0ce1dfea495bf3263e332d9b6d5a7cec25c65de2c5e6f940fcdfe82fcb2a4498

Sharing

Copy URL Twitter E-mail

General

Target

0ce1dfea495bf3263e332d9b6d5a7cec25c65de2c5e6f940fcdfe82fcb2a4498
Size

29KB
MD5

66a90fdebacc70a662fe409aa7316633
SHA1

811335083167ddc0e95270691d405ae1b56ab61c
SHA256

0ce1dfea495bf3263e332d9b6d5a7cec25c65de2c5e6f940fcdfe82fcb2a4498
SHA512

c96c8f4a57dc835db34a14e00e0beb667cded718be4b389f03dd267c510d4fdfaba0bc583995700f1109676cacc0e34c5c8508a6c035e0fc8ce470d293f4e615
SSDEEP

384:57FXVpP3fzN5Vw3uTYjc6FYU37kMAxWjAaTkxMwsRou0OjVN9CpNGrQeAMwAAOzE:57FXLRwwYo6SUyyuMHouMaMpMeOL0

Score

N/A

Malware Config

Signatures

Files

0ce1dfea495bf3263e332d9b6d5a7cec25c65de2c5e6f940fcdfe82fcb2a4498
.exe windows x86

8e33be99b55d1099f9273bcda812e946

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

opengl32

glVertex4s
glGetTexParameterfv
glIndexPointer
glMaterialiv
glColor4f
glIndexMask
glAlphaFunc
wglGetLayerPaletteEntries
glTexCoord1d
glVertex4f
glNormal3dv
wglUseFontOutlinesW
glIsEnabled
glTexCoord3fv
glEvalCoord1dv
glScissor
glEvalCoord1f
glPixelMapuiv
glDepthRange
glRasterPos3i
glDepthMask
glColor4b
GlmfInitPlayback
glTexCoord2iv
GlmfPlayGlsRecord
glTexEnvi
glNormal3bv
glStencilFunc
glTexSubImage1D
glVertex2sv
glLightModeli
glIndexubv
glVertex2i

ole32

SetDocumentBitStg
MkParseDisplayName
CoGetDefaultContext
CoGetStdMarshalEx
PropSysFreeString
CoFreeUnusedLibraries
OleQueryCreateFromData
ComPs_NdrDllCanUnloadNow
WriteClassStg
OleDuplicateData
HBITMAP_UserSize
PropStgNameToFmtId
StgOpenPropStg
WriteClassStm
IsAccelerator
UtGetDvtd32Info
OleUninitialize
CoAllowSetForegroundWindow
OleMetafilePictFromIconAndLabel
CoGetCurrentProcess
StgGetIFillLockBytesOnILockBytes
CoInitialize
HGLOBAL_UserFree
OleCreateEx
OleCreateLink
OleCreateFromData
HGLOBAL_UserMarshal
OleConvertOLESTREAMToIStorage
CoMarshalHresult
OleLockRunning
CoRegisterSurrogate
CoUninitialize
StgCreatePropSetStg
OleGetIconOfFile
OpenOrCreateStream
CLIPFORMAT_UserFree
OleSetContainedObject
PropSysAllocString
SNB_UserSize
StgCreateStorageEx
CreateAntiMoniker

kernel32

AllocateUserPhysicalPages
GetLocaleInfoA
LCMapStringW
PeekNamedPipe
MultiByteToWideChar
EnumResourceTypesW
SetComputerNameA
GetProcessPriorityBoost
GetHandleContext
SetConsoleWindowInfo
QueueUserAPC
GetWindowsDirectoryA
CreateNamedPipeA
GetWindowsDirectoryW
GetComputerNameExA
CreateJobObjectW
GetStartupInfoW
OpenSemaphoreA
GetComputerNameW
GetThreadPriorityBoost
VirtualAlloc
DosPathToSessionPathW
ExitVDM
GetCurrentActCtx
SetFirmwareEnvironmentVariableW
TerminateThread
SetConsoleTitleW
EnumResourceNamesA
GetBinaryType
GlobalHandle
GetProfileIntW
UnregisterConsoleIME
OpenFile
EraseTape
FlushFileBuffers
GetPrivateProfileSectionW
GetFirmwareEnvironmentVariableA
FindFirstVolumeMountPointA
CreateMutexA
ExitThread
GetProcessTimes
GetProcessIoCounters
GetPrivateProfileStringW
CreateDirectoryW
FormatMessageW
SetConsoleCP

psapi

GetDeviceDriverFileNameW
EnumProcesses
GetWsChanges
EnumPageFilesA
EnumPageFilesW
EmptyWorkingSet
GetModuleInformation
GetDeviceDriverFileNameA
GetProcessImageFileNameA
EnumDeviceDrivers
GetMappedFileNameW
QueryWorkingSet
GetDeviceDriverBaseNameA
GetModuleFileNameExW
GetModuleFileNameExA
GetModuleBaseNameW
GetPerformanceInfo
GetDeviceDriverBaseNameW
InitializeProcessForWsWatch
GetModuleBaseNameA
GetProcessImageFileNameW
GetMappedFileNameA
EnumProcessModules
GetProcessMemoryInfo

ntdll

NtQueryQuotaInformationFile
NtWaitForKeyedEvent
ZwAddBootEntry
NtQueryMutant
RtlEnumProcessHeaps
RtlHashUnicodeString
_alldiv
RtlClearBits
RtlRestoreLastWin32Error
RtlDuplicateUnicodeString
RtlSetTimer
ZwDelayExecution
RtlImageNtHeader
DbgPrompt
RtlCutoverTimeToSystemTime
RtlSetThreadIsCritical
RtlCompareString
ZwCreateKeyedEvent
ZwOpenObjectAuditAlarm
ZwVdmControl
RtlFindClearBitsAndSet
RtlGetFrame
ZwSetDefaultUILanguage
NtInitializeRegistry
ZwLockFile
ZwDuplicateObject
RtlCaptureContext
LdrInitShimEngineDynamic
RtlDosPathNameToNtPathName_U
RtlProtectHeap
wcscspn
NtOpenThreadToken
RtlAddAuditAccessObjectAce
LdrLockLoaderLock
NtReplyPort
NtSetLdtEntries
RtlGUIDFromString
RtlIntegerToChar
RtlCompactHeap
NtCreateJobSet
_ltoa
RtlQueryInformationActivationContext
_wcslwr
RtlCreateUnicodeString
NtCreateToken
NtReadFile
RtlGetNtGlobalFlags
RtlEqualComputerName
NtCreateSection
DbgUiConnectToDbg
RtlApplicationVerifierStop
ZwSetBootEntryOrder
RtlEqualLuid
ZwOpenKey
iswxdigit
RtlImpersonateSelf
RtlSetLastWin32ErrorAndNtStatusFromNtStatus
ZwReadFile

comctl32

CreateStatusWindow
ImageList_Create
ImageList_DragMove
GetEffectiveClientRect
InitCommonControls
ImageList_SetDragCursorImage
FlatSB_ShowScrollBar
ImageList_SetOverlayImage
ImageList_DragShowNolock
ImageList_GetBkColor
FlatSB_SetScrollProp
ImageList_GetImageInfo
ImageList_GetFlags
ImageList_GetIconSize
DrawInsert
DrawStatusTextW
CreateUpDownControl
ImageList_DrawEx
LBItemFromPt
DllGetVersion
FlatSB_GetScrollProp
ImageList_SetBkColor
GetMUILanguage
ImageList_AddMasked
MakeDragList
ImageList_Draw
ImageList_DragLeave
ImageList_LoadImage
CreateToolbar
CreatePropertySheetPage
ImageList_Duplicate
DestroyPropertySheetPage
ImageList_Write
FlatSB_SetScrollInfo
ShowHideMenuCtl
CreateStatusWindowW
ImageList_GetImageRect
ImageList_SetIconSize

glmf32

glsGetConstiv
glsError
glsNumlv
glsUTF8toUCSz
glsUTF8toUCS4z
glsBeginCapture
glsDeleteReadPrefix
glsGetOpcodes
glsCallArray
glsFlush
glsPixelSetupGen
glsNumulv
glsCommandAPI
glsNumusv
glsGetConsti
glsBlock
glsNumfv
glsIsUTF8String
__glsString_appendChar
glsIsExtensionSupported
glsGenContext
glsNumf
glsChannel
glsNumubv
glsNumb
glsNumul
glsGetContextPointer
glsSwapBuffers
glsPixelSetup

msvcp60

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
?eq_int_type@?$char_traits@G@std@@SA_NABG0@Z
?do_curr_symbol@?$_Mpunct@G@std@@MBE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@2@XZ
??_8?$basic_ofstream@DU?$char_traits@D@std@@@std@@7B@
?get@?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV12@PAGH@Z
?neg_format@?$_Mpunct@D@std@@QBE?AUpattern@money_base@2@XZ
?do_is@?$ctype@G@std@@MBE_NFG@Z
wctrans
??0?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
??4?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAEAAV01@ABV01@@Z
??1?$basic_fstream@DU?$char_traits@D@std@@@std@@UAE@XZ
?close@?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAEXXZ
?real@?$_Complex_base@N@std@@QAENABN@Z
??_Fmoney_base@std@@QAEXXZ
?table_size@?$ctype@D@std@@2IB
?_Stinit@?1??_Init@?$basic_filebuf@DU?$char_traits@D@std@@@std@@IAEXPAU_iobuf@@W4_Initfl@23@@Z@4HA
??0domain_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAH@Z
?do_grouping@?$_Mpunct@D@std@@MBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??Kstd@@YA?AV?$complex@N@0@ABNABV10@@Z
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UAE@XZ
?epsilon@?$numeric_limits@H@std@@SAHXZ
?getloc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAE?AVlocale@2@XZ
??_7?$basic_streambuf@DU?$char_traits@D@std@@@std@@6B@
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??6std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@ABV?$complex@N@0@@Z
??_F?$moneypunct@G$0A@@std@@QAEXXZ
??_7?$moneypunct@G$0A@@std@@6B@
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PADH@Z
_LSnan
?seekp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@H@2@@Z
?compare@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEHIIABV12@II@Z
??1?$basic_ofstream@GU?$char_traits@G@std@@@std@@UAE@XZ
??_7?$basic_ifstream@GU?$char_traits@G@std@@@std@@6B@

mapistub

FEqualNames@8
SetAttribIMsgOnIStg@16
OpenIMsgSession@12
OpenStreamOnFile
ScUNCFromLocalPath@12
FGetComponentPath@20
UlAddRef@4
FixMAPI
WrapCompressedRTFStream@12
MNLS_IsBadStringPtrW@8
LPropCompareProp@8
FBadSortOrderSet@4
HrSzFromEntryID@12
BMAPIDetails
WrapProgress@20
MAPIDetails
FPropExists@8
GetOutlookVersion
DeregisterIdleRoutine@4
cmc_logoff
BMAPISaveMail
MNLS_lstrcpyW@8
MAPIOpenFormMgr@8
OpenStreamOnFile@24
LpValFindProp@12
MAPISendMail
OpenTnefStream@28
ScCopyNotifications@16
FBadRglpNameID@8
FBadRowSet@4
SwapPlong@8
BMAPIAddress
HrSetOmiProvidersFlagsInvalid@4

gdi32

RectVisible

sqlwoa

_GetSaveFileName@4
_GetFileTitle@12
_SetWindowText@8
_GetWindowTextLength@4
_GetDiskFreeSpaceEx@16
_GetObject@12
_LoadString@16
_GetWindowLong@8
newMultiByteFromWideChar
_DeleteFile@4
newMultiByteFromWideCharEx
_GetOpenFileName@4
_ExtTextOut@32
_tfopen
_GetWindowText@12
_GetTextExtentPoint32@16
_CallWindowProc@20
_MAKEINTRESOURCE@4
newWideCharFromMultiByte
_SetDlgItemText@12
_DrawText@20
_LoadMenu@8
_GetTextMetrics@8
_RemoveProp@8
ConvertMultiSZNameToW
_GetComputerName@8
_SetWindowLong@12
AllocConvertMultiSZNameToA

user32

MoveWindow
SetScrollPos
IsIconic

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 922B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8e33be99b55d1099f9273bcda812e946

Headers

DLL Characteristics

File Characteristics

Imports

opengl32

ole32

kernel32

psapi

ntdll

comctl32

glmf32

msvcp60

mapistub

gdi32

sqlwoa

user32

Sections

.text Size: 12KB - Virtual size: 11KB

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 1024B - Virtual size: 3KB

.rsrc Size: 1024B - Virtual size: 922B

.text
Size: 12KB - Virtual size: 11KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 1024B - Virtual size: 3KB

.rsrc
Size: 1024B - Virtual size: 922B