dd9ba29e39f279589c477f7044c31cf5f9b85c6edb5b7ce5a3bdd6ca3a854a70

Sharing

Copy URL

Twitter E-mail

General

Target

dd9ba29e39f279589c477f7044c31cf5f9b85c6edb5b7ce5a3bdd6ca3a854a70
Size

192KB
MD5

631099792acfdeba2ae932a7978f54a6
SHA1

5c37f8c0e13375cca7f7ce2e9a96a19f7ef3a70b
SHA256

dd9ba29e39f279589c477f7044c31cf5f9b85c6edb5b7ce5a3bdd6ca3a854a70
SHA512

4bd71a9749dbbada69a536488de9e363005a805415e88a384f3749ecc8fb0fc6bbc3c67a94d4d7bb13934019a68b7080970e571c695680a40b743e4bc7622eba
SSDEEP

3072:8K5hkw3UT6SMhSl/VuyBzNVu5KT2Uj+TDdRJfkpkercz5PWVlI7I5:RkwClw4tfr05KpcRJcpkQcVPWVlD

Score

N/A

Malware Config

Signatures

Files

dd9ba29e39f279589c477f7044c31cf5f9b85c6edb5b7ce5a3bdd6ca3a854a70
.exe windows x86

b9765715b87918471ff72e91c298cfdb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

urlmon

URLOpenPullStreamW
FindMediaTypeClass
CoInternetCreateZoneManager
FaultInIEFeature
GetComponentIDFromCLSSPEC
BindAsyncMoniker
IsJITInProgress
CoInternetCombineUrl
UrlMkSetSessionOption
UrlMkGetSessionOption
CoInternetGetSession
FindMediaType
URLOpenPullStreamA
URLDownloadToCacheFileW
Extract
MkParseDisplayNameEx
URLDownloadA
RevokeBindStatusCallback
URLDownloadToCacheFileA
CoGetClassObjectFromURL
CoInternetCreateSecurityManager
URLOpenBlockingStreamA
FindMimeFromData
URLOpenStreamA

query

CICreateCommand
CollectCIISAPIPerformanceData
CITextToFullTree
SetupCache
LocateCatalogsA
EndCacheTransaction
InitializeCIISAPIPerformanceData
DoneFILTERPerformanceData
CIMakeICommand

kernel32

GetTempPathW
FileTimeToSystemTime
WriteProfileSectionA
GetPriorityClass
GetTimeFormatW
IsProcessorFeaturePresent
ExpandEnvironmentStringsW
SetThreadAffinityMask
VerSetConditionMask
CancelDeviceWakeupRequest
FreeUserPhysicalPages
GetCommTimeouts
GetSystemDefaultLangID
GetProfileStringW
GetProcessHeap
DeleteTimerQueueEx
RequestWakeupLatency
EnumResourceTypesA
ExitProcess
WaitForSingleObject
GetProcessTimes
LocalFileTimeToFileTime
IsValidLocale
GetNumberFormatA
InterlockedCompareExchange
FreeLibraryAndExitThread
IsSystemResumeAutomatic
GetPrivateProfileStructW
GetHandleInformation
WritePrivateProfileStructA
LockResource
EnumUILanguagesA
RemoveDirectoryA

shell32

ShellExecuteA
ShellExecuteExW
SHCreateProcessAsUserW
SHGetSettings
RegenerateUserEnvironment
SHQueryRecycleBinW
SHBindToParent
RealShellExecuteW
ExtractAssociatedIconExA
ShellHookProc
SHBrowseForFolderW
SHGetDiskFreeSpaceA
SHGetFolderPathW
ShellAboutW
SHGetSpecialFolderPathA
CheckEscapesW
SHChangeNotify
SHFreeNameMappings
SHFileOperationW
DragAcceptFiles
SHGetSpecialFolderPathW
SHUpdateRecycleBinIcon
ExtractAssociatedIconW
SHFileOperationA
DragQueryFileW
SHEmptyRecycleBinW
SHInvokePrinterCommandA
SHGetMalloc
InternalExtractIconListA

samlib

SamEnumerateGroupsInDomain
SamQueryDisplayInformation
SamiLmChangePasswordUser
SamiEncryptPasswords
SamQueryInformationGroup
SamTestPrivateFunctionsDomain
SamOpenGroup
SamSetMemberAttributesOfGroup
SamOpenAlias
SamDeleteAlias
SamiSetBootKeyInformation
SamGetMembersInGroup
SamRemoveMemberFromForeignDomain
SamCreateAliasInDomain
SamDeleteUser
SamCloseHandle
SamEnumerateDomainsInSamServer
SamQueryInformationUser
SamLookupNamesInDomain
SamShutdownSamServer
SamCreateUser2InDomain
SamCreateUserInDomain
SamSetInformationUser
SamChangePasswordUser2
SamRemoveMemberFromAlias
SamConnectWithCreds
SamSetInformationGroup

advpack

LaunchINFSection
RegInstall
GetVersionFromFileEx
DoInfInstall
FileSaveMarkNotExist
ExtractFiles
LaunchINFSectionEx
RebootCheckOnInstall

comdlg32

ReplaceTextA
PrintDlgExA
PageSetupDlgA
GetOpenFileNameW
GetFileTitleA
Ssync_ANSI_UNICODE_Struct_For_WOW
ChooseFontA
PrintDlgA
PageSetupDlgW
ReplaceTextW
GetFileTitleW
GetOpenFileNameA
dwOKSubclass

comctl32

ImageList_BeginDrag
ImageList_SetFilter
DestroyPropertySheetPage
FlatSB_SetScrollProp
ImageList_GetIconSize
ImageList_Write
ImageList_DrawIndirect
CreatePropertySheetPageW
FlatSB_ShowScrollBar
ImageList_DragLeave

advapi32

SystemFunction022
DeleteAce
GetUserNameA
LsaRemoveAccountRights

imm32

ImmUnregisterWordW
ImmRequestMessageA
ImmSetHotKey
ImmShowSoftKeyboard
ImmSetStatusWindowPos
ImmRegisterWordW
ImmRequestMessageW
ImmDestroySoftKeyboard
ImmGetIMCLockCount
ImmSimulateHotKey
ImmCreateIMCC
ImmGetDescriptionA
ImmSetCompositionFontA
ImmGetStatusWindowPos
ImmGetDescriptionW
ImmEscapeW
ImmGetDefaultIMEWnd
ImmGetIMCCLockCount
ImmUnregisterWordA

user32

GetCursorPos
GetFocus
CallMsgFilterA

ws2_32

htons
WSAGetServiceClassInfoW
__WSAFDIsSet
setsockopt
WSALookupServiceBeginA
getprotobynumber
send
WSAAddressToStringA
WSACreateEvent
WSAAccept
WSALookupServiceNextA
WSAGetServiceClassNameByClassIdW

clusapi

GetClusterResourceTypeKey
ClusterRegGetKeySecurity
ClusterResourceTypeCloseEnum
AddClusterResourceDependency

Sections

.text
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 243KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b9765715b87918471ff72e91c298cfdb

Headers

File Characteristics

Imports

urlmon

query

kernel32

shell32

samlib

advpack

comdlg32

comctl32

advapi32

imm32

user32

ws2_32

clusapi

Sections

.text Size: 58KB - Virtual size: 57KB

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 32KB - Virtual size: 243KB

.rsrc Size: 81KB - Virtual size: 81KB

.data Size: 5KB - Virtual size: 5KB

.text
Size: 58KB - Virtual size: 57KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 32KB - Virtual size: 243KB

.rsrc
Size: 81KB - Virtual size: 81KB

.data
Size: 5KB - Virtual size: 5KB