24d909cd2aed8632d168eecbc93cdbcfbab2b69410d6d11a50df910d593d0b66

Sharing

Copy URL Twitter E-mail

General

Target

24d909cd2aed8632d168eecbc93cdbcfbab2b69410d6d11a50df910d593d0b66
Size

182KB
MD5

106d5f841992aa35332f8a1c3ff9ef44
SHA1

466f90360bb1d9f21149a3edca52a0539cbac2aa
SHA256

24d909cd2aed8632d168eecbc93cdbcfbab2b69410d6d11a50df910d593d0b66
SHA512

bde4706b2bbae04f40fd4ba24bcc42af489f395eb417ed9dfdd00ff66ff1912f8bcb2bb6c2aca881f4e972299a453c7cc7fb3015b4cda06b1b9a36e67936dbb2
SSDEEP

3072:4Yj0vaeJvwlRYpFa3uOJ6lkCHtxYXgZS1XID/84R/9Ludv/TkPtac02PA4rDKH:0vtdwlRNuOJ6lkCHtaPX2/8m45/4jPA

Score

N/A

Malware Config

Signatures

Files

24d909cd2aed8632d168eecbc93cdbcfbab2b69410d6d11a50df910d593d0b66
.exe windows x86

44091ffab1631789179343e9a2d8961e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_finite
wcslen
srand
_ftol
_lseeki64
iswdigit
time
wcsrchr
_strnicmp
_cexit
free
_CIacos
__set_app_type
__p__osver
iswalpha
isspace
wcstoul
memmove
_tell
_purecall
fseek
wcscspn
_commit
fclose
_chsize
_wcslwr
_stat
wcsstr
_acmdln
_fileno
rand
_rotl
strstr
wcsncat
memcpy
__initenv
_XcptFilter
__p__iob
_ltow
strncpy
malloc
_access
_initterm
exit

ole32

CoImpersonateClient
CoRevertToSelf
CoGetMalloc
IIDFromString
CreateItemMoniker
PropVariantClear
OleLoadFromStream
CoTaskMemFree
StringFromIID
CLSIDFromProgID
OleSaveToStream
CoInitializeSecurity

rpcrt4

UuidFromStringW
RpcServerRegisterIfEx
RpcServerRegisterAuthInfoW
NdrOleAllocate
RpcEpResolveBinding
CStdStubBuffer_AddRef
UuidToStringW
IUnknown_QueryInterface_Proxy
CStdStubBuffer_Invoke
UuidToStringA
UuidCreate
RpcImpersonateClient
RpcStringBindingParseW
NdrStubCall2
RpcStringFreeA
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_Connect
NdrDllUnregisterProxy
RpcBindingFromStringBindingW
NdrCStdStubBuffer_Release
RpcRaiseException
NdrDllRegisterProxy
CStdStubBuffer_Disconnect
CStdStubBuffer_CountRefs
NdrServerCall2
IUnknown_AddRef_Proxy
RpcServerUnregisterIf
NdrCStdStubBuffer2_Release
CStdStubBuffer_DebugServerQueryInterface
RpcBindingToStringBindingW

user32

SetWindowPos
GetClassNameW
ShowWindow
LoadStringW
PostMessageA
SetWindowLongA
IntersectRect
CharPrevW
GetAsyncKeyState
GetWindow
EqualRect
GetWindowDC
DestroyIcon
IsIconic
GetMenuItemCount
CreateWindowExW
CreateWindowExA
CharPrevA
GetWindowPlacement
GetSubMenu
MessageBoxA
RegisterClassA
EnumChildWindows
SystemParametersInfoA
RegisterClassExA
SetMenu
MoveWindow
DestroyMenu
IsRectEmpty
TranslateMessage
GetForegroundWindow
CallWindowProcW

ntdll

wcstoul
RtlInitAnsiString
wcslen
RtlLengthSecurityDescriptor
RtlDeleteElementGenericTable
RtlRunDecodeUnicodeString
NtQueryVirtualMemory
atol
_wcsupr
RtlAppendUnicodeStringToString
RtlConvertSidToUnicodeString
RtlCreateHeap
NtOpenKey
strrchr

comctl32

PropertySheetW
CreatePropertySheetPageW
ImageList_Destroy
ImageList_ReplaceIcon
ImageList_Draw
InitCommonControlsEx
PropertySheetA
ImageList_Create
InitCommonControls

version

GetFileVersionInfoSizeA
GetFileVersionInfoSizeW
VerLanguageNameA
GetFileVersionInfoA
VerQueryValueW
VerQueryValueA
VerFindFileW
GetFileVersionInfoW

advapi32

GetLengthSid
InitializeSecurityDescriptor
RegEnumValueA
FreeSid
LookupAccountNameW
RegCreateKeyA
LsaFreeMemory
OpenSCManagerA
MakeSelfRelativeSD
GetSecurityDescriptorDacl
ReportEventW
AllocateAndInitializeSid
AdjustTokenPrivileges
RevertToSelf
LsaQueryInformationPolicy
OpenServiceW
RegEnumValueW
SetNamedSecurityInfoW
CheckTokenMembership
OpenServiceA
LockServiceDatabase
SetSecurityDescriptorDacl
ChangeServiceConfigW
SetSecurityDescriptorOwner
EqualSid
GetUserNameW
LookupPrivilegeValueW
LsaClose
GetSidIdentifierAuthority
RegDeleteKeyW
CloseServiceHandle
SetSecurityDescriptorGroup
RegSetValueW
RegCreateKeyW
GetTokenInformation
RegOpenKeyW
SetServiceStatus
DeregisterEventSource
RegisterEventSourceW
RegisterTraceGuidsW
ControlService

gdi32

ExtSelectClipRgn
CreateFontA
IntersectClipRect
GetStockObject
SetBkColor
CreateCompatibleBitmap
SelectPalette
Ellipse
Escape
StretchBlt
GetTextMetricsA
StretchDIBits
PatBlt
CreateDCA
CreateSolidBrush
GetClipRgn
RealizePalette
ScaleWindowExtEx
TextOutA
DeleteMetaFile
GetTextAlign
GetClipBox

oleaut32

SysAllocStringByteLen
SafeArrayPutElement
SysStringLen
VariantChangeTypeEx
SysFreeString
SafeArrayAccessData
CreateErrorInfo
SysStringByteLen
SafeArrayGetUBound
RegisterTypeLib
LoadTypeLib
SafeArrayUnaccessData
OleLoadPicture
SetErrorInfo
VariantCopy
SafeArrayPtrOfIndex
VariantClear
SafeArrayGetElement
GetErrorInfo

shell32

SHGetPathFromIDListA
SHFileOperationW
SHGetSpecialFolderLocation
SHGetFileInfoW
SHGetFolderPathW
DragQueryFileA
ShellExecuteA
SHBindToParent
ShellExecuteExW
SHGetSpecialFolderPathW
SHChangeNotify
SHGetMalloc
SHBrowseForFolderA
SHGetDesktopFolder
CommandLineToArgvW
ShellExecuteW
DragQueryFileW
SHGetPathFromIDListW

comdlg32

GetFileTitleW
GetSaveFileNameA
GetOpenFileNameW
CommDlgExtendedError
PrintDlgA
PageSetupDlgA
PrintDlgExW
FindTextA
PageSetupDlgW
ChooseFontW
PrintDlgW
ChooseColorW
GetSaveFileNameW
ChooseColorA

kernel32

GetExitCodeProcess
OpenMutexA
GetLocalTime
Thread32First
GlobalAlloc
GetStringTypeW
SetFileAttributesA
GetProcessHeap
GetModuleHandleA
VirtualAlloc
GetVersion
OpenEventW
ResumeThread
GetCommandLineA
Sleep
GetACP
WaitForSingleObject
OpenMutexW
InterlockedCompareExchange
DeleteFileW
SetLastError
GetStdHandle
QueryPerformanceCounter
GetCurrentProcess
VirtualProtect
ReadFile
GetFileAttributesW
GetDriveTypeA
GetModuleHandleW
GetConsoleMode
GetOEMCP
GetCurrentThreadId

Sections

DATA
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.textbss
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 154KB - Virtual size: 153KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.textbss
Size: 512B - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: 1024B - Virtual size: 1007B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

44091ffab1631789179343e9a2d8961e

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ole32

rpcrt4

user32

ntdll

comctl32

version

advapi32

gdi32

oleaut32

shell32

comdlg32

kernel32

Sections

DATA Size: 10KB - Virtual size: 10KB

.textbss Size: 7KB - Virtual size: 6KB

.text Size: 154KB - Virtual size: 153KB

.textbss Size: 512B - Virtual size: 18KB

BSS Size: 1024B - Virtual size: 1007B

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 1KB - Virtual size: 1KB

DATA
Size: 10KB - Virtual size: 10KB

.textbss
Size: 7KB - Virtual size: 6KB

.text
Size: 154KB - Virtual size: 153KB

.textbss
Size: 512B - Virtual size: 18KB

BSS
Size: 1024B - Virtual size: 1007B

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 1KB - Virtual size: 1KB