ebbc76a8151bd056e550d589d28331cdb80c586c6845732dd05cbce80520ceb8

Sharing

Copy URL

Twitter E-mail

General

Target

ebbc76a8151bd056e550d589d28331cdb80c586c6845732dd05cbce80520ceb8
Size

78KB
MD5

6a77f54065e702420e537dd9935fa1e9
SHA1

31d994f6a1f68795bbfcce6bdd645c6d46092e61
SHA256

ebbc76a8151bd056e550d589d28331cdb80c586c6845732dd05cbce80520ceb8
SHA512

c440d138f6c2e966b0ba0801dcf7fbde5bd342eb0bb488b508f742c729501bacaaeb20c7dd370bc9f390d5d8a26369c6d9d6af04cfd9d0b6552e14f83ccf3160
SSDEEP

1536:jTj4CfiPnTAXDOjerD7L52b1nLEheDd/o/FjH0IkPsysZQg0fQ:PEgk+DOarDiFNo/FL0Ikkysag0fQ

Score

N/A

Malware Config

Signatures

Files

ebbc76a8151bd056e550d589d28331cdb80c586c6845732dd05cbce80520ceb8
.exe windows x86

080f36284d0c7e41e319487ea426e877

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
lstrcpyW
GetSystemTime
CreateDirectoryA
InterlockedExchange
GetProcessHeap
GetModuleHandleW
FlushFileBuffers
ExitProcess
GetACP
GetCurrentThreadId
RaiseException
GetUserDefaultLCID
FormatMessageW
GetCurrentProcessId
GetStdHandle
QueryPerformanceCounter
GetCommandLineW
GetDriveTypeW
GetExitCodeThread
IsBadWritePtr
Sleep
LoadResource
lstrcmpA
VirtualAlloc
DisableThreadLibraryCalls
ReadFile
LCMapStringW
SetErrorMode
TlsFree
GetFileSize
GetCurrentDirectoryW
SetThreadPriority
OutputDebugStringW
InterlockedIncrement
SetFileAttributesW
GetDriveTypeA
HeapAlloc
GetCommandLineA
Thread32Next
GetThreadLocale
ResumeThread
GetFileType
GetLocaleInfoW
FindClose
GlobalLock
GetFullPathNameW
FindResourceW
WaitForSingleObject
GetVersion
GetCurrentProcess
GetSystemTimeAsFileTime
OpenEventA
GlobalAlloc
GetExitCodeProcess
lstrcpynA
SetUnhandledExceptionFilter
CreateMutexW
FindResourceA

msvcrt

_local_unwind2
realloc
strtok
isspace
_adjust_fdiv
strstr
fprintf
memset
sprintf
isalpha
??2@YAPAXI@Z
__CxxFrameHandler
_CxxThrowException
_ltoa
wcstoul
iswctype
rand
strncpy
wcscspn

version

GetFileVersionInfoA
GetFileVersionInfoW
VerLanguageNameA
VerQueryValueW
VerFindFileW
GetFileVersionInfoSizeW
GetFileVersionInfoSizeA
VerQueryValueA

oleaut32

SysReAllocStringLen
SafeArrayGetElement
SafeArrayUnaccessData
SysStringByteLen
RegisterTypeLib
VariantCopy
VariantInit
SafeArrayAccessData
VariantChangeType
SafeArrayCreate
CreateErrorInfo
SysAllocStringLen
OleLoadPicture
SetErrorInfo
SysAllocStringByteLen
LoadTypeLib
GetActiveObject
VariantCopyInd
SafeArrayPutElement

gdi32

ScaleWindowExtEx
ExtSelectClipRgn
SelectObject
CombineRgn
RealizePalette
CloseMetaFile
SetROP2
GetObjectA
GetMapMode
GetObjectType
RestoreDC
EndPage
CreateRectRgn
GetTextExtentPointW
GetDeviceCaps
StretchBlt
LineTo
SetPixel
CreateBitmap
GetTextAlign
SelectClipRgn

rpcrt4

RpcBindingSetAuthInfoW
RpcServerRegisterAuthInfoW
IUnknown_QueryInterface_Proxy
CStdStubBuffer_Invoke
CStdStubBuffer_DebugServerQueryInterface
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
RpcBindingVectorFree
IUnknown_AddRef_Proxy
RpcBindingSetAuthInfoExW
NdrOleFree
CStdStubBuffer_Connect
RpcBindingFromStringBindingW
RpcRaiseException
CStdStubBuffer_IsIIDSupported
RpcImpersonateClient
CStdStubBuffer_DebugServerRelease
NdrCStdStubBuffer2_Release
IUnknown_Release_Proxy
RpcStringBindingParseW
RpcBindingFree

shell32

SHGetSpecialFolderLocation
ShellExecuteExW
SHFileOperationW
SHGetSpecialFolderPathW
SHChangeNotify
SHGetPathFromIDListW
SHBindToParent
DragQueryFileW
SHGetFileInfoW
SHBrowseForFolderA
SHGetDesktopFolder
ShellExecuteW
ShellExecuteA

ole32

CoTaskMemFree
MkParseDisplayName
CreateILockBytesOnHGlobal
CoRevertToSelf
GetRunningObjectTable
CoReleaseMarshalData
OleRun
CLSIDFromString
CoGetMalloc
PropVariantClear
CreateBindCtx
CoTaskMemAlloc
ReleaseStgMedium
OleSaveToStream
PropVariantCopy
CoTaskMemRealloc
CoCreateInstance
CoMarshalInterThreadInterfaceInStream
StringFromGUID2
CoRegisterClassObject
StgCreateDocfileOnILockBytes
GetHGlobalFromStream
StgCreateDocfile
CreateDataAdviseHolder
CoDisconnectObject
OleLoadFromStream
CoRevokeClassObject
ProgIDFromCLSID
OleUninitialize
StgOpenStorage
StgIsStorageFile
WriteClassStm
CoSetProxyBlanket
CLSIDFromProgID
CoUninitialize
CoInitializeEx
CoCreateFreeThreadedMarshaler

comdlg32

ChooseFontW
GetFileTitleA
GetFileTitleW
FindTextA
GetSaveFileNameW
GetSaveFileNameA
ChooseColorW
ChooseColorA
PrintDlgA
GetOpenFileNameA
PageSetupDlgW
ChooseFontA
PrintDlgW
GetOpenFileNameW
PrintDlgExW
FindTextW
PageSetupDlgA
CommDlgExtendedError

comctl32

PropertySheetW
ImageList_Draw
InitCommonControlsEx
ImageList_Create
PropertySheetA
ImageList_ReplaceIcon
ImageList_Destroy
CreatePropertySheetPageW
InitCommonControls

user32

LoadStringW
DialogBoxParamA
EnumChildWindows
PostQuitMessage
PtInRect
CheckDlgButton
InflateRect
SetDlgItemTextW
FindWindowA
DrawTextA
CharNextA
RegisterClassW
UnhookWindowsHookEx
IntersectRect
GetSystemMenu
SetWindowTextA
GetClassNameW
GetWindowDC
GetWindowTextA
MoveWindow
IsWindowEnabled
GetCapture
SendDlgItemMessageA
GetClientRect
InvalidateRect
PostMessageA
LoadIconA
CharUpperA
GetWindowTextW
SendMessageA
GetKeyState
GetMessageW
LoadCursorA
IsDlgButtonChecked
CharNextW
BeginPaint
SetWindowLongW
RegisterClipboardFormatW
ReleaseDC
GetActiveWindow
LoadCursorW
GetDlgCtrlID
GetSubMenu
CreateDialogParamW
SendDlgItemMessageW
PeekMessageW
GetAsyncKeyState
GetSystemMetrics
GetMenu
SetDlgItemTextA
CallWindowProcW
LoadBitmapW
KillTimer
IsWindowVisible
ShowWindow
LoadBitmapA
GetParent
SetCursor
GetClassNameA
GetMessageA
DrawFocusRect
DrawIcon
GetFocus
RegisterClassExW
SetMenu
SetForegroundWindow
DestroyIcon
EndPaint
TranslateMessage
ClientToScreen
GetForegroundWindow
wsprintfW
GetWindow
WinHelpW
GetDC
SetTimer
FillRect
SetRect
SetFocus
IsRectEmpty
RegisterWindowMessageW
CheckMenuItem
CreatePopupMenu
RedrawWindow
UnregisterClassW
SystemParametersInfoW
DialogBoxParamW
IsIconic

shlwapi

PathFindFileNameA
PathRemoveFileSpecA
PathFindExtensionA
StrStrIW
StrCmpIW
PathIsRootW
StrRetToBufW
PathIsRelativeW
SHDeleteKeyA
PathStripToRootW
PathRemoveExtensionW
StrChrW
UrlUnescapeW
SHRegGetBoolUSValueW
UrlIsW
SHSetValueW
PathRemoveFileSpecW
PathRemoveBlanksW
StrChrIW
StrCpyNW
StrTrimW
StrCmpW
AssocQueryStringW
PathRemoveBackslashW
StrCmpNIW
SHDeleteKeyW
PathIsURLW
PathAddBackslashW
PathFileExistsW
PathFindFileNameW
StrToIntW
wnsprintfW
StrCatBuffW
PathCreateFromUrlW
PathGetDriveNumberW

advapi32

OpenProcessToken
UnlockServiceDatabase
QueryServiceStatus
RegisterTraceGuidsW
LockServiceDatabase
CryptGetHashParam
GetTraceLoggerHandle
AllocateAndInitializeSid
RegQueryValueExA
RegSetValueW
RegisterEventSourceW
RegCreateKeyExW
RegEnumKeyA
RegDeleteValueA
GetSidSubAuthority
RegEnumKeyExW
SetFileSecurityW
RegEnumKeyW
CryptHashData
RegQueryValueExW
GetSidLengthRequired
LsaQueryInformationPolicy
RegQueryInfoKeyA
RegCreateKeyA
CryptDestroyHash
CryptAcquireContextA
ChangeServiceConfigW
UnregisterTraceGuids
GetLengthSid
RegSetValueA
ImpersonateLoggedOnUser
RegNotifyChangeKeyValue
CheckTokenMembership
RevertToSelf
OpenServiceW
QueryServiceConfigW
GetSecurityDescriptorDacl
GetSecurityDescriptorLength
CloseServiceHandle
GetSidSubAuthorityCount

ntdll

RtlCreateAcl
swprintf
wcstoul
RtlCopySid
NtQueryObject
RtlLookupElementGenericTable
RtlAppendUnicodeStringToString
RtlAddAce
strchr
NtDeleteKey
RtlSubAuthorityCountSid
wcscmp
wcsncat
RtlGetOwnerSecurityDescriptor
RtlSetEnvironmentVariable
RtlNtStatusToDosError
DbgBreakPoint
NtSetValueKey
wcstol
RtlImageNtHeader
RtlxOemStringToUnicodeSize
NtOpenProcessToken
RtlUnicodeStringToOemString
RtlRaiseStatus
_vsnprintf
RtlUnicodeToMultiByteSize
RtlCopyUnicodeString
RtlGUIDFromString
RtlEqualUnicodeString
NtDelayExecution
RtlFreeSid
NtTerminateThread
RtlInitializeCriticalSectionAndSpinCount
memmove
RtlInitUnicodeString
RtlCompareMemory
NtPowerInformation
RtlAcquireResourceShared
RtlPrefixUnicodeString

Sections

.tls
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.textbss
Size: 512B - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.textbss
Size: 1024B - Virtual size: 1007B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

080f36284d0c7e41e319487ea426e877

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

version

oleaut32

gdi32

rpcrt4

shell32

ole32

comdlg32

comctl32

user32

shlwapi

advapi32

ntdll

Sections

.tls Size: 4KB - Virtual size: 3KB

.text Size: 68KB - Virtual size: 67KB

.textbss Size: 512B - Virtual size: 70KB

.textbss Size: 1024B - Virtual size: 1007B

.reloc Size: 1KB - Virtual size: 1KB

.tls
Size: 4KB - Virtual size: 3KB

.text
Size: 68KB - Virtual size: 67KB

.textbss
Size: 512B - Virtual size: 70KB

.textbss
Size: 1024B - Virtual size: 1007B

.reloc
Size: 1KB - Virtual size: 1KB