c61358b5198dc0efb943413b0f36023f20f43865db828cfb0919d351e1ac9cb6

Sharing

Copy URL Twitter E-mail

General

Target

c61358b5198dc0efb943413b0f36023f20f43865db828cfb0919d351e1ac9cb6
Size

298KB
MD5

db8448a05803fa07c12592b5b5514651
SHA1

7d9f8f49b650c4a9efa6f297a65a76924f3273a9
SHA256

c61358b5198dc0efb943413b0f36023f20f43865db828cfb0919d351e1ac9cb6
SHA512

05f35b2a5252a8877ceb6ad8a0bfa8a356c8bb9c2a99d5e71ff850b83155189db5dc7acf7a69476ea06638d99d2779db9d7b14474982f808f3dfa46ad0777900
SSDEEP

6144:E8GDZgGiLt02laZqsAvjwMncxB/GIbghdC6IGjrd67h5Sv11Fz:EvZ+/lashLwLL+IbSrUM

Score

N/A

Malware Config

Signatures

Files

c61358b5198dc0efb943413b0f36023f20f43865db828cfb0919d351e1ac9cb6
.exe windows x86

80b2f104ba8daeb34e97aa093185475e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetDlgCtrlID
WindowFromPoint
GetMenuItemID
LoadIconW
CopyAcceleratorTableW
GetPropA
ValidateRgn
IsCharUpperA
GetWindowModuleFileNameW
SwitchToThisWindow
SetProcessDefaultLayout
GetGuiResources
GetGUIThreadInfo
DefMDIChildProcW
IsWindow
PeekMessageW
ScrollDC
LoadBitmapW
CallMsgFilterA
UnregisterDeviceNotification
EnumDisplaySettingsA
GetDCEx
ToAscii
LoadAcceleratorsW
InsertMenuW
ShowWindow
LoadMenuW
RegisterClassW
IntersectRect
RemovePropA
EnumPropsExW
CreateDialogParamA
EnumDisplayDevicesW
LoadCursorW
GetMenuItemRect
GetClassLongA
MapVirtualKeyW
IsRectEmpty
TileWindows
ModifyMenuA
GetWindowTextLengthA
FindWindowW
MessageBoxExA
GetTabbedTextExtentA
DragDetect
LoadCursorA
CharLowerW
SetMenuDefaultItem
IsCharLowerW
MonitorFromWindow
DdeInitializeW
MapWindowPoints
GetUserObjectInformationA
RegisterWindowMessageA
DdeAccessData
DdeQueryStringW
SendNotifyMessageA
GetWindowRect
RemoveMenu
GetKeyNameTextW
GetScrollRange
DragObject
DdeImpersonateClient
ChildWindowFromPointEx
CharPrevA
EnumPropsA
AnimateWindow
EndDialog
DdeDisconnect
BroadcastSystemMessageW
CreateAcceleratorTableW
SwitchDesktop
PtInRect
SetDlgItemTextA
DdeUnaccessData
CharUpperBuffW
DefWindowProcA
DefDlgProcA
GetKeyNameTextA
IsCharAlphaW
ArrangeIconicWindows
VkKeyScanExW
DrawTextExA
ChangeClipboardChain
DdeKeepStringHandle
GetKeyboardLayout
AnyPopup
DefDlgProcW
DdeQueryStringA
UnhookWindowsHookEx
CopyIcon
InsertMenuItemA
DrawEdge
SetMenuItemBitmaps
CharNextW
GetUpdateRect
GetWindowLongA
DestroyCursor
WinHelpA
GetMenuItemInfoW
SetForegroundWindow
GetDlgItem
GetMenuStringW
GetSystemMetrics
RealGetWindowClass
ValidateRect
GetMenuInfo
SendIMEMessageExA
IsChild
DestroyMenu
CreateWindowStationW
LookupIconIdFromDirectoryEx
SetParent
OemKeyScan
EditWndProc
VkKeyScanExA
GetClipboardData
EnableMenuItem
UnloadKeyboardLayout
CheckDlgButton
TabbedTextOutW
GetAncestor
UnhookWinEvent
DestroyWindow
FindWindowExW
GetClipboardOwner
FreeDDElParam
EndMenu
DrawTextA
GetKeyboardLayoutNameW
GetWindowWord
TabbedTextOutA
DlgDirSelectComboBoxExA
CreateDialogIndirectParamW
DrawFocusRect
SetWindowRgn
DdeClientTransaction

ole32

StgCreateDocfileOnILockBytes
UtConvertDvtd32toDvtd16
CoGetTreatAsClass
CoCopyProxy
CoFileTimeToDosDateTime
PropVariantCopy
OleRegEnumFormatEtc
CoGetInstanceFromFile
EnableHookObject
RegisterDragDrop
CreateDataAdviseHolder
OleConvertOLESTREAMToIStorage
OleCreateFromFile
OleCreateFromDataEx
OleCreateEmbeddingHelper
CreateFileMoniker
StgCreateStorageEx
IIDFromString
CoFileTimeNow
CoCreateInstanceEx
UpdateDCOMSettings
IsEqualGUID
OleDraw
OleSetMenuDescriptor
OleDuplicateData
OleCreateEx
CoQueryProxyBlanket
OleCreateDefaultHandler
ReleaseStgMedium
CoGetObject
CoRegisterPSClsid
CoImpersonateClient
OleCreateLinkToFile
OleCreateLinkFromDataEx
OleCreateLinkToFileEx
OleConvertIStorageToOLESTREAMEx
GetHGlobalFromStream
DllDebugObjectRPCHook
UtGetDvtd16Info
CreateOleAdviseHolder
FreePropVariantArray
OleCreateFromData
CoQueryReleaseObject
CreateAntiMoniker
CoSetProxyBlanket
CreateBindCtx
CoGetCallContext
CoFreeLibrary
StgGetIFillLockBytesOnILockBytes
CoCreateInstance
UtConvertDvtd16toDvtd32
CoAddRefServerProcess
OleRegGetMiscStatus
CoUninitialize
CoDosDateTimeToFileTime
StgCreateDocfile
StgIsStorageILockBytes
OleSetClipboard
ReadClassStm
OleCreateMenuDescriptor
CoRegisterMessageFilter
DoDragDrop
CoLockObjectExternal
OleSetAutoConvert
OleIsCurrentClipboard
CoTreatAsClass
OleSave
StgOpenAsyncDocfileOnIFillLockBytes
GetDocumentBitStg
CreateStreamOnHGlobal
CoRegisterMallocSpy
CoBuildVersion
UtGetDvtd32Info
StgIsStorageFile
CoUnmarshalInterface
CoFreeAllLibraries
CoInitializeSecurity
StringFromGUID2
OleUninitialize
StgOpenStorage
OleCreateFromFileEx
CoQueryClientBlanket
ReadFmtUserTypeStg
StringFromCLSID
CoGetCallerTID
CreateClassMoniker
CreateDataCache
CoRevokeMallocSpy
StgSetTimes
CoRegisterSurrogate
ProgIDFromCLSID
ReadOleStg
OleNoteObjectVisible
OleSaveToStream
OleTranslateAccelerator
OleQueryCreateFromData
CoResumeClassObjects
GetConvertStg

kernel32

ReadProcessMemory
SetFileAttributesW
GlobalAddAtomW
LocalHandle
GetPrivateProfileIntW
lstrcmpiA
GetSystemDirectoryA
SetMessageWaitingIndicator
CreatePipe
FlushViewOfFile
CopyFileW
GetCurrentThread
VirtualAlloc
FreeLibrary
IsBadStringPtrA
GetExitCodeThread
BuildCommDCBA
SetCommBreak
CreateWaitableTimerW
GetDriveTypeA
VirtualQuery
SetFileTime
SetConsoleCursorInfo
SetSystemPowerState
VirtualProtect
GetSystemDefaultLCID
lstrcatA
LoadResource
GetProfileSectionW
GetLongPathNameA
GetStartupInfoA
Process32First
VirtualQueryEx
GetPriorityClass
Sleep
ReadConsoleOutputW
BeginUpdateResourceW
IsBadReadPtr
GetConsoleCP
WritePrivateProfileStringA
FreeResource
SwitchToFiber
WriteConsoleW
GetConsoleTitleA
BackupWrite
lstrcpyn
GetTapeStatus
GetLogicalDriveStringsA
GetOEMCP
RtlFillMemory
Thread32First
DeviceIoControl
Heap32Next
EnumDateFormatsExA
LocalLock
GetWindowsDirectoryA
AllocConsole
UnhandledExceptionFilter
SetEnvironmentVariableW
GetPrivateProfileSectionNamesW
ScrollConsoleScreenBufferA
SetHandleInformation
FindAtomA
MapViewOfFile
GetProcessPriorityBoost
TlsGetValue
GetLongPathNameW
IsBadHugeReadPtr
WriteProfileSectionW
GetPrivateProfileStringA
GetThreadPriorityBoost
GetTimeFormatW
SizeofResource
IsBadWritePtr
Heap32First
GetVersionExW
TransactNamedPipe
GetDateFormatA
GetProcessWorkingSetSize
IsValidCodePage
GetProfileStringW
GetCurrentProcess
SetComputerNameW
OutputDebugStringA
HeapValidate
GetCurrencyFormatW
SetUnhandledExceptionFilter
GetCompressedFileSizeA
CompareStringW
FindFirstFileA
SetThreadAffinityMask
WriteFileGather
LockResource
GetDiskFreeSpaceExW
GetFileAttributesA
ReadFileScatter
lstrcatW
WriteConsoleOutputW
EnumDateFormatsA
GetShortPathNameW
GetProcAddress
LockFileEx
lstrcpynA
PeekNamedPipe
ReadDirectoryChangesW
GenerateConsoleCtrlEvent
CreateDirectoryA
UnlockFile
GetProcessHeap
GetVersionExA
ResetEvent
CancelWaitableTimer
GetCommMask
SetFileApisToOEM
HeapFree
GetNumberOfConsoleMouseButtons
lstrcmpi
GetConsoleMode
CreateMailslotW
GlobalSize
SetDefaultCommConfigW
GetSystemInfo
GetWriteWatch
GetTempFileNameW
GetPrivateProfileSectionNamesA
PurgeComm
FoldStringW
CreateTapePartition
LoadLibraryExW
ReadConsoleOutputCharacterW

advapi32

CryptAcquireContextA
RegCreateKeyExW
OpenBackupEventLogW
SetNamedSecurityInfoA
CryptDestroyHash
CryptGetKeyParam
CryptSetProviderExA
RegSetValueExW
SetServiceObjectSecurity
LookupAccountSidA
GetMultipleTrusteeW
GetTokenInformation
CryptDuplicateKey
IsTextUnicode
EqualPrefixSid
RegQueryValueW
PrivilegedServiceAuditAlarmW
ConvertAccessToSecurityDescriptorA
AreAnyAccessesGranted
CloseServiceHandle
RegQueryMultipleValuesA
SetSecurityInfoExA
MapGenericMask
ChangeServiceConfigW
SetEntriesInAclW
CryptCreateHash
IsValidSid
RegUnLoadKeyW
EnumServicesStatusW
GetServiceKeyNameW
RegQueryValueExW
CryptDestroyKey
LookupPrivilegeDisplayNameW
GetServiceDisplayNameA
InitiateSystemShutdownA
ConvertSecurityDescriptorToAccessNamedA
CryptExportKey
QueryServiceStatus
CryptSignHashW
SetSecurityInfo
GetEffectiveRightsFromAclA
EqualSid
CryptEnumProvidersA
CryptGenKey
MakeAbsoluteSD
DuplicateToken
CryptSetHashParam
OpenThreadToken
RegGetKeySecurity
GetSecurityDescriptorControl
RegisterEventSourceA
GetCurrentHwProfileA
RegConnectRegistryW
GetSecurityInfoExA
LookupAccountSidW
RegOpenKeyW
GetTrusteeTypeW
RegQueryMultipleValuesW
CryptEnumProvidersW
DeleteService
RegLoadKeyA
ObjectCloseAuditAlarmA
NotifyBootConfigStatus
RegLoadKeyW
CopySid
CryptEnumProviderTypesW
SetSecurityDescriptorGroup
OpenBackupEventLogA
RegEnumValueW
ReadEventLogW
ImpersonateLoggedOnUser
RegQueryInfoKeyA
AddAuditAccessAce
GetNamedSecurityInfoA
GetUserNameW
RegSaveKeyW
SetAclInformation
CryptHashSessionKey
RegNotifyChangeKeyValue
PrivilegeCheck
AbortSystemShutdownW
SetNamedSecurityInfoExW
RegEnumKeyExW
CryptImportKey
RegEnumKeyExA
ConvertAccessToSecurityDescriptorW
RegDeleteKeyA
CryptGenRandom
GetAce
RegCreateKeyA
StartServiceCtrlDispatcherW
BuildTrusteeWithNameA
CreateProcessAsUserW
SetNamedSecurityInfoExA
GetSecurityDescriptorOwner
AllocateAndInitializeSid
SetTokenInformation
RegSetKeySecurity
QueryServiceConfigA
FreeSid
CryptSetProviderW
ConvertSecurityDescriptorToAccessW
CreateProcessAsUserA
RegEnumValueA
GetNamedSecurityInfoExA
StartServiceW
BuildImpersonateExplicitAccessWithNameW
InitiateSystemShutdownW
GetSecurityDescriptorLength
GetAuditedPermissionsFromAclW
SetEntriesInAccessListW
GetKernelObjectSecurity
GetExplicitEntriesFromAclW
AdjustTokenGroups
RegEnumKeyA
CryptDecrypt

shlwapi

StrToIntA
PathUndecorateW
PathIsDirectoryA
StrCatBuffW
PathGetCharTypeA
StrIsIntlEqualW
PathFindFileNameA
UrlCanonicalizeW
SHEnumKeyExW
UrlCombineA
SHDeleteEmptyKeyW
SHEnumValueA
UrlIsOpaqueW
PathCompactPathA
SHAutoComplete
UrlHashA
SHRegWriteUSValueA
SHRegGetUSValueW
SHRegQueryInfoUSKeyW
SHDeleteKeyW
StrToIntExW
AssocQueryKeyA
PathAddExtensionW
PathRemoveArgsW
AssocQueryKeyW
PathIsRootW
PathIsSameRootA
StrChrA
PathFindFileNameW
PathIsUNCW
SHRegQueryUSValueW
StrRChrW
SHRegDeleteEmptyUSKeyW
PathSkipRootA
UrlGetPartA
PathRemoveFileSpecA
StrStrIW
SHGetThreadRef
PathFileExistsW
PathIsUNCA
UrlEscapeW
StrCmpIW
PathMatchSpecA
SHRegSetUSValueW
SHEnumValueW
PathIsDirectoryW
StrChrIW
PathStripPathW
SHDeleteEmptyKeyA
SHStrDupA
StrCatBuffA
PathIsLFNFileSpecA
SHRegOpenUSKeyW
SHCopyKeyW
StrRetToBufA
StrCmpNW
ColorRGBToHLS
PathCompactPathExW
SHRegEnumUSValueA
PathUndecorateA
PathIsLFNFileSpecW
PathIsPrefixW
IntlStrEqWorkerW
StrCatW
PathGetDriveNumberA
PathFindOnPathW
SHRegDeleteUSValueW
PathSkipRootW
SHOpenRegStream2W
PathIsSystemFolderA
PathRelativePathToA
UrlCanonicalizeA
PathFindSuffixArrayA
StrCpyW
StrDupA
SHOpenRegStreamA
StrCSpnIW
StrFormatByteSize64A
PathMakeSystemFolderW
StrFromTimeIntervalW
PathQuoteSpacesW
SHRegDeleteEmptyUSKeyA
PathGetDriveNumberW
StrNCatW
StrStrW
UrlUnescapeW
StrToIntW
PathFindOnPathA
UrlIsA
StrDupW
StrChrIA
SHCreateStreamOnFileW
PathStripPathA
SHQueryValueExA
PathFindExtensionW
PathMakePrettyW
StrFormatByteSizeA
StrCSpnA
SHRegWriteUSValueW
PathSetDlgItemPathW
StrTrimA
AssocQueryStringW
SHEnumKeyExA
ChrCmpIW

Sections

.text
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

80b2f104ba8daeb34e97aa093185475e

Headers

DLL Characteristics

File Characteristics

Imports

user32

ole32

kernel32

advapi32

shlwapi

Sections

.text Size: 68KB - Virtual size: 68KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 512B - Virtual size: 4KB

.text
Size: 68KB - Virtual size: 68KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 512B - Virtual size: 4KB