534d4bb159fe1bd54fafea0a2093ebf7458405f8b3b4639aad1af39ff6e00116

Sharing

Copy URL Twitter E-mail

General

Target

534d4bb159fe1bd54fafea0a2093ebf7458405f8b3b4639aad1af39ff6e00116
Size

408KB
MD5

67aaeb01ef224f31b63330db0ff79d10
SHA1

d8a055e52818ab2bf4aa3b2c8e0638aac7eb1a0f
SHA256

534d4bb159fe1bd54fafea0a2093ebf7458405f8b3b4639aad1af39ff6e00116
SHA512

2e3ff01150d008a0d6baea98a9ab6192ab0638ed08981dd3f8b760632547da1f27370b92f65edebeebbab65b673ca9a44e1bab8704ff97352608d82f58038a3d
SSDEEP

6144:7/YTcvRMum32u1MtSf4Kbs0Sm7CJAt8W9eBhxgHL9+mLBvgCAItG9rC9tK2asDLe:7Qh2u1Xf5sTm7VmO+hqLBPf2rytKwHK

Score

N/A

Malware Config

Signatures

Files

534d4bb159fe1bd54fafea0a2093ebf7458405f8b3b4639aad1af39ff6e00116
.exe windows x86

6ae63087122c070ca3f31dc1dce264df

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapLock
ConnectNamedPipe
FileTimeToSystemTime
GlobalGetAtomNameA
SetDefaultCommConfigW
CreateDirectoryW
DeleteFileW
WriteConsoleInputW
GetProcessShutdownParameters
UnlockFile
VirtualProtect
SetComputerNameA
GetModuleHandleA
VirtualProtectEx
GetPrivateProfileIntA
ResetEvent
SetConsoleOutputCP
RequestWakeupLatency
GetCurrentDirectoryA
DosDateTimeToFileTime
GetPrivateProfileStringW
ExpandEnvironmentStringsW
GetProcAddress
GetTempPathW
GetLocaleInfoW
CopyFileExA
VerLanguageNameW
EndUpdateResourceA
ReadConsoleA
GetPrivateProfileIntW
EnumTimeFormatsW
GetSystemDirectoryW
LocalFree
GetPrivateProfileSectionA
lstrcpyW
LockFile
DeviceIoControl
GetTempFileNameW
GetEnvironmentStrings
ExitProcess
FreeEnvironmentStringsA
UpdateResourceA
EnumResourceLanguagesW
CallNamedPipeA
GetTickCount
SetComputerNameW
SetEnvironmentVariableA
AreFileApisANSI
ReadProcessMemory
FindFirstChangeNotificationW
ReadConsoleOutputCharacterW
GetDateFormatW
SetTapeParameters
GetTapeParameters
Heap32First
CompareStringW
LocalFlags
CreateProcessA
BeginUpdateResourceA
CreateFileMappingW
GetLocaleInfoA
Heap32ListNext
TlsGetValue
GlobalUnlock
GetLargestConsoleWindowSize
MapViewOfFile
CreateMailslotW
IsBadStringPtrW
VirtualLock
FormatMessageA
IsDBCSLeadByte
SetUnhandledExceptionFilter
HeapCompact
GetDefaultCommConfigA
WaitForMultipleObjects
GetSystemTimeAsFileTime
FindAtomA
VirtualAllocEx
lstrcatA
UpdateResourceW
DuplicateHandle
GetVersionExA
GlobalReAlloc
DefineDosDeviceA
FindClose
GetCompressedFileSizeW
ClearCommBreak
ClearCommError
GlobalLock
GlobalHandle
SetConsoleCursorInfo
GetComputerNameW
CreateDirectoryExW
SetProcessWorkingSetSize
GetFullPathNameW
LoadModule
BuildCommDCBA
SetCommState
IsProcessorFeaturePresent
ReadFile
GetDiskFreeSpaceExW
GetCommModemStatus
CreateMutexA
lstrlenW
SetTimeZoneInformation
PeekConsoleInputA
GetLastError
GetVersionExW
OpenMutexW
CompareStringA
GetCommandLineW
EnumSystemLocalesA
GetConsoleCP
ResetWriteWatch
ReadConsoleOutputW
EscapeCommFunction
GetExitCodeProcess
BackupRead
SwitchToThread
CopyFileExW
GetModuleHandleW
SetConsoleMode
CreateThread
GetCPInfoExA
LocalAlloc
DeleteAtom
AddAtomW
SetConsoleCursorPosition
Heap32ListFirst
CreateSemaphoreA
GetCurrencyFormatW
TerminateProcess
GlobalAlloc
TlsSetValue
GetNamedPipeHandleStateW
GetDiskFreeSpaceExA
CreateProcessW
SearchPathA
OpenFileMappingW
ContinueDebugEvent
WriteProcessMemory
GetSystemPowerStatus
DisconnectNamedPipe
GetProcessTimes
GetVolumeInformationA
WriteProfileSectionA
BuildCommDCBAndTimeoutsA
GlobalFix
VirtualAlloc

advapi32

CryptEnumProviderTypesA
CryptReleaseContext
RegDeleteValueW
GetAuditedPermissionsFromAclW
RegQueryInfoKeyW
SetEntriesInAclW
StartServiceA
OpenEventLogW
EnumServicesStatusA
GetSecurityDescriptorGroup
RegFlushKey
QueryServiceLockStatusA
CryptGetUserKey
IsValidSid
BuildImpersonateTrusteeA
SetEntriesInAccessListA
GetTrusteeNameA
GetServiceKeyNameW
SetNamedSecurityInfoExA
LogonUserW
CryptHashData
DeleteService
BuildTrusteeWithSidA
InitializeSecurityDescriptor
SetEntriesInAclA
RegReplaceKeyA
GetEffectiveRightsFromAclW
CryptDestroyKey
CryptDuplicateKey
OpenEventLogA
RegSetValueW
ConvertSecurityDescriptorToAccessNamedW
LookupPrivilegeValueW
GetEffectiveRightsFromAclA
SetSecurityInfo
LookupPrivilegeDisplayNameW
CopySid
BuildImpersonateExplicitAccessWithNameW
QueryServiceConfigW
GetCurrentHwProfileA
LookupPrivilegeNameW
LookupPrivilegeNameA
DuplicateToken
GetNamedSecurityInfoW
CryptSetProviderA
RegCreateKeyExW
AreAllAccessesGranted
RegOpenKeyA
OpenBackupEventLogA
GetNamedSecurityInfoExA
NotifyBootConfigStatus
TrusteeAccessToObjectW
GetSidLengthRequired
SetKernelObjectSecurity
CancelOverlappedAccess
ObjectCloseAuditAlarmW
RegOpenKeyExW
BuildImpersonateExplicitAccessWithNameA
GetSecurityDescriptorLength
StartServiceCtrlDispatcherA
AddAuditAccessAce
GetKernelObjectSecurity
RegGetKeySecurity
ConvertSecurityDescriptorToAccessNamedA
DestroyPrivateObjectSecurity
CreateProcessAsUserW
RegEnumKeyW
GetCurrentHwProfileW
CryptHashSessionKey
AccessCheckAndAuditAlarmA
RegUnLoadKeyW
EqualSid
CryptSetProviderW
GetOldestEventLogRecord
LookupSecurityDescriptorPartsW
ReadEventLogA
EqualPrefixSid
CryptDestroyHash
CryptGetKeyParam
GetTokenInformation
RegOpenKeyW
CryptDeriveKey
LookupAccountNameW
SetEntriesInAccessListW
DuplicateTokenEx
RegCloseKey
RegConnectRegistryW
RegQueryMultipleValuesA
CreateProcessAsUserA
InitiateSystemShutdownA
RegRestoreKeyW
QueryServiceConfigA
RegReplaceKeyW
SetNamedSecurityInfoExW
CryptEnumProvidersA
CryptVerifySignatureA
GetLengthSid
PrivilegedServiceAuditAlarmA
GetServiceDisplayNameW
GetAccessPermissionsForObjectW
CryptEncrypt
OpenThreadToken
TrusteeAccessToObjectA
CryptExportKey
RegSaveKeyA
ObjectDeleteAuditAlarmA
GetTrusteeTypeA
RegDeleteValueA
GetAuditedPermissionsFromAclA
RegisterEventSourceA

ole32

GetHookInterface
OleFlushClipboard
CoMarshalHresult
UtGetDvtd32Info
CoGetClassObject
CoSetProxyBlanket
OleCreateLink
CoIsOle1Class
OleCreateEx
OleCreate
OleLockRunning
CoGetMalloc
WriteClassStg
ReadOleStg
CoInitializeSecurity
PropVariantCopy
GetConvertStg
CoTaskMemAlloc
CoGetCurrentProcess
CoRegisterSurrogate
OleCreateFromData
ReadClassStg
CoQueryClientBlanket
IsEqualGUID
OleGetIconOfClass
FreePropVariantArray
ReleaseStgMedium
CoRevertToSelf
RevokeDragDrop
CoRegisterChannelHook
CoCreateFreeThreadedMarshaler
OleBuildVersion
CoGetInstanceFromFile
CreateAntiMoniker
OleSetContainedObject
OleDoAutoConvert
MonikerCommonPrefixWith
GetDocumentBitStg
GetHGlobalFromILockBytes
CoBuildVersion
CreateClassMoniker
ReadStringStream
CoIsHandlerConnected
StringFromIID
CoDisconnectObject
WriteClassStm
CoQueryProxyBlanket
OleSetAutoConvert
GetRunningObjectTable
UtGetDvtd16Info
CoGetCallContext
OleRegEnumFormatEtc
CoLockObjectExternal
WriteOleStg
CreateILockBytesOnHGlobal
StgSetTimes
CoQueryReleaseObject
CoGetStandardMarshal
CreateDataAdviseHolder
CreateOleAdviseHolder
StgOpenStorage
StgCreateDocfileOnILockBytes
OleCreateMenuDescriptor
WriteFmtUserTypeStg
CoGetCurrentLogicalThreadId
OleCreateEmbeddingHelper
OleUninitialize
CoRegisterPSClsid
CoTreatAsClass
OleRegGetUserType
OleMetafilePictFromIconAndLabel
MonikerRelativePathTo
StgIsStorageILockBytes
UtConvertDvtd16toDvtd32
OleSetClipboard
IsAccelerator
WriteStringStream
OleRun
OleDraw
CoReleaseServerProcess
StgCreateDocfile
CoGetTreatAsClass
CoReleaseMarshalData
CoRegisterMessageFilter
CoTaskMemRealloc
CoAddRefServerProcess
RegisterDragDrop
CoFileTimeToDosDateTime
CoRevokeMallocSpy
CoFreeAllLibraries
CoImpersonateClient
CreateDataCache
CoCreateInstanceEx
OleRegEnumVerbs

user32

EnumDisplaySettingsExW
SetWindowTextW
GetMenuItemID
FindWindowExW
CreateIconIndirect
FillRect
OpenDesktopA
GetClassWord
IsMenu
GetKeyNameTextA
GetMenuInfo
LoadStringA
ArrangeIconicWindows
GetPropA
GetClipboardData
ShowScrollBar
DrawMenuBar
DdeDisconnectList
GetUserObjectInformationA
PostMessageA
LoadCursorFromFileA
GetListBoxInfo
CreateMDIWindowW
SetProcessDefaultLayout
LoadKeyboardLayoutW
ReleaseCapture
GetThreadDesktop
GetProcessWindowStation
IsRectEmpty
CheckDlgButton
DefMDIChildProcA
GetLastActivePopup
PostMessageW
SetMessageQueue
ShowCaret
LoadMenuIndirectA
GetWindowRect
IsZoomed
GetMessageA
SwitchDesktop
GetKBCodePage
GetKeyboardLayout
GetGUIThreadInfo
EqualRect
GetCursorInfo
VkKeyScanExA
CreateMenu
SetRect
ChangeDisplaySettingsA
GetCaretBlinkTime
SetClassLongA
UnregisterDeviceNotification
DlgDirSelectExW
InvalidateRect
GetClassInfoExW
IsCharAlphaNumericW
GetMenuDefaultItem
DdeUnaccessData
DestroyAcceleratorTable
SetWindowLongA
GetDoubleClickTime
GetInputDesktop
DrawTextExA
CopyIcon
CheckMenuRadioItem
EmptyClipboard
GetWindowModuleFileNameA
DestroyCaret
CreateIcon
SetDlgItemInt
TrackPopupMenuEx
GetUserObjectInformationW
DdeCreateStringHandleW
SwitchToThisWindow
DdeConnectList
LoadMenuIndirectW
GetDlgItem
SetCursorPos
IsWindowUnicode
InsertMenuW
MsgWaitForMultipleObjectsEx
LoadImageA
IsChild
CreateDialogParamW
PostQuitMessage
SetParent
ToAsciiEx
SetSysColors
GetMenuState
GetClipboardFormatNameA
SubtractRect
SetUserObjectSecurity
CallWindowProcW
DdeEnableCallback
GetActiveWindow
GetClipboardFormatNameW
DrawEdge
SetKeyboardState
GetMenuItemInfoA
IntersectRect
VkKeyScanW
InvertRect
BroadcastSystemMessage
GetComboBoxInfo
GetKeyboardLayoutNameA
SetMenuContextHelpId
GetMenuStringW
ModifyMenuW
DeferWindowPos
FindWindowA
DrawStateA
CreateDialogIndirectParamW
GetKeyboardLayoutList
InSendMessage
ReleaseDC
EditWndProc
EndDeferWindowPos
SetFocus
GetCursor
EndPaint
CopyImage
CharLowerW
SetWindowRgn
GetMenuItemRect
SetWindowLongW
OpenInputDesktop
SetClassWord
ScrollDC
MapVirtualKeyExW
DdeQueryNextServer
SetWindowWord
CountClipboardFormats
GetClipCursor
DdeUninitialize

shlwapi

StrChrIA
PathIsUNCW
PathCompactPathA
StrFormatByteSize64A
PathMakePrettyA
StrCatBuffW
UrlHashA
UrlApplySchemeA
SHDeleteEmptyKeyA
PathGetCharTypeW
PathIsLFNFileSpecA
PathParseIconLocationA
SHSetValueW
SHRegCreateUSKeyA
PathIsNetworkPathW
SHRegGetBoolUSValueW
StrDupW
StrRChrIA
PathIsPrefixW
PathCommonPrefixA
PathIsSystemFolderW
SHOpenRegStream2W
SHSkipJunction
StrRetToStrW
PathAddBackslashA
PathIsDirectoryEmptyA
PathIsSameRootW
AssocQueryStringByKeyA
PathIsDirectoryW
SHRegEnumUSValueA
PathSearchAndQualifyA
StrRChrIW
UrlCreateFromPathW
SHRegGetBoolUSValueA
AssocQueryStringByKeyW
PathFindFileNameA
StrPBrkA
PathIsRootA
wvnsprintfW
StrRetToBufA
PathUnmakeSystemFolderA
SHStrDupA
PathCombineW
SHQueryValueExW
SHGetThreadRef
StrFormatKBSizeW
UrlEscapeA
PathRemoveExtensionW
UrlGetLocationA
PathRemoveExtensionA
StrCatW
SHEnumValueW
PathCommonPrefixW
StrCSpnA
StrCpyW
SHGetValueW
PathIsFileSpecA
SHRegDeleteEmptyUSKeyA
UrlCreateFromPathA
PathSetDlgItemPathW
SHRegGetUSValueA
PathAddBackslashW
PathIsUNCA
PathParseIconLocationW
PathIsContentTypeA
PathAppendW
PathCompactPathW
wnsprintfW
UrlUnescapeA
PathGetCharTypeA
StrStrIA
StrStrIW
SHEnumValueA
UrlIsOpaqueW
SHEnumKeyExA
SHRegGetUSValueW
UrlIsA
PathRemoveFileSpecW
StrNCatA
StrRetToBufW
StrSpnA
SHCopyKeyW
PathGetDriveNumberA
PathRemoveBlanksA
SHCreateShellPalette
StrFormatKBSizeA
UrlUnescapeW
StrTrimW
PathSetDlgItemPathA
PathUnquoteSpacesW
UrlIsW
StrCpyNW
SHRegCreateUSKeyW
SHCreateStreamOnFileW
StrToIntA
SHGetInverseCMAP
PathRemoveArgsA
SHRegWriteUSValueW
StrIsIntlEqualA
StrCSpnW
PathRenameExtensionA
SHGetValueA
SHRegOpenUSKeyW
StrFromTimeIntervalA
SHOpenRegStream2A
UrlHashW
GetMenuPosFromID
PathGetArgsW
PathIsContentTypeW
StrRChrA

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6ae63087122c070ca3f31dc1dce264df

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

ole32

user32

shlwapi

Sections

.text Size: 68KB - Virtual size: 67KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 512B - Virtual size: 4KB

.text
Size: 68KB - Virtual size: 67KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 512B - Virtual size: 4KB