7e7cebabd11ad8e358d329f869ba1c5faad01fbee1a3947de3fcbea8f3946542

Sharing

Copy URL Twitter E-mail

General

Target

7e7cebabd11ad8e358d329f869ba1c5faad01fbee1a3947de3fcbea8f3946542
Size

859KB
MD5

6eceb02e9956a78008b88be121e92a80
SHA1

90b091f4f610e4525865ef16111f864b0fd81344
SHA256

7e7cebabd11ad8e358d329f869ba1c5faad01fbee1a3947de3fcbea8f3946542
SHA512

73fedceb12408257a143ebab81662c68355a790bada758e40e3a35fd18fa98e17c5ce5e98cee9052b26eb586a6627a9816f4c9883add981ea90af817fdd9add4
SSDEEP

24576:bjhOkIDtseAw+41l9vcINP8Zb8UkOmn+tVsCZCAR/5I:n1IKH4Dz0QUbmnCVsCwA/

Score

N/A

Malware Config

Signatures

Files

7e7cebabd11ad8e358d329f869ba1c5faad01fbee1a3947de3fcbea8f3946542
.exe windows x86

a370fac18721d427bc7bf45e8f9e6469

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

inetcomm

MimeOleFileTimeToInetDate
MimeOleSMimeCapAddSMimeCap
MimeOleCreateByteStream
MimeOleSMimeCapsFull
MimeOleGetCodePageCharset
MimeOleSMimeCapInit
MimeOleSetPropW
MimeOleUnEscapeStringInPlace
MimeOleGetExtContentType
HrGetAttachIconByFile
MimeOleGetFileInfoW
MimeOleCreateSecurity
HrAthGetFileNameW
MimeOleStripHeaders
EssReceiptEncodeEx
MimeOleSMimeCapsToDlg
HrSaveAttachmentAs
MimeOleFindCharset
EssKeyExchPreferenceDecodeEx
MimeEditCreateMimeDocument
EssReceiptDecodeEx
MimeOleGetBodyPropA
GetDllMajorVersion
MimeEditDocumentFromStream
EssSecurityLabelDecodeEx
MimeOleParseMhtmlUrl
MimeOleObjectFromMoniker
MimeOleGetPropA
EssReceiptRequestDecodeEx
MimeOleSetDefaultCharset
EssContentHintDecodeEx

kernel32

EnumDateFormatsW
EnumCalendarInfoExA
GetShortPathNameA
QueryDosDeviceW
GetWriteWatch
RequestDeviceWakeup
GetConsoleTitleA
SetConsoleWindowInfo
LoadLibraryA
LocalHandle
GetBinaryTypeW
WriteConsoleInputW
GetConsoleAliasExesW
CancelDeviceWakeupRequest
HeapReAlloc
FindNextVolumeW
CreateWaitableTimerA
SystemTimeToFileTime
GetShortPathNameW
ReadConsoleW
GetOEMCP
ConnectNamedPipe
WriteConsoleOutputCharacterW
lstrcmpiW
GetDiskFreeSpaceA
CreateNamedPipeW
SetFileShortNameA
GetDefaultCommConfigW
CompareStringW
WTSGetActiveConsoleSessionId
OpenMutexW
SetFileAttributesW
QueryPerformanceCounter
AllocConsole
_lcreat
VirtualAlloc
CreateRemoteThread
SetConsoleCursorPosition
GetConsoleKeyboardLayoutNameA
CreateTapePartition
TlsFree
EnumResourceLanguagesW
GetPrivateProfileSectionNamesA
SetCommState
SetTimerQueueTimer

dnsapi

DnsCreateReverseNameStringForIpAddress
DnsFindAuthoritativeZone
DnsModifyRecordsInSet_W
DnsApiFree
Dns_ReadPacketNameAllocate
Dns_OpenTcpConnectionAndSend
Dns_CloseSocket
DnsNameCompare_UTF8
Query_Main
DnsApiRealloc
DnsFlushResolverCacheEntry_A
GetCurrentTimeInSeconds
Dns_FindAuthoritativeZoneLib
DnsGetPrimaryDomainName_A
DnsRegisterClusterAddress
DnsAcquireContextHandle_A
DnsModifyRecordsInSet_A
DnsAllocateRecord
Dns_CreateMulticastSocket
DnsMapRcodeToStatus
Dns_ReadPacketName
DnsNameCompare_A
DnsGetCacheDataTable
DnsNameCompareEx_W
DnsExtractRecordsFromMessage_W
DnsIsAMailboxType
DnsValidateUtf8Byte
DnsRecordSetCopyEx
DnsNameCopy
Dns_SkipPacketName
DnsUpdateTest_A
NetInfo_Copy
DnsDowncaseDnsNameLabel
DnsQueryConfigDword
DnsQuery_W

ntdll

RtlDumpResource
RtlLargeIntegerShiftRight
RtlCompareString
ZwCreateDirectoryObject
ZwAdjustGroupsToken
RtlMakeSelfRelativeSD
_ltoa
RtlSetThreadIsCritical
ZwNotifyChangeMultipleKeys
RtlImageRvaToSection
_splitpath
ZwQueryTimerResolution
NtFlushBuffersFile
RtlFlushSecureMemoryCache
ZwLoadDriver
NtOpenJobObject
NtSetInformationProcess
NtNotifyChangeDirectoryFile
RtlQueryRegistryValues
ZwOpenProcessTokenEx
RtlNewSecurityObjectWithMultipleInheritance
NtAddBootEntry
NtSetInformationFile
ZwImpersonateThread
RtlSetHeapInformation
ZwOpenSection
_allrem
LdrInitShimEngineDynamic
RtlFindMostSignificantBit

user32

SetWindowLongA
AppendMenuA
SetUserObjectSecurity
VkKeyScanA
ChangeClipboardChain
UserLpkTabbedTextOut
RemovePropW
GetClipboardOwner
GetWindowRgnBox
GetKeyNameTextA
TabbedTextOutA
IMPSetIMEW
DrawTextA
SetMessageExtraInfo
SetMessageQueue
FindWindowExA
UnhookWindowsHook
MonitorFromRect
GetRawInputDeviceInfoW
LoadMenuA
LockSetForegroundWindow
EqualRect
DialogBoxIndirectParamA
UserHandleGrantAccess
ScreenToClient
GetDC
EnumPropsA
SetTimer
ClientThreadSetup
AttachThreadInput
GetPropA
CheckRadioButton

crypt32

CertUnregisterPhysicalStore
CertIsRDNAttrsInCertificateName
CryptExportPublicKeyInfoEx
RegEnumValueU
CertFindSubjectInSortedCTL
RegOpenHKCUKeyExU
RegCreateKeyExU
CryptEnumProvidersU
CryptAcquireCertificatePrivateKey
CertFindCTLInStore
CryptDecodeObject
CertOpenSystemStoreW
CertFindRDNAttr
CryptVerifyMessageSignatureWithKey
CertControlStore
CertVerifyCRLTimeValidity
CryptMsgVerifyCountersignatureEncodedEx
I_CryptCreateLruEntry
CryptEncodeObjectEx
CryptSIPPutSignedDataMsg
CryptMsgClose
CertFindChainInStore
CryptQueryObject
I_CryptCreateLruCache
CertNameToStrW
CryptMsgCountersign
CryptGetOIDFunctionAddress
CryptFindLocalizedName
CryptFindOIDInfo
RegSetValueExU
PFXVerifyPassword
CryptInstallDefaultContext
CryptGetOIDFunctionValue

setupapi

CM_Get_Hardware_Profile_Info_ExA
SetupFindNextLine
CM_Add_ID_ExA
CM_Get_Class_Name_ExW
SetupLogFileA
SetupDiCreateDevRegKeyW
SetupDiGetDeviceInterfaceDetailA
CM_Get_Version
CM_Register_Device_InterfaceA
pSetupAccessRunOnceNodeList
SetupGetFileQueueCount
pSetupVerifyQueuedCatalogs
SetupDiGetDeviceInstallParamsA
CM_Get_Next_Res_Des
SetupSetPlatformPathOverrideW
CM_Get_Resource_Conflict_Count
SetupAddToSourceListW
CM_Is_Version_Available_Ex
CM_Remove_SubTree_Ex
CM_Setup_DevNode
CM_Set_DevNode_Problem
CM_Free_Resource_Conflict_Handle
SetupDiClassGuidsFromNameExW
SetupRemoveFromDiskSpaceListW
CM_Open_DevNode_Key
SetupDiDestroyClassImageList

Sections

.text
Size: 362KB - Virtual size: 362KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 361KB - Virtual size: 361KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 132KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a370fac18721d427bc7bf45e8f9e6469

Headers

DLL Characteristics

File Characteristics

Imports

inetcomm

kernel32

dnsapi

ntdll

user32

crypt32

setupapi

Sections

.text Size: 362KB - Virtual size: 362KB

.rdata Size: 361KB - Virtual size: 361KB

.data Size: 132KB - Virtual size: 1.6MB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 362KB - Virtual size: 362KB

.rdata
Size: 361KB - Virtual size: 361KB

.data
Size: 132KB - Virtual size: 1.6MB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1024B - Virtual size: 1024B