bd25241c5f48fe72b6ba6fe9ae15fff1bb6d72585f1b30a1758bdbc21f9f33ec

Sharing

Copy URL

Twitter E-mail

General

Target

bd25241c5f48fe72b6ba6fe9ae15fff1bb6d72585f1b30a1758bdbc21f9f33ec
Size

655KB
MD5

c2b3738b9d90a9911ed8d3d471de3f3a
SHA1

b5f5918378fa4dc7ade4b418f32b495165496bb1
SHA256

bd25241c5f48fe72b6ba6fe9ae15fff1bb6d72585f1b30a1758bdbc21f9f33ec
SHA512

8faf75c36e7fa9d13b076089d2730573243a0bbd58c6f055c3a5a6f2543a7194da45137ef3b954aecc85ca59c8cb585a495ef73289e1b955cbf5845d424ede63
SSDEEP

12288:tgAW9Ccmb7Cw+qk67lrEaNzRCkQxS4RZ/Z1OJVfk1X85sZxoUYK:qAYCcmbj+e71ncBBEgZ33ow

Score

N/A

Malware Config

Signatures

Files

bd25241c5f48fe72b6ba6fe9ae15fff1bb6d72585f1b30a1758bdbc21f9f33ec
.exe windows x86

6dfb6a780eb5ca09b7bd20f83449d5d7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegSaveKeyW
GetMultipleTrusteeOperationA
OpenProcessToken
ObjectCloseAuditAlarmA
GetTrusteeTypeW
MapGenericMask
InitializeSid
PrivilegedServiceAuditAlarmW
CryptAcquireContextA
BuildSecurityDescriptorW
RegDeleteValueW
RegEnumValueW
GetTrusteeNameA
LookupAccountNameA
CryptContextAddRef
ReadEventLogA
RegOpenKeyA
CryptDeriveKey
SetPrivateObjectSecurity
StartServiceW
GetSecurityDescriptorControl
CryptSetProviderExW
CryptExportKey
RegSetValueA
GetSecurityDescriptorOwner
GetTrusteeNameW
RegisterEventSourceW
BuildTrusteeWithNameA
RegEnumKeyExA
IsValidSid
TrusteeAccessToObjectA
StartServiceCtrlDispatcherW
SetEntriesInAuditListA
GetServiceDisplayNameW
CryptGetProvParam
CryptCreateHash
ControlService
SetEntriesInAccessListW
RegEnumKeyExW
LookupPrivilegeNameW
SetSecurityDescriptorGroup
LockServiceDatabase
ImpersonateLoggedOnUser
CreatePrivateObjectSecurity
GetMultipleTrusteeA
UnlockServiceDatabase
CryptGenKey
ConvertSecurityDescriptorToAccessA
GetKernelObjectSecurity
GetNamedSecurityInfoA
AdjustTokenPrivileges
CopySid
GetSecurityInfo
ConvertAccessToSecurityDescriptorW
SetFileSecurityA
FreeSid
RegSetKeySecurity
CryptDuplicateHash
RegCloseKey
GetServiceKeyNameW
SetSecurityDescriptorOwner
CancelOverlappedAccess
GetAccessPermissionsForObjectW
InitiateSystemShutdownA
SetNamedSecurityInfoExA
CryptDestroyHash

shlwapi

SHQueryInfoKeyW
PathUnmakeSystemFolderW
SHRegQueryUSValueW
SHRegEnumUSKeyW
StrStrIA
SHRegGetUSValueA
StrTrimA
SHRegWriteUSValueA
SHRegDuplicateHKey
PathBuildRootA
SHCreateStreamOnFileW
StrCpyNW
SHRegCreateUSKeyA
SHRegSetUSValueA
SHOpenRegStreamW
PathIsUNCW
UrlApplySchemeW
PathStripPathW
SHRegGetBoolUSValueA
UrlCompareA
PathCanonicalizeW
UrlUnescapeW
SHRegDeleteEmptyUSKeyW
PathAddExtensionW
StrCmpNW
PathSkipRootW
PathGetArgsW
SHDeleteValueA
StrSpnW
SHRegEnumUSKeyA
PathFindSuffixArrayW
PathRenameExtensionA
StrToIntExA
PathParseIconLocationW
StrRChrW
PathIsRootW
PathIsDirectoryEmptyA
StrFromTimeIntervalA
PathAddBackslashW
UrlIsA
PathIsRelativeW
PathCompactPathW
PathIsSameRootW
PathCompactPathExA
SHDeleteEmptyKeyW
PathIsNetworkPathA
PathRemoveArgsW
PathMatchSpecA
PathFindExtensionA
SHRegCreateUSKeyW
SHDeleteKeyW
StrFormatByteSize64A
PathGetDriveNumberA
PathIsUNCA
StrChrIW
PathMakePrettyW
StrChrA
PathFindExtensionW
PathRemoveExtensionW
ColorRGBToHLS
SHGetValueA
StrCSpnIW

user32

GetShellWindow
MsgWaitForMultipleObjectsEx
CallNextHookEx
GetCursor
GetOpenClipboardWindow
UnregisterClassA
SetUserObjectInformationW
EnumDisplayMonitors
UnhookWinEvent
GetMenuInfo
GetWindowRgn
DdeGetData
GetMenu
IsMenu
GetClassLongA
MapVirtualKeyExA
GetKeyboardType
OffsetRect
VkKeyScanW
EnableScrollBar
IsCharLowerA
CharNextExA
SetScrollRange
SetRectEmpty
GetMenuBarInfo
GetWindow
DdeUninitialize
GetMessagePos
DestroyIcon
CharToOemBuffW
DdeKeepStringHandle
CharUpperBuffW
CreateIcon
MsgWaitForMultipleObjects
EnumPropsExA
GrayStringW
EnumWindowStationsA
DdeCmpStringHandles
SetDebugErrorLevel
EnumDesktopsW
LockWindowUpdate
ChangeMenuW
DefMDIChildProcA
GetPropA
TrackMouseEvent
GetActiveWindow
LoadMenuIndirectW
CallWindowProcA
PostMessageA
CloseWindow
MoveWindow
LoadMenuW
GetWindowDC
VkKeyScanA
PostThreadMessageA
FreeDDElParam
DeferWindowPos
IsDialogMessageW
CreateDialogIndirectParamW
ValidateRect
SendInput
VkKeyScanExW
TranslateAccelerator
BeginDeferWindowPos
FindWindowExW
FlashWindowEx
CharToOemBuffA

kernel32

GetConsoleCP
FindClose
GlobalDeleteAtom
GetNamedPipeHandleStateW
WritePrivateProfileSectionA
GetDateFormatW
DefineDosDeviceW
GetNamedPipeHandleStateA
GetLogicalDrives
TlsAlloc
WideCharToMultiByte
GetWindowsDirectoryW
GetDriveTypeA
BackupRead
GetCurrentThread
lstrlenW
UpdateResourceA
GetConsoleScreenBufferInfo
GetTapePosition
GetVolumeInformationA
CreateFileW
SetThreadLocale
GetTapeParameters
GetThreadTimes
SetTapeParameters
GlobalFindAtomW
GetConsoleCursorInfo
WriteConsoleOutputA
WaitNamedPipeW
WaitForDebugEvent
Sleep
GetDefaultCommConfigW
WaitForMultipleObjectsEx
lstrcmp
CreateEventW
CreateThread
OpenMutexW
CreateRemoteThread
GetFullPathNameW
LockResource
lstrcmpiA
WaitForSingleObject
GetCommModemStatus
SetThreadPriorityBoost
EnumSystemLocalesA
SetConsoleOutputCP
CreateProcessA
WriteProcessMemory
SetFileAttributesA
GlobalReAlloc
CompareStringA
GetVersion
SetComputerNameW
SwitchToFiber
RequestWakeupLatency
DosDateTimeToFileTime
ConvertDefaultLocale
WaitNamedPipeA
CallNamedPipeA
ResumeThread
SetCalendarInfoW
BeginUpdateResourceW
GetNumberOfConsoleInputEvents
VirtualAlloc
VirtualProtect

ole32

CoQueryReleaseObject
OleGetIconOfFile
OleCreateFromData
CoGetClassObject
CreateILockBytesOnHGlobal
ReadClassStg
OleSetAutoConvert
ReadStringStream
UpdateDCOMSettings
GetHGlobalFromILockBytes
DllDebugObjectRPCHook
StgOpenStorageEx
OleCreateStaticFromData
StgCreateDocfileOnILockBytes
OleIsCurrentClipboard
CreateFileMoniker
IIDFromString
OleLoadFromStream
ReadOleStg
CoGetInstanceFromFile
CoTaskMemFree
ReadClassStm
OleRun
OpenOrCreateStream
OleQueryCreateFromData
OleCreateFromFileEx
GetHGlobalFromStream
CoInitialize
StgCreateDocfile
CoReleaseServerProcess
OleRegGetUserType
OleDuplicateData
CoGetInterfaceAndReleaseStream
IsEqualGUID
StgOpenStorageOnILockBytes
GetConvertStg
CoRegisterPSClsid
OleCreateDefaultHandler
CoFreeUnusedLibraries
CoRegisterSurrogate
OleSave
CoMarshalInterThreadInterfaceInStream
OleSetMenuDescriptor
CoReleaseMarshalData
StgGetIFillLockBytesOnILockBytes
WriteFmtUserTypeStg
CreateBindCtx
DoDragDrop
CoInitializeEx
OleCreateLinkEx
CoUninitialize
OleBuildVersion
StgOpenStorage
PropVariantCopy

Sections

.text
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6dfb6a780eb5ca09b7bd20f83449d5d7

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shlwapi

user32

kernel32

ole32

Sections

.text Size: 70KB - Virtual size: 69KB

.rdata Size: 9KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 20KB

.text
Size: 70KB - Virtual size: 69KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 20KB