9f8c41ee9a682eba9c52e8521c1da15d1cc3ed56d7a8db9278509fad3459d674

Sharing

Copy URL Twitter E-mail

General

Target

9f8c41ee9a682eba9c52e8521c1da15d1cc3ed56d7a8db9278509fad3459d674
Size

753KB
MD5

de56ec0b976075ebdd16f8dad28a3bfe
SHA1

b6e5fcd7f8203cf6545041529adcfef2b2f6a3d4
SHA256

9f8c41ee9a682eba9c52e8521c1da15d1cc3ed56d7a8db9278509fad3459d674
SHA512

cb5305c9a1badaae530dd67985dc36d1506746d190c30f3973fe80b01ae0670b6ea3af7d2f34183b4f8d707b076330e843a95268c958bd3bdeee9f1f5b02e7fc
SSDEEP

12288:vHg58cKlMY36NpghIHRGu2xc9pkwB2NkWHJcyOdN+zWNG1gYZ7lrkWcOONeNVbuI:PM9KlMY30geHRGu2S9pF8yMKN+zK6gYR

Score

N/A

Malware Config

Signatures

Files

9f8c41ee9a682eba9c52e8521c1da15d1cc3ed56d7a8db9278509fad3459d674
.exe windows x86

dd0f7a97c30f104692099a4aac2dd7e9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

UrlIsW
ColorAdjustLuma
PathRemoveExtensionA
SHGetValueA
PathIsFileSpecW
PathRemoveFileSpecA
UrlCombineA
StrFromTimeIntervalA
PathIsNetworkPathA
SHRegOpenUSKeyW
UrlHashW
PathIsNetworkPathW
SHRegCloseUSKey
SHEnumValueA
SHRegEnumUSValueA
StrToIntExW
SHEnumValueW
StrDupA
SHRegQueryUSValueW
PathMakeSystemFolderA
SHRegQueryInfoUSKeyW
SHRegDeleteUSValueA
UrlCompareW
SHRegGetUSValueW
PathIsDirectoryEmptyA
SHRegQueryUSValueA
StrChrIW
StrFormatByteSize64A
StrCpyW
PathIsPrefixW
StrFormatByteSizeA
StrRetToBufA
UrlCanonicalizeW
UrlGetLocationA
StrRetToStrW
PathRelativePathToA
SHSetValueA
PathRemoveArgsA
SHStrDupA
PathFindNextComponentW
PathIsUNCServerShareW
PathIsURLA
SHDeleteKeyW
StrCmpW
PathAddBackslashW
UrlCombineW
PathIsSystemFolderA
SHDeleteEmptyKeyA
PathCreateFromUrlW
StrSpnA
SHCreateShellPalette
AssocQueryKeyW
SHQueryValueExA
PathGetCharTypeW
StrFromTimeIntervalW
SHDeleteValueW
StrToIntW
UrlUnescapeW
SHOpenRegStreamW
SHRegCreateUSKeyA
PathCommonPrefixW
PathGetDriveNumberA
PathIsRootW
SHRegWriteUSValueW
SHRegEnumUSValueW
PathRenameExtensionA
ColorRGBToHLS
wnsprintfA
SHSetValueW
StrToIntA
StrCmpNIW
StrRetToStrA
SHDeleteEmptyKeyW
SHRegCreateUSKeyW
UrlApplySchemeW
PathQuoteSpacesW
PathCommonPrefixA
PathFindSuffixArrayA
StrPBrkW
StrRChrA
PathIsDirectoryW
PathStripPathW
SHSetThreadRef
PathIsSameRootW
PathUndecorateW
SHRegDuplicateHKey
HashData
StrIsIntlEqualW
IntlStrEqWorkerW
PathRemoveBackslashA
PathCanonicalizeA
AssocQueryStringByKeyA
SHGetInverseCMAP
StrRChrW
SHOpenRegStream2W
PathGetDriveNumberW
StrTrimA
UrlEscapeW
SHEnumKeyExA
SHRegSetUSValueA
PathAddExtensionA
PathIsUNCServerShareA
UrlIsNoHistoryW
PathCombineA
PathSearchAndQualifyW
StrRChrIW
PathAppendA
PathFindNextComponentA
StrChrW
SHDeleteKeyA
PathSearchAndQualifyA
SHQueryInfoKeyW
PathBuildRootW
StrCpyNW

user32

EndDialog
SystemParametersInfoW
CharPrevExA
GetWindowRgn
GetComboBoxInfo
DrawEdge
CharPrevA
GetMenuItemID
DdeNameService
SetActiveWindow
EnumChildWindows
IsMenu
GetMenuItemCount
IsChild
BeginPaint
SetWindowsHookExW
DdeUnaccessData
ValidateRect
IsWindow
GetNextDlgGroupItem
GetInputDesktop
CreateIcon
GetParent
GetPropA
DrawAnimatedRects
SetClassLongA
DefWindowProcW
SetCapture
InvertRect
LoadAcceleratorsW
GetSystemMetrics
DrawCaption
GetWindowDC
ModifyMenuW
GetNextDlgTabItem
CreateMDIWindowW
SwitchToThisWindow
DrawTextW
PostThreadMessageA
GetClipboardFormatNameA
CopyAcceleratorTableW
PostQuitMessage
GetWindowWord
CallMsgFilter
GetDoubleClickTime
EndMenu
SwitchDesktop
IsWindowEnabled
LoadStringW
EndTask
InSendMessageEx
SetRect
ValidateRgn
GetWindowTextA
SetMessageExtraInfo
MessageBoxIndirectA
GetMenuDefaultItem
DlgDirSelectComboBoxExA
ArrangeIconicWindows
GetDCEx
SetPropW
GetInputState
CreateDialogParamA
MessageBoxExW
OpenWindowStationA
CharNextA
RealChildWindowFromPoint
LoadMenuW
RemovePropA
SetWindowsHookA
OpenIcon
TranslateMessage
UnhookWinEvent
InvalidateRect
LoadCursorFromFileA
FrameRect
DdeUninitialize
DdeConnectList
IsDialogMessageA
DefWindowProcA
SendMessageTimeoutA
RegisterClassExA
LoadImageA
VkKeyScanExW
CharToOemBuffA
SetMenuItemInfoA
GetDesktopWindow
DdeAbandonTransaction
UnregisterHotKey
SetSystemCursor
UnregisterDeviceNotification
CloseClipboard
DispatchMessageA
GetMessageW
LoadMenuIndirectW
IsRectEmpty
MapVirtualKeyA
GetMenuItemInfoW
SetPropA
SetSysColors
GetClassInfoExA
GetKeyboardLayout
ToUnicode
HiliteMenuItem
GetClipboardOwner
ChangeMenuA
ReplyMessage
DrawIcon
SetWinEventHook
CopyIcon
MoveWindow
GetMenuBarInfo
DialogBoxIndirectParamW
CreateWindowExA
OpenInputDesktop
GetCapture
GetDlgCtrlID
DefMDIChildProcW
CreateIconFromResource
SetMessageQueue
ChangeClipboardChain
GetMenuStringW
InternalGetWindowText
SetUserObjectSecurity
SendIMEMessageExW
RegisterClipboardFormatW
WINNLSGetIMEHotkey
CharUpperBuffA
GetMenuContextHelpId

advapi32

GetServiceKeyNameA
GetOverlappedAccessResults
CancelOverlappedAccess
CryptGetDefaultProviderW
GetTrusteeTypeA
AddAuditAccessAce
LookupAccountSidW
BuildSecurityDescriptorA
GetAccessPermissionsForObjectW
GetMultipleTrusteeA
RegSetValueW
RegUnLoadKeyW
CryptGetHashParam
GetFileSecurityW
SetEntriesInAuditListW
GetEffectiveRightsFromAclA
OpenBackupEventLogA
RegCreateKeyExW
StartServiceCtrlDispatcherW
LookupPrivilegeDisplayNameW
RegEnumValueA
CryptSetProviderA
GetSidLengthRequired
SetEntriesInAccessListA
LookupPrivilegeValueW
ConvertAccessToSecurityDescriptorA
RegUnLoadKeyA
CloseEventLog
GetUserNameA
LockServiceDatabase
SetTokenInformation
RegSetValueExA
RegQueryValueA
ImpersonateNamedPipeClient
CloseServiceHandle
OpenServiceA
UnlockServiceDatabase
IsValidSecurityDescriptor
SetServiceStatus
SetFileSecurityW
BuildExplicitAccessWithNameW
SetSecurityInfo
CryptAcquireContextW
RegOpenKeyA
StartServiceCtrlDispatcherA
RegRestoreKeyA
SetFileSecurityA
CryptVerifySignatureA
CryptGetProvParam
MapGenericMask
NotifyBootConfigStatus
CryptContextAddRef
CryptEnumProviderTypesA
QueryServiceConfigA
SetNamedSecurityInfoExA
BuildImpersonateExplicitAccessWithNameA
RegOpenKeyExA
SetSecurityDescriptorGroup
GetNamedSecurityInfoW
AccessCheck
GetFileSecurityA
RegQueryValueExW
CryptReleaseContext
RegDeleteValueA
ObjectCloseAuditAlarmA
CryptGetKeyParam
ControlService
CryptEncrypt
RegQueryInfoKeyA
GetMultipleTrusteeOperationW
EnumDependentServicesA
SetNamedSecurityInfoExW
EnumServicesStatusA
SetSecurityInfoExA
GetTrusteeNameW
CryptSignHashA
GetSecurityInfoExA
DeregisterEventSource
CryptImportKey
GetSecurityDescriptorSacl
QueryServiceConfigW
MakeSelfRelativeSD
RegisterEventSourceW
SetSecurityInfoExW
CryptDestroyKey
CryptAcquireContextA
AddAccessDeniedAce
LookupAccountNameW
RegDeleteKeyW
ImpersonateSelf
AddAccessAllowedAce
SetNamedSecurityInfoW
RevertToSelf
SetServiceObjectSecurity
ClearEventLogW
LookupPrivilegeNameW
ChangeServiceConfigA
CreateServiceW
InitiateSystemShutdownW
ReportEventA
GetMultipleTrusteeW
RegOpenKeyExW
AdjustTokenGroups
PrivilegedServiceAuditAlarmA
ObjectDeleteAuditAlarmW
GetUserNameW
SetEntriesInAclW
ObjectOpenAuditAlarmW
RegEnumKeyA
RegCreateKeyExA
GetEffectiveRightsFromAclW
BuildImpersonateTrusteeA
LookupPrivilegeValueA
GetNamedSecurityInfoExA
RegSaveKeyA
SetSecurityDescriptorOwner
EnumDependentServicesW
EnumServicesStatusW
CryptExportKey
FreeSid
LookupSecurityDescriptorPartsW
CryptDecrypt
GetCurrentHwProfileA
QueryServiceStatus
DeleteAce
DestroyPrivateObjectSecurity
SetSecurityDescriptorDacl
ReportEventW
DuplicateToken
QueryServiceLockStatusW
CryptDestroyHash
CreatePrivateObjectSecurity

kernel32

GetSystemTimeAsFileTime
TlsGetValue
GetNamedPipeHandleStateW
WriteConsoleOutputCharacterA
ReadConsoleA
VirtualProtect
SetConsoleTitleA
lstrcmp
VirtualAlloc
CreateThread
SetThreadAffinityMask
FileTimeToSystemTime
GetCurrencyFormatW
MapViewOfFileEx
WaitForSingleObjectEx
GetProcessShutdownParameters
GetCommandLineA
GetFileAttributesExA
LoadLibraryA
GetCurrentDirectoryW
ReadFileEx
IsBadWritePtr
GetLocaleInfoW
DeleteAtom
MoveFileA
UnmapViewOfFile
SwitchToFiber
GetFileInformationByHandle
GetLongPathNameA
WaitForMultipleObjectsEx
FindFirstFileExA
GetStringTypeExW
GenerateConsoleCtrlEvent
GetCurrentDirectoryA
EnumCalendarInfoA
CreateFileA
ReadConsoleOutputCharacterW
DisableThreadLibraryCalls
RemoveDirectoryA
OpenFileMappingA
GetTapeParameters
lstrlen
LocalCompact
EnumTimeFormatsW
DefineDosDeviceW
GetProcessHeap
GlobalUnWire
GetProfileIntW
GetEnvironmentStringsW
EnumDateFormatsW
SetConsoleWindowInfo
WriteConsoleA
EnumCalendarInfoExW
CopyFileW
GetCalendarInfoW
Toolhelp32ReadProcessMemory
WritePrivateProfileStringA
IsValidLocale
BeginUpdateResourceW
GetPrivateProfileIntW
ReadConsoleOutputW
GetQueuedCompletionStatus
GetTapeStatus
SetupComm
GetUserDefaultLCID
lstrcmpiA
GetWindowsDirectoryA
GetProfileIntA
GetEnvironmentVariableA
GetMailslotInfo
CreateEventW
GetConsoleTitleW
IsBadHugeReadPtr
GetProcessPriorityBoost
GetStringTypeA
SetCommConfig
GetStartupInfoA
EnumCalendarInfoW
FormatMessageA
ConvertThreadToFiber
LockFileEx
GetSystemTime
SetEnvironmentVariableA
CreateConsoleScreenBuffer
FlushFileBuffers
FindNextFileA
GetConsoleCursorInfo
GetPrivateProfileSectionNamesW
SetThreadPriority
CreateRemoteThread
GetShortPathNameA
SetFileAttributesW
RaiseException
GetOverlappedResult
ClearCommError
GetAtomNameA
FindFirstFileW
GlobalGetAtomNameA
IsSystemResumeAutomatic
HeapFree
GlobalAlloc
SizeofResource
SuspendThread
SetCurrentDirectoryW
FreeLibraryAndExitThread
SleepEx
SetFileTime
GetComputerNameW
SetFileApisToOEM
SetConsoleTextAttribute
GetDevicePowerState
ResumeThread
GetConsoleOutputCP
AddAtomW
GetPriorityClass
TlsAlloc
VirtualQueryEx
WriteFileEx
LocalShrink
GetDriveTypeA
FoldStringA
WaitNamedPipeW

ole32

CoReleaseServerProcess
StgCreateDocfileOnILockBytes
GetConvertStg
CoLoadLibrary
OleRegGetUserType
OleLockRunning
MonikerRelativePathTo
OleQueryLinkFromData
OleGetIconOfFile
CreateObjrefMoniker
OleCreateMenuDescriptor
OleGetAutoConvert
CoSwitchCallContext
CoGetCurrentLogicalThreadId
CLSIDFromString
MonikerCommonPrefixWith
CreatePointerMoniker
CoGetObject
CoGetClassObject
CoAddRefServerProcess
MkParseDisplayName
WriteStringStream
CoTreatAsClass
OleCreateLinkEx
OleConvertOLESTREAMToIStorageEx
CoFreeUnusedLibraries
CoTaskMemRealloc
GetHGlobalFromILockBytes
IIDFromString
CoCreateFreeThreadedMarshaler
OleCreateEx
GetDocumentBitStg
OleSetAutoConvert
SetConvertStg
OleFlushClipboard
OleDuplicateData
BindMoniker
OleGetClipboard
StgOpenAsyncDocfileOnIFillLockBytes
OleRegGetMiscStatus
CoGetPSClsid
CoSetProxyBlanket
CoRegisterMessageFilter
CoGetStandardMarshal
CreateBindCtx
GetRunningObjectTable
ReadClassStg
StgOpenStorage
OleDraw
CoReleaseMarshalData
CoInitializeSecurity
OleDoAutoConvert
CoFileTimeToDosDateTime
OleCreateFromFileEx
CoIsOle1Class
OleBuildVersion
OleCreateFromDataEx
CoIsHandlerConnected
CreateDataAdviseHolder
StgOpenStorageEx
CoCreateInstanceEx
CoDosDateTimeToFileTime
OleRegEnumFormatEtc
ReadFmtUserTypeStg
CoFreeAllLibraries
CoMarshalInterThreadInterfaceInStream
StringFromIID
OleQueryCreateFromData
CreateOleAdviseHolder
StringFromGUID2
DoDragDrop
CoRegisterChannelHook
RegisterDragDrop
StgSetTimes
GetHGlobalFromStream
WriteClassStg
OleConvertIStorageToOLESTREAMEx
CoImpersonateClient
CoUnmarshalInterface
CoCreateGuid
OleSave
CoCopyProxy
OleCreateLinkToFileEx
CoQueryReleaseObject
CoTaskMemFree
CoCreateInstance
StgIsStorageILockBytes
EnableHookObject
OleDestroyMenuDescriptor
CoRegisterClassObject
StgGetIFillLockBytesOnFile
CoQueryAuthenticationServices
CoGetInterfaceAndReleaseStream
CoGetCallContext

Sections

.text
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 91B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

dd0f7a97c30f104692099a4aac2dd7e9

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

user32

advapi32

kernel32

ole32

Sections

.text Size: 68KB - Virtual size: 68KB

.rdata Size: 17KB - Virtual size: 16KB

.data Size: 512B - Virtual size: 91B

.text
Size: 68KB - Virtual size: 68KB

.rdata
Size: 17KB - Virtual size: 16KB

.data
Size: 512B - Virtual size: 91B