cff686161e0ebe726e374563c3ae4e41c8cda748e64470fc49376bcf4987e822

Sharing

Copy URL

Twitter E-mail

General

Target

cff686161e0ebe726e374563c3ae4e41c8cda748e64470fc49376bcf4987e822
Size

331KB
MD5

215e9a0404b0b3ec2c0df890b6c4f0ed
SHA1

e32a5562b983774b8e8c2075d2ef9669ffd01b7b
SHA256

cff686161e0ebe726e374563c3ae4e41c8cda748e64470fc49376bcf4987e822
SHA512

64e8604204fe5695abd90a2ca1f08bbe97f3a147964ec9dc6482994dc63e49d30189d31af3b139c1b6d605c6c1a76b9d93c59aa3e73ec3018e85d15186152358
SSDEEP

6144:InNn4XRy93FwkrStCYHVJ4oi+GUOYIZDATPKDR4kZO8OtcykycZ:InN4XRyFFw4wJ5i7AjKmkDypcZ

Score

N/A

Malware Config

Signatures

Files

cff686161e0ebe726e374563c3ae4e41c8cda748e64470fc49376bcf4987e822
.exe windows x86

85c3350f35000ea22fe01d1993fc1555

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegConnectRegistryW
AllocateAndInitializeSid
AddAccessAllowedAce
WriteEncryptedFileRaw
DecryptFileW
SetFileSecurityW
RegCloseKey
RegReplaceKeyW
StartServiceW
GetSecurityDescriptorDacl
FreeSid
RegOpenKeyExA
EqualSid
OpenEncryptedFileRawW
InitializeSecurityDescriptor
OpenServiceW
LookupPrivilegeValueW
SetSecurityDescriptorDacl
RegDeleteValueW
EnumDependentServicesW
RegQueryValueExW
CheckTokenMembership
RegOpenKeyExW
QueryServiceStatus
ReadEncryptedFileRaw

msorcl32

SQLFetch
SQLFreeConnect
SQLExecDirect
SQLConnect
SQLParamData
DllRegisterServer
SQLMoreResults
SQLAllocStmt
LoadByOrdinal
SQLTables
SQLNumResultCols
SQLBindParameter
SQLDriverConnect
SQLPrepare
SQLSpecialColumns
SQLGetInfo
SQLColAttributes
SQLSetCursorName
SQLAllocEnv

user32

MessageBoxW
GetFocus
SystemParametersInfoW
EnableMenuItem
GetMonitorInfoW
ScreenToClient
SetWindowsHookExW
InvalidateRect
InflateRect
SetTimer
LoadImageW
SendMessageW
MapDialogRect
FlashWindow
GetWindow
ChildWindowFromPoint
wsprintfW
LoadMenuW
CallNextHookEx
WindowFromPoint
GetNextDlgGroupItem
GetWindowLongW
CopyRect
UnhookWindowsHookEx
GetWindowThreadProcessId
DestroyIcon
InvalidateRgn
IsCharAlphaNumericW
CreateIconFromResource
KillTimer
GetKeyState
CreateIconIndirect
GetDlgItem
GetClientRect
LoadIconW

netapi32

NetServerEnum
NetShareEnum
NetApiBufferFree
NetWkstaGetInfo

mpr

WNetOpenEnumW
WNetCancelConnection2W

mapi32

BMAPIDetails
MAPIAddress
ScMAPIXFromSMAPI
MAPIReadMail
DllCanUnloadNow
PRProviderInit
cmc_logoff
MAPIOpenLocalFormContainer
MAPIFreeBuffer
cmc_send_documents
MAPIAllocateBuffer
BMAPIAddress
BMAPIReadMail
cmc_act_on
cmc_read
MAPIDeleteMail
MAPIInitialize
GetOutlookVersion
cmc_free
cmc_send
BMAPISaveMail
DllGetClassObject
HrGetOmiProvidersFlags
FixMAPI

comctl32

ImageList_GetImageCount
DestroyPropertySheetPage

shell32

SHGetMalloc

setupapi

SetupFindFirstLineW
SetupFindNextLine
SetupGetStringFieldW

rpcrt4

UuidFromStringW

ole32

CoCreateInstance
CoInitializeSecurity

msacm32

acmFormatDetailsW
acmFormatTagEnumA
acmStreamSize
acmFormatSuggest
acmFilterChooseA
acmDriverID
acmMetrics
acmFormatTagDetailsW
acmDriverClose
acmFormatEnumW
acmStreamConvert
acmFormatChooseW
acmStreamPrepareHeader
acmFilterDetailsA
acmDriverRemove
acmDriverPriority
acmDriverAddW

ntdll

wcscspn
iswctype
isdigit
wcstoul
towupper
NtSetQuotaInformationFile

comdlg32

GetFileTitleW

kernel32

HeapSize
CloseHandle
GetCurrentThread
WriteFile
SetUnhandledExceptionFilter
GetExitCodeThread
BackupRead
InitializeCriticalSection
GetCurrentThreadId
GetUserDefaultLCID
SetTapePosition
LoadResource
GetStartupInfoW
GetProcAddress
EraseTape
TerminateThread
GetCompressedFileSizeW
SetFileAttributesW
GetDateFormatW
GetProcessHeap
LocalFree
GlobalAlloc
WaitForSingleObject
GetTapeStatus
CreateProcessW
SetCurrentDirectoryW
LockFile
LoadLibraryW
GetTapeParameters
GetTimeZoneInformation
GetDiskFreeSpaceExW
FormatMessageW
GetVolumeInformationW
WritePrivateProfileStringW
GetVersionExW
VerSetConditionMask
HeapAlloc
VirtualFree
DeviceIoControl
SetFileTime
FileTimeToSystemTime
LeaveCriticalSection
EnterCriticalSection
GetVolumeNameForVolumeMountPointW
VirtualAlloc
GetLocalTime
GetLastError
VerifyVersionInfoW
UnhandledExceptionFilter
ExpandEnvironmentStringsW
WideCharToMultiByte
FreeLibrary
GetFileAttributesW

gdi32

BitBlt
CreateCompatibleBitmap
CombineRgn
GetObjectW
SelectObject
PatBlt
CreateBitmap
CreateFontIndirectW
DeleteObject

Sections

.text
Size: 267KB - Virtual size: 267KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 700KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

85c3350f35000ea22fe01d1993fc1555

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

msorcl32

user32

netapi32

mpr

mapi32

comctl32

shell32

setupapi

rpcrt4

ole32

msacm32

ntdll

comdlg32

kernel32

gdi32

Sections

.text Size: 267KB - Virtual size: 267KB

.data Size: 39KB - Virtual size: 39KB

.rsrc Size: 23KB - Virtual size: 700KB

.text
Size: 267KB - Virtual size: 267KB

.data
Size: 39KB - Virtual size: 39KB

.rsrc
Size: 23KB - Virtual size: 700KB