW
GetLocalTime
GetFileAttributesW
ExpandEnvironmentStringsA
MapViewOfFile
QueryPerformanceCounter
CreateFileW
GetFullPathNameA
OpenMutexW
SetUnhandledExceptionFilter
EnterCriticalSection
ResumeThread
ResetEvent
FindFirstFileW
IsBadWritePtr
GetSystemWindowsDirectoryW
GetModuleHandleA
SetErrorMode
WaitNamedPipeW
GetSystemTime
GetComputerNameW
FormatMessageW
GetPriorityClass
CreateEventW
WaitForSingleObject
VirtualAlloc
Sleep
RaiseException
DeviceIoControl
FindClose
WaitForMultipleObjectsEx
GetCommandLineW
CompareFileTime
GetFileSizeEx
GetComputerNameExW
DeleteFileW
lstrlenA
LoadLibraryExW
GetPrivateProfileIntW
LocalReAlloc
TerminateProcess
CopyFileW
GetOverlappedResult
CreateMutexW
GetCurrentThread
CreateThread
GetModuleFileNameW
lstrcpynW
VirtualFree
DeleteCriticalSection
lstrcmpW
MultiByteToWideChar
OpenEventW
GetVolumeInformationW
GetFileSize
lstrcmpiW
InitializeCriticalSection
GetSystemInfo
InterlockedDecrement
HeapAlloc
lstrcpyA
LeaveCriticalSection
CreateEventA
InterlockedExchange
CreateFileA
SleepEx
_lclose
GetModuleHandleExW
GetTimeZoneInformation
FindResourceA
LoadLibraryA
UnmapViewOfFile
GetFullPathNameW
WritePrivateProfileStringW
GlobalMemoryStatus
GetFileTime
GetCurrentProcessId
GetSystemTimeAsFileTime
GetUserDefaultUILanguage
SetEvent
ExitThread
GetSystemDirectoryW
ReadFile
InterlockedIncrement
CreateMutexA
LocalAlloc
CancelIo
OutputDebugStringW
SetNamedPipeHandleState
GetDriveTypeW
CreateFileMappingW
InterlockedCompareExchange
CreateProcessInternalW
InterlockedExchangeAdd
GetLastError
CreateFileMappingA
GetProcessHeap
lstrcpyW
FindFirstFileExW
SetThreadPriority
FindResourceExW
LoadResource
LocalFree
GetCurrentProcess
CloseHandle
lstrcatW
EnumUILanguagesW
UnhandledExceptionFilter
GetWindowsDirectoryW
ReleaseMutex
SetLastError
SetFilePointer
lstrlenW
GetFileAttributesExW
GetComputerNameA
DuplicateHandle
WriteFile
SizeofResource
HeapFree
GetLongPathNameW
GetCurrentThreadId
GetProfileStringA
OpenFile
DelayLoadFailureHook
GetDiskFreeSpaceW
FreeLibrary
MoveFileW
LoadLibraryW
AreFileApisANSI
ReadProcessMemory
GetDiskFreeSpaceExW
GetTickCount
WideCharToMultiByte
OpenProcess
GetLogicalDriveStringsW
GetProfileIntA
GetProcAddress
SearchPathW

ntdll

RtlSetSecurityObjectEx
NtQueryVolumeInformationFile
RtlGetSaclSecurityDescriptor
RtlMakeSelfRelativeSD
RtlCopyUnicodeString
RtlConvertToAutoInheritSecurityObject
NtQueryVirtualMemory
RtlLookupElementGenericTable
RtlSetControlSecurityDescriptor
RtlIntegerToUnicodeString
wcsncpy
RtlDetermineDosPathNameType_U
NtCreateSemaphore
RtlNewSecurityObjectWithMultipleInheritance
RtlSelfRelativeToAbsoluteSD
NlsMbCodePageTag
RtlImageNtHeader
NtOpenFile
RtlUnwind
NtReleaseSemaphore
RtlLeaveCriticalSection
RtlMultiByteToUnicodeN
RtlAdjustPrivilege
NtSetInformationProcess
RtlFreeAnsiString
RtlCreateUnicodeStringFromAsciiz
NtQueryValueKey
NtCreateEvent
NtFsControlFile
NtFilterToken
RtlGetSecurityDescriptorRMControl
NtCompareTokens
NtSetEvent
NtCreateFile
DbgPrint
tolower
wcstombs
RtlCopyLuid
RtlxUnicodeStringToAnsiSize
NtOpenSymbolicLinkObject
RtlIsGenericTableEmpty
RtlGetFullPathName_U
wcsrchr
NtTerminateProcess
RtlEnterCriticalSection
NtOpenKey
NtSetSecurityObject
RtlUpcaseUnicodeChar
RtlGetControlSecurityDescriptor
RtlDestroyHandleTable
strncpy
_chkstk
RtlFormatCurrentUserKeyPath
atol
memmove
RtlPrefixUnicodeString
RtlIsValidIndexHandle
RtlIsTextUnicode
_wcslwr
_vsnwprintf
RtlCompareUnicodeString
RtlGetGroupSecurityDescriptor
RtlNumberGenericTableElements
RtlQueryRegistryValues
NtSetInformationThread
mbstowcs
NtDeviceIoControlFile
RtlUnicodeStringToInteger
RtlInsertElementGenericTable
NtClearEvent
RtlFreeHandle
RtlCompareMemory
NtDeleteValueKey
RtlAppendUnicodeStringToString
RtlDuplicateUnicodeString
RtlEnumerateGenericTableWithoutSplaying
swprintf
RtlInitializeHandleTable
RtlAppendUnicodeToString
NtFreeVirtualMemory
RtlLengthSecurityDescriptor
_wcsicmp
RtlUpcaseUnicodeStringToOemString
NtWriteFile
RtlTimeToSecondsSince1970
RtlUnicodeToMultiByteSize
RtlOemStringToUnicodeString
NtImpersonateAnonymousToken
RtlImpersonateSelf
NtPowerInformation
NtSetInformationObject
_strnicmp
NtQueryInformationProcess
RtlDestroyHeap
wcschr
NtEnumerateValueKey
NtCreateKey
RtlGUIDFromString
RtlFlushSecureMemoryCache
RtlDeleteElementGenericTable
NtReadFile
RtlCreateUnicodeString
_ftol
NtWaitForSingleObject
NtDuplicateObject
NtQueryPerformanceCounter
_stricmp
NtQueryInformationFile
NtQuerySystemInformation
NtQueryInformationThread
RtlExpandEnvironmentStrings_U
RtlCreateHeap
RtlNewSecurityObject
RtlSetSecurityDescriptorRMControl
RtlGetNtProductType
RtlAllocateHandle
wcstol
NtSetValueKey
wcscmp
RtlNewSecurityObjectEx
RtlInitUnicodeStringEx
NtQuerySymbolicLinkObject
wcsstr
RtlConvertSidToUnicodeString
RtlSetSecurityObject
RtlSetGroupSecurityDescriptor
RtlAbsoluteToSelfRelativeSD
RtlGetDaclSecurityDescriptor
wcstoul
RtlSelfRelativeToAbsoluteSD2
_wcsnicmp
RtlInitString
RtlDeleteSecurityObject
NtNotifyChangeKey
RtlxAnsiStringToUnicodeSize
NtQuerySystemTime
NtDeleteKey
RtlSetOwnerSecurityDescriptor
RtlRandom
NtQueryKey
NtSetInformationFile
RtlSetDaclSecurityDescriptor
RtlQuerySecurityObject
RtlSetSaclSecurityDescriptor
_itow
sprintf
NtClose
strstr
wcsncmp
RtlCreateQueryDebugBuffer
iswctype
RtlDestroyQueryDebugBuffer
NtFlushBuffersFile
NtWaitForMultipleObjects
RtlOpenCurrentUser
RtlGetOwnerSecurityDescriptor
RtlStringFromGUID
NtQuerySecurityObject
NtEnumerateKey
RtlInitializeGenericTable
_ultow
RtlQueryProcessDebugInformation
NtAllocateVirtualMemory

rpcrt4

RpcBindingToStringBindingW
RpcSsDestroyClientContext
RpcStringFreeW
RpcRevertToSelf
RpcEpResolveBinding
RpcStringBindingParseW
RpcBindingSetAuthInfoA
RpcBindingFree
I_RpcBindingIsClientLocal
RpcBindingFromStringBindingW
RpcRaiseException
RpcBindingSetAuthInfoExA
RpcImpersonateClient
NDRCContextBinding
I_RpcMapWin32Status
RpcStringBindingComposeW
RpcBindingSetAuthInfoExW
NdrClientCall2
UuidToStringW
I_RpcExceptionFilter
UuidFromStringW
UuidCreate
RpcBindingSetAuthInfoW

Sections

.text
Size: 4KB - Virtual size: 880B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128KB - Virtual size: 352KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d75904f0e19dc0ac433d560033733af7

Headers

DLL Characteristics

File Characteristics

Imports

ddraw

kernel32

ntdll

rpcrt4

Sections

.text Size: 4KB - Virtual size: 880B

.idata Size: 12KB - Virtual size: 9KB

.rsrc Size: 36KB - Virtual size: 33KB

.data Size: 128KB - Virtual size: 352KB

.reloc Size: 4KB - Virtual size: 64B

.rdata Size: 8KB - Virtual size: 6KB

.text
Size: 4KB - Virtual size: 880B

.idata
Size: 12KB - Virtual size: 9KB

.rsrc
Size: 36KB - Virtual size: 33KB

.data
Size: 128KB - Virtual size: 352KB

.reloc
Size: 4KB - Virtual size: 64B

.rdata
Size: 8KB - Virtual size: 6KB