dcb6561ffa689ffa466ae3a5d3e6107a9be73a878dc8dc25377736c11d356656

Sharing

Copy URL

Twitter E-mail

General

Target

dcb6561ffa689ffa466ae3a5d3e6107a9be73a878dc8dc25377736c11d356656
Size

507KB
MD5

63ea013d98e449f250ab65fe6fba47c0
SHA1

a9a68441eac520939781b9f827f9274333b6a1d5
SHA256

dcb6561ffa689ffa466ae3a5d3e6107a9be73a878dc8dc25377736c11d356656
SHA512

e7c29abb1a6cddd8a10b70a7b08b41ddb32e3d4fbf9d5066344ef7e98295b80dce6749558aa31b3fde635da341658447a99521303160a88de2a8d6561b6ca0c8
SSDEEP

12288:M8tfjytIuEG2g9hTfbjCvm6YcK9DGhEeQdjxC15pDFBaU/T:Mo2KohTfivLPK9U3

Score

N/A

Malware Config

Signatures

Files

dcb6561ffa689ffa466ae3a5d3e6107a9be73a878dc8dc25377736c11d356656
.exe windows x86

198a01dfc17c8330783666ccc75f54de

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoTaskMemFree
StgConvertPropertyToVariant
CoFileTimeNow
CreateBindCtx
CLSIDFromString
PropSysFreeString
CreateStreamOnHGlobal
PropSysAllocString
StgOpenStorage
CoGetClassObject
CoFreeUnusedLibraries
CoCreateInstance
CoUninitialize
PropVariantCopy
CoInitializeEx
StgPropertyLengthAsVariant
FreePropVariantArray
PropVariantClear
CoSetProxyBlanket
StgConvertVariantToProperty
StringFromGUID2
CoTaskMemAlloc
GetClassFile

msvcrt

swprintf
realloc
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
wcschr
wcscat
_except_handler3
wcscmp
_initterm
malloc
wcstombs
sprintf
fclose
??1type_info@@UAE@XZ
strcspn
mbstowcs
wcslen
swscanf
_CxxThrowException
_wcsupr
isalpha
?terminate@@YAXXZ
_stricmp
iswspace
wcsncpy
strchr
_wsplitpath
memmove
iswdigit
_itow
wcscspn
wcscpy
_wcslwr
free
_strnicmp
_onexit
__CxxFrameHandler
_adjust_fdiv
_errno
wcstoul
strncpy
fgets
_ultow
_wcsicmp
strtoul
__dllonexit
bsearch
wcsspn
_ftol
wcstod
isdigit
qsort
wcsncmp
wcstol
iswalpha
wcsrchr
_wfopen
isxdigit
towlower
toupper
towupper
wcsstr
??3@YAXPAX@Z
_wcsnicmp

kernel32

WaitForMultipleObjectsEx
InterlockedExchange
CreateDirectoryW
GetFileAttributesExW
SetErrorMode
TryEnterCriticalSection
FindFirstFileW
GetSystemTimeAsFileTime
ResetEvent
WaitForSingleObjectEx
WaitForMultipleObjects
GetDiskFreeSpaceExW
LocalFree
GetSystemInfo
HeapCreate
GetSystemDirectoryW
GetVersionExW
LeaveCriticalSection
GetLocaleInfoW
CreateEventW
CreateFileW
SetEvent
CreateFileMappingW
GetComputerNameW
WriteFile
ReadFileEx
GetFileSize
SetUnhandledExceptionFilter
QueryPerformanceCounter
MapViewOfFile
GetOverlappedResult
WaitForSingleObject
FileTimeToSystemTime
SetNamedPipeHandleState
OpenProcess
GlobalFree
FindNextFileW
GlobalLock
GetSystemDefaultLCID
FlushViewOfFile
CompareStringW
SetLastError
GetLastError
DisconnectNamedPipe
GetLogicalDrives
ReleaseMutex
CancelIo
SetPriorityClass
GetThreadTimes
SetFileAttributesW
HeapSize
OpenEventW
CreateNamedPipeW
DeleteCriticalSection
SwitchToThread
GetExitCodeProcess
LocalAlloc
SetThreadPriority
QueryDosDeviceW
InterlockedIncrement
lstrlenA
GetModuleFileNameW
WaitNamedPipeW
HeapAlloc
CompareFileTime
WideCharToMultiByte
QueueUserAPC
ReadProcessMemory
SleepEx
DeleteFileW
GetStringTypeW
GetDriveTypeW
GlobalAlloc
GetThreadLocale
LoadLibraryA
GetVolumeInformationW
SetProcessWorkingSetSize
SetCurrentDirectoryW
ExpandEnvironmentStringsW
WriteFileEx
SearchPathW
VirtualFree
GetThreadPriority
HeapFree
GetCPInfo
IsDBCSLeadByteEx
GetOEMCP
DuplicateHandle
GetSystemTime
SystemTimeToFileTime
GetCurrentProcess
GetCurrentDirectoryW
PeekNamedPipe
GetCurrentThread
LocalFileTimeToFileTime
SetEndOfFile
FormatMessageW
LCMapStringW
ConnectNamedPipe
FlushFileBuffers
OpenFileMappingW
DeviceIoControl
SetThreadLocale
GlobalUnlock
GetUserDefaultLCID
UnmapViewOfFile
GetDiskFreeSpaceW
GetLongPathNameW
GetACP
SetFilePointer
LoadLibraryExW
CloseHandle
GetTickCount
CreateThread
GetLocalTime
ReadFile
FoldStringW
IsValidLocale
TransactNamedPipe
EnterCriticalSection
GetProcAddress
VirtualUnlock
HeapDestroy
FindClose
IsBadWritePtr
GetSystemPowerStatus
MultiByteToWideChar
GetCurrentProcessId
ResumeThread
InitializeCriticalSectionAndSpinCount
CreateMutexW
FreeLibrary
RemoveDirectoryW
InterlockedDecrement
GetCalendarInfoW
GetFileAttributesW

advapi32

AddAccessAllowedAce
ImpersonateLoggedOnUser
LsaRetrievePrivateData
RegSetValueExW
RegEnumValueW
AllocateAndInitializeSid
ChangeServiceConfigW
ControlService
GetSecurityDescriptorLength
QueryServiceStatus
QueryServiceConfigW
OpenThreadToken
RegOpenKeyExW
SetSecurityDescriptorSacl
InitializeSecurityDescriptor
RegDeleteValueW
RevertToSelf
RegisterEventSourceW
LsaCreateSecret
ImpersonateNamedPipeClient
AccessCheck
FreeSid
OpenServiceW
AddAce
StartServiceW
LsaFreeMemory
SetNamedSecurityInfoW
ReportEventW
RegQueryInfoKeyW
RegCloseKey
SetSecurityDescriptorOwner
LsaSetSecret
LsaClose
SetSecurityDescriptorDacl
RegEnumKeyExW
RegisterServiceCtrlHandlerExW
GetUserNameW
LogonUserW
RegOpenKeyW
SetSecurityDescriptorGroup
RegQueryValueExW
RegConnectRegistryW
RegOpenKeyA
LsaOpenPolicy
DeregisterEventSource
RegDeleteKeyW
SetServiceStatus
RegCreateKeyExW
CopySid
RegEnumKeyW
LsaOpenSecret
OpenSCManagerW
CloseServiceHandle
InitializeAcl
LsaNtStatusToWinError
GetLengthSid
SetFileSecurityW
GetNamedSecurityInfoW

rpcrt4

CStdStubBuffer_Disconnect
NdrOleAllocate
NdrDllUnregisterProxy
NdrOleFree
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Invoke
CStdStubBuffer_AddRef
IUnknown_QueryInterface_Proxy
CStdStubBuffer_Connect
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_QueryInterface
NdrDllRegisterProxy
IUnknown_AddRef_Proxy
UuidFromStringW
NdrCStdStubBuffer_Release
NdrDllGetClassObject
IUnknown_Release_Proxy
CStdStubBuffer_DebugServerQueryInterface

ntdll

RtlCaptureStackBackTrace
NtCreateFile
NtOpenFile
RtlQueryRegistryValues
NtCancelIoFile
RtlFreeHeap
NtCreateEvent
NtDeviceIoControlFile
RtlUnicodeStringToOemString
RtlOemStringToUnicodeString
NtFsControlFile
NtSetInformationFile
NtQueryInformationFile
RtlInitAnsiString
RtlInitUnicodeString
NtQuerySystemTime
NtClose
NtQueryInformationToken
NtQuerySecurityObject
NtOpenKey
NtQueryDirectoryFile
RtlDosPathNameToNtPathName_U
NtQueryVolumeInformationFile
RtlUpcaseUnicodeChar
NtDuplicateToken
NtOpenThreadToken
NtWaitForSingleObject
NtQueryInformationProcess
NtOpenProcessToken
NtNotifyChangeDirectoryFile
NtQuerySystemInformation
NtNotifyChangeKey
RtlNtStatusToDosError

user32

PeekMessageW
wsprintfW
UnregisterDeviceNotification
TranslateMessage
GetLastInputInfo
MsgWaitForMultipleObjects
RegisterDeviceNotificationW
DispatchMessageW

shell32

SHBindToParent
SHGetDesktopFolder

Sections

.9618ds
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.B^br5
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.@#RFER
Size: 171KB - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.N^UHQt
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.h46asrg
Size: 176KB - Virtual size: 175KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.64h4aer
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

198a01dfc17c8330783666ccc75f54de

Headers

File Characteristics

Imports

ole32

msvcrt

kernel32

advapi32

rpcrt4

ntdll

user32

shell32

Sections

.9618ds Size: 2KB - Virtual size: 1KB

.B^br5 Size: 512B - Virtual size: 2B

.@#RFER Size: 171KB - Virtual size: 170KB

.N^UHQt Size: 58KB - Virtual size: 57KB

.h46asrg Size: 176KB - Virtual size: 175KB

.64h4aer Size: 97KB - Virtual size: 97KB

.9618ds
Size: 2KB - Virtual size: 1KB

.B^br5
Size: 512B - Virtual size: 2B

.@#RFER
Size: 171KB - Virtual size: 170KB

.N^UHQt
Size: 58KB - Virtual size: 57KB

.h46asrg
Size: 176KB - Virtual size: 175KB

.64h4aer
Size: 97KB - Virtual size: 97KB