4ce96b41839384331945bfbea1e661173b6fa94e3518baa136ed2fdf866ccf7e

Sharing

Copy URL Twitter E-mail

General

Target

4ce96b41839384331945bfbea1e661173b6fa94e3518baa136ed2fdf866ccf7e
Size

26KB
MD5

46a89aaf713c8fa3d1e9728df199f2f2
SHA1

bafd897452f14fe4feffbc0801c916db267fd847
SHA256

4ce96b41839384331945bfbea1e661173b6fa94e3518baa136ed2fdf866ccf7e
SHA512

3c2200ecc994eb5c50517c40f94a6b1b6746609a506c8d6753c8d00f9135b42d3e2577de95e45f65d52b0abc3c0ac5dce4796ebcaf00870dcf3c6ff00aca72b5
SSDEEP

768:IIS0P5ISmFHsPwjPkDa3nTcG0NAsfhhde10:II7hIddpjPYagVzhhdey

Score

N/A

Malware Config

Signatures

Files

4ce96b41839384331945bfbea1e661173b6fa94e3518baa136ed2fdf866ccf7e
.exe windows x86

7872a014f4677ed9d938c113aecb4111

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalUnlock
LockFile
LockFileEx
LockResource
MapUserPhysicalPagesScatter
MapViewOfFileEx
Module32NextW
MoveFileW
MoveFileWithProgressA
OpenFileMappingA
OpenSemaphoreW
OpenWaitableTimerA
PostQueuedCompletionStatus
Process32Next
PurgeComm
QueryPerformanceCounter
RaiseException
ReadConsoleInputA
ReadConsoleOutputA
ReadDirectoryChangesW
ReadFileScatter
RemoveDirectoryA
ReplaceFileA
RequestWakeupLatency
ResumeThread
SetComputerNameA
SetConsoleCP
SetConsoleCursorInfo
SetConsoleDisplayMode
SetConsoleTitleW
LocalCompact
SetFileAttributesA
SetFilePointer
SetInformationJobObject
SetLocaleInfoW
SetPriorityClass
SetTapeParameters
SetThreadExecutionState
SetVolumeMountPointA
SwitchToThread
SystemTimeToTzSpecificLocalTime
TlsAlloc
TlsFree
TlsSetValue
TransactNamedPipe
UnregisterWait
UnregisterWaitEx
VerifyVersionInfoW
VirtualProtect
WaitForDebugEvent
WaitForMultipleObjects
WaitForMultipleObjectsEx
WaitForSingleObjectEx
WriteConsoleInputW
WriteFileEx
_lclose
_lwrite
lstrcmpW
lstrcmpi
lstrcpyW
LeaveCriticalSection
IsProcessorFeaturePresent
IsBadStringPtrW
HeapCreate
Heap32ListFirst
Heap32First
GlobalUnlock
GlobalUnfix
GlobalGetAtomNameW
GlobalDeleteAtom
GlobalCompact
GetWindowsDirectoryW
GetVolumePathNameA
GetVolumeInformationW
GetThreadSelectorEntry
GetTapeStatus
GetSystemDirectoryA
GetStringTypeW
GetProfileStringA
GetProfileIntA
GetProcessShutdownParameters
GetProcessPriorityBoost
GetProcessIoCounters
GetPrivateProfileStructA
GetPrivateProfileStringA
GetPrivateProfileSectionNamesW
GetNamedPipeHandleStateW
GetModuleFileNameW
GetMailslotInfo
GetModuleHandleA
GetLocalTime
GetFullPathNameW
GetFullPathNameA
GetFileTime
GetFileAttributesW
GetExitCodeThread
GetDiskFreeSpaceExW
GetDateFormatA
GetCurrentDirectoryA
GetCurrencyFormatW
GetConsoleTitleA
GetConsoleAliasW
GetCommandLineA
GetCommConfig
GetCalendarInfoW
GetAtomNameA
FreeResource
FreeLibrary
FreeEnvironmentStringsA
FormatMessageA
FoldStringW
FindCloseChangeNotification
FillConsoleOutputCharacterA
EscapeCommFunction
EnumResourceNamesA
EnumResourceLanguagesA
DosDateTimeToFileTime
DeleteVolumeMountPointA
DeleteFileW
CreateToolhelp32Snapshot
CreateThread
CreateMutexW
CreateJobObjectA
CreateHardLinkA
CreateFileA
CreateEventA
CopyFileW
CompareStringA
CloseHandle
CancelWaitableTimer
CancelDeviceWakeupRequest
BuildCommDCBAndTimeoutsA
BuildCommDCBA
AreFileApisANSI
GetProcAddress
SetEvent

msvcrt

memset

advapi32

RegOpenKeyExW

oleaut32

VarI2FromI1
VarI2FromI4
VarI2FromR4
VarI2FromR8
VarI2FromStr
VarI2FromUI4
VarI4FromDate
VarI4FromI2
VarIdiv
VarMod
VarMonthName
VarNumFromParseNum
VarParseNumFromStr
VarR4FromDec
VarR4FromR8
VarR4FromStr
VarR4FromUI1
VarR4FromUI4
VarR8FromCy
VarR8FromDate
VarR8FromDec
VarR8FromI1
VarR8FromI2
VarR8FromR4
VarR8Round
VarRound
VarTokenizeFormatString
VarUI1FromBool
VarUI1FromDate
VarUI1FromR4
VarUI1FromR8
VarUI1FromUI4
VarUI2FromDate
VarUI2FromDec
VarUI2FromI1
VarUI2FromR8
VarUI2FromUI4
VarUI4FromBool
VarUI4FromDec
VarUI4FromR8
VarUI4FromUI1
VarUdateFromDate
VarWeekdayName
VariantChangeType
VarI2FromDisp
VarI2FromBool
VarI1FromStr
VarI1FromR4
VarI1FromI4
VarI1FromI2
VarI1FromCy
VarI1FromBool
VarFormatCurrency
VarEqv
VarDecNeg
VarDecFromUI2
VarDecFromUI1
VarDecFromI2
VarDecFromI1
VarDecCmpR8
VarDecAdd
VarDateFromUdateEx
VarDateFromUI4
VarDateFromUI2
VarDateFromR4
VarDateFromI4
VarDateFromI1
VarDateFromDisp
VarDateFromDec
VarDateFromBool
VarCyNeg
VarCyFromUI4
VarCyFromI4
VarCyFromDate
VarCyFix
VarCat
VarBstrFromDec
VarBstrFromDate
VarBstrFromBool
VarBoolFromR8
VarBoolFromR4
VarBoolFromI2
VarBoolFromI1
VARIANT_UserUnmarshal
SystemTimeToVariantTime
SysReAllocString
SysAllocStringByteLen
SysAllocString
SafeArrayUnlock
SafeArrayUnaccessData
SafeArrayPutElement
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetElement
SafeArrayGetDim
SafeArrayDestroy
SafeArrayCreateVector
SafeArrayCreate
SafeArrayCopy
SafeArrayAccessData
RevokeActiveObject
RegisterActiveObject
QueryPathOfRegTypeLi
OleTranslateColor
OleLoadPictureFileEx
OleLoadPicture
OleIconToCursor
OleCreatePropertyFrameIndirect
OaBuildVersion
GetRecordInfoFromGuids
GetAltMonthNames
DispGetIDsOfNames
DispCallFunc
BSTR_UserUnmarshal
BSTR_UserMarshal
SafeArraySetRecordInfo

imm32

ImmConfigureIMEA
ImmConfigureIMEW
ImmCreateContext
ImmCreateIMCC
ImmCreateSoftKeyboard
ImmDestroyContext
ImmDestroyIMCC
ImmDestroySoftKeyboard
ImmEnumInputContext
ImmEscapeA
ImmEscapeW
ImmGetCandidateListA
ImmGetCandidateListCountA
ImmGetCandidateListW
ImmGetCandidateWindow
ImmGetCompositionFontA
ImmGetCompositionFontW
ImmGetCompositionStringA
ImmGetCompositionStringW
ImmGetCompositionWindow
ImmGetContext
ImmGetConversionListA
ImmGetConversionListW
ImmGetConversionStatus
ImmGetDefaultIMEWnd
ImmGetDescriptionA
ImmGetDescriptionW
ImmGetGuideLineA
ImmGetGuideLineW
ImmGetHotKey
ImmGetIMCCLockCount
ImmGetIMCCSize
ImmGetIMCLockCount
ImmGetIMEFileNameA
ImmAssociateContextEx
ImmGetImeMenuItemsA
ImmGetImeMenuItemsW
ImmGetOpenStatus
ImmGetProperty
ImmGetRegisterWordStyleA
ImmGetRegisterWordStyleW
ImmGetStatusWindowPos
ImmGetVirtualKey
ImmInstallIMEA
ImmInstallIMEW
ImmIsIME
ImmIsUIMessageA
ImmLockIMC
ImmLockIMCC
ImmNotifyIME
ImmReSizeIMCC
ImmRegisterWordA
ImmRegisterWordW
ImmReleaseContext
ImmRequestMessageA
ImmRequestMessageW
ImmSetCandidateWindow
ImmSetCompositionFontA
ImmSetCompositionStringA
ImmSetCompositionStringW
ImmSetCompositionWindow
ImmSetConversionStatus
ImmSetHotKey
ImmSetOpenStatus
ImmSetStatusWindowPos
ImmShowSoftKeyboard
ImmSimulateHotKey
ImmUnlockIMC
ImmUnlockIMCC
ImmGetIMEFileNameW
ImmUnregisterWordA
ImmUnregisterWordW
ImmAssociateContext

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text1
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text2
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text4
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text3
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7872a014f4677ed9d938c113aecb4111

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

advapi32

oleaut32

imm32

Sections

.text Size: 8KB - Virtual size: 8KB

.text1 Size: 2KB - Virtual size: 1KB

.text2 Size: 9KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 152B

.text4 Size: 1024B - Virtual size: 1000B

.text3 Size: 1024B - Virtual size: 1000B

.rsrc Size: 3KB - Virtual size: 2KB

.text
Size: 8KB - Virtual size: 8KB

.text1
Size: 2KB - Virtual size: 1KB

.text2
Size: 9KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 152B

.text4
Size: 1024B - Virtual size: 1000B

.text3
Size: 1024B - Virtual size: 1000B

.rsrc
Size: 3KB - Virtual size: 2KB