d1f22c1c4afd5952c00ee74fb4d84a079bb4d3c29f6cc844a8a530e482ed5500

Sharing

Copy URL Twitter E-mail

General

Target

d1f22c1c4afd5952c00ee74fb4d84a079bb4d3c29f6cc844a8a530e482ed5500
Size

770KB
MD5

5d81d00be4e7dc6bcb73373567010230
SHA1

b38975261e4ce4730d2bf1b07cdc57324fa5c8ac
SHA256

d1f22c1c4afd5952c00ee74fb4d84a079bb4d3c29f6cc844a8a530e482ed5500
SHA512

8b8255e5910c0387acf79e9679eed3ba5678c9e4fa57efa8a15935aede845941e214910bd22fdb949a0117835a1336671d493f72f8ef1fa81a35db02a7c3470b
SSDEEP

3072:S4yPZhAn/V9ez3FDXEHvyCzzEcGM/x31FCUMLwAj+oZIKQZC/zQJ0v9VF1:IzEK4QcGM/x31FCXEAjGczQsVP

Score

N/A

Malware Config

Signatures

Files

d1f22c1c4afd5952c00ee74fb4d84a079bb4d3c29f6cc844a8a530e482ed5500
.exe windows x86

7614c799acf226f83a0ad9d44d4537b3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

AccessCheckByTypeResultList
LsaEnumerateTrustedDomainsEx
MapGenericMask
OpenSCManagerW
RegCloseKey
RegOpenKeyExA
SetSecurityDescriptorOwner
CryptVerifySignatureA
ObjectCloseAuditAlarmA
OpenEncryptedFileRawA
ConvertStringSidToSidA
CopySid
GetNamedSecurityInfoW
InitiateSystemShutdownExA
OpenBackupEventLogA
ReadEventLogW
RegConnectRegistryA
RegCreateKeyExA
RegQueryValueExA
RegSetValueExA
SetPrivateObjectSecurityEx
DecryptFileW
GetNumberOfEventLogRecords
IsTokenRestricted
LookupPrivilegeDisplayNameW
RegQueryInfoKeyW
TrusteeAccessToObjectA
CryptAcquireContextA
GetAuditedPermissionsFromAclA
GetPrivateObjectSecurity
MakeSelfRelativeSD
ProcessTrace
RegOpenKeyExW
RegQueryValueExW
SetThreadToken
CloseServiceHandle
OpenSCManagerA
OpenServiceA
QueryServiceStatus
SetAclInformation
StartServiceA
AccessCheckByTypeAndAuditAlarmA
AllocateAndInitializeSid
BuildImpersonateTrusteeA
CryptSignHashA
ElfBackupEventLogFileW
GetSecurityDescriptorSacl
LsaRemoveAccountRights
OpenThreadToken
SystemFunction024
CryptDestroyKey
CryptExportKey
CryptGenKey
CryptReleaseContext
GetLengthSid
IsTextUnicode
LogonUserW
SetSecurityDescriptorControl
LsaSetTrustedDomainInformation
ClearEventLogA
CryptGetKeyParam
FileEncryptionStatusW
LsaQueryInformationPolicy
ObjectPrivilegeAuditAlarmW
ConvertToAutoInheritPrivateObjectSecurity
LsaRemovePrivilegesFromAccount
GetAclInformation
GetSecurityDescriptorDacl
GetTokenInformation
InitializeSecurityDescriptor
IsValidSecurityDescriptor
OpenProcessToken
RegRestoreKeyA
RegSetValueExW
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorSacl

gdi32

SetPixel
XFORMOBJ_bApplyXform
OffsetWindowOrgEx
CreateFontIndirectW
ExtTextOutA
GdiEntry8
GdiGetBatchLimit
GdiProcessSetup
GetTextExtentPointA
GetTextExtentPointI
ResetDCA
SetBkColor
SetRelAbs
SetTextColor
AnyLinkedFonts
EngMarkBandingSurface
ExtCreateRegion
Pie
BRUSHOBJ_hGetColorTransform
EngAssociateSurface
EngGetCurrentCodePage
EngUnlockSurface
GetCurrentObject
SetDIBits
SetSystemPaletteUse
SetTextAlign
bInitSystemAndFontsDirectoriesW
DeleteEnhMetaFile
GdiFullscreenControl
GetCharWidthFloatW
GetRgnBox
CombineTransform
CreateMetaFileW
DeleteObject
GetDeviceCaps
SetMetaRgn
XLATEOBJ_hGetColorTransform
SetGraphicsMode
GdiEntry4
GetBrushOrgEx
GdiValidateHandle
XLATEOBJ_cGetPalette

kernel32

VirtualAlloc
CloseHandle
CreateEventA
CreateIoCompletionPort
CreateTapePartition
CreateThread
FreeLibrary
GetCurrentProcess
GetCurrentThreadId
GetProcAddress
GetQueuedCompletionStatus
GlobalMemoryStatus
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
LoadLibraryA
LocalAlloc
LocalFree
OutputDebugStringA
PostQueuedCompletionStatus
ReadFile
ReleaseSemaphore
SetDefaultCommConfigW
SetEvent
Sleep
WaitForSingleObject
_lcreat
ExitProcess
GetACP
GetCPInfo
GetCommandLineA
GetEnvironmentStrings
GetFileType
GetOEMCP
GetStdHandle
GetVersion
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
MultiByteToWideChar
VirtualFree
WriteFile
CancelDeviceWakeupRequest
CreateFileW
GetCurrentProcessId
GetFileSizeEx
GetLocalTime
GetSystemTimeAsFileTime
GetTickCount
InterlockedCompareExchange
QueryPerformanceCounter
SetUnhandledExceptionFilter
TerminateProcess
UnhandledExceptionFilter
lstrlenW
CreateHardLinkA
FreeConsole
GetPrivateProfileStringW
GetProfileIntA
GetProfileStringA
GetShortPathNameA
ReadFileScatter
SetLocaleInfoA
Thread32Next
UpdateResourceA
WriteProfileStringA
WriteTapemark
_lwrite
lstrcmpA
lstrcpyA
lstrcpynA
lstrlenA
FormatMessageA
GetLongPathNameW
GlobalDeleteAtom
InterlockedExchangeAdd
Module32First
DeleteFileW
EnumResourceNamesA
ExpandEnvironmentStringsW
FindResourceA
GetFileAttributesW
GetFullPathNameW
GetLocaleInfoW
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcessHeap
GetSystemTime
GetUserDefaultUILanguage
GetVersionExW
HeapCreate
HeapDestroy
LoadLibraryW
Process32Next
SetCommConfig
UnmapViewOfFile
lstrcatW
lstrcmpiW
lstrcpyW
lstrcpynW
IsBadHugeReadPtr
LockResource
SwitchToFiber
BackupRead
ConvertThreadToFiber
FoldStringA
GetConsoleAliasesLengthA
GetCurrentThread
LCMapStringW
MulDiv
SetConsoleActiveScreenBuffer
SuspendThread
Toolhelp32ReadProcessMemory
WaitForMultipleObjects
WriteConsoleInputA
CreateDirectoryExA
DelayLoadFailureHook
DeviceIoControl
LocalSize
OutputDebugStringW
SetErrorMode
SetFileAttributesW
DisableThreadLibraryCalls
CompareStringW
CreateDirectoryW
FileTimeToSystemTime
FindNextFileW
GetConsoleAliasExesA
GetProfileIntW
LocalFileTimeToFileTime
VirtualQuery
_hwrite
DosDateTimeToFileTime
GetCommMask
GetComputerNameW
GetFileAttributesExA
GetFullPathNameA
GetTimeFormatW
OpenSemaphoreW
RemoveDirectoryA
SetProcessWorkingSetSize
SwitchToThread
CreateProcessA
DuplicateHandle
OpenMutexW
GetLastError
WideCharToMultiByte
DecodePointer
HeapSetInformation
GetStartupInfoW
IsValidCodePage
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
IsDebuggerPresent
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
SetConsoleCtrlHandler
IsProcessorFeaturePresent
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStringTypeW
HeapFree
HeapSize
RtlUnwind
HeapAlloc
HeapReAlloc

oleaut32

OleCreateFontIndirect
OleIconToCursor
VarUI4FromDec
VarAnd
VarR8Round
UnRegisterTypeLi
VarBoolFromStr
VarCyCmpR8
VarI1FromI2
OaBuildVersion
VarDateFromBool
VarDecFix
VarCyFromDisp
VarMonthName
VarR8FromI2
VarR8FromR4
VarUI4FromBool
BSTR_UserUnmarshal
OleLoadPictureEx
VarI4FromDisp
SafeArraySetRecordInfo
VarUI2FromDate

rpcrt4

I_RpcGetBufferWithObject
NdrConformantArrayFree
RpcMgmtEpEltInqNextW
RpcMgmtSetCancelTimeout
CreateProxyFromTypeInfo
I_RpcBindingInqTransportType
NdrSimpleTypeUnmarshall
I_RpcServerInqTransportType
NdrMesTypeAlignSize2
NdrStubCall2
UuidCreateSequential
NdrByteCountPointerUnmarshall
NdrConformantVaryingArrayMarshall
NdrFreeBuffer
I_RpcAllocate
I_RpcBindingToStaticStringBindingW
I_RpcFree
I_RpcFreeBuffer
I_RpcGetBuffer
I_RpcNsBindingSetEntryNameW
I_RpcRequestMutex
I_RpcSendReceive
NdrClientCall2
RpcBindingFree
RpcBindingFromStringBindingA
RpcBindingFromStringBindingW
RpcBindingToStringBindingW
RpcBindingVectorFree
RpcStringBindingComposeA
RpcStringBindingParseW
RpcStringFreeA
RpcStringFreeW
NdrUserMarshalSimpleTypeConvert
RpcNetworkIsProtseqValidA
NDRSContextUnmarshall2
NdrConformantArrayBufferSize
RpcEpResolveBinding
RpcStringBindingComposeW
UuidCreate
CStdStubBuffer_QueryInterface
IUnknown_QueryInterface_Proxy
NdrAllocate
NdrConformantStringMemorySize
NdrVaryingArrayBufferSize
RpcBindingSetOption
NdrClientInitializeNew
NdrConformantArrayMarshall
NdrConformantStringBufferSize
NdrConformantStringMarshall
NdrConformantStructMarshall
NdrConvert
NdrGetBuffer
NdrPointerBufferSize
NdrPointerMarshall
NdrPointerUnmarshall
NdrSendReceive
NdrSimpleStructBufferSize
NdrSimpleStructMarshall
NdrSimpleStructUnmarshall
RpcRaiseException
RpcSsSetClientAllocFree
UuidFromStringW

shell32

SHEmptyRecycleBinW
ShellHookProc
DragQueryFileAorW
ExtractAssociatedIconW
ExtractIconW
SHGetInstanceExplorer
CommandLineToArgvW
SHChangeNotify

user32

CharPrevW
GetInputState
GetMenuItemRect
SetPropW
ExitWindowsEx
DdeCreateStringHandleW
LoadStringA
TileChildWindows
CharLowerW
DdeCreateStringHandleA
DefWindowProcA
DrawFocusRect
EnableWindow
EndDialog
EnumDisplaySettingsExW
GetDlgItem
GetParent
GetSysColor
InvalidateRect
PostMessageA
RegisterClipboardFormatW
SendMessageA
SetWindowLongA
SetWindowTextA
ShowWindow
wsprintfA
CharToOemBuffA
DdePostAdvise
GetCursorInfo
LockSetForegroundWindow
MessageBoxExW
CheckDlgButton
CheckMenuItem
DestroyMenu
EnableMenuItem
EnumChildWindows
GetComboBoxInfo
GetDlgItemInt
GetDlgItemTextW
GetFocus
GetKeyboardLayout
GetMessagePos
GetSubMenu
GetWindowLongW
GetWindowTextW
IsDlgButtonChecked
IsWindowEnabled
LoadIconW
LoadMenuIndirectA
LoadStringW
MapVirtualKeyW
MessageBeep
MessageBoxW
OemToCharW
SendDlgItemMessageW
SendMessageW
SetActiveWindow
SetDlgItemInt
SetDlgItemTextW
SetFocus
SetMenuDefaultItem
SetWindowLongW
SetWindowPos
SetWindowTextW
SetWindowsHookA
TrackPopupMenu
WinHelpW
wsprintfW
wvsprintfW
DdeAbandonTransaction
DispatchMessageW
GetMessageW
LockWorkStation
MsgWaitForMultipleObjects
MsgWaitForMultipleObjectsEx
PeekMessageW
TranslateMessage
AnyPopup
DrawFrameControl
EnumDisplaySettingsExA
GetDC
KillTimer
PostMessageW
ReleaseDC
SetTimer
SystemParametersInfoW
TrackPopupMenuEx
keybd_event
SetClassWord
SetForegroundWindow
AllowSetForegroundWindow
CreateIconFromResource
GetDlgItemTextA
CharLowerA
GetClipboardViewer
GetKeyboardLayoutList
IsHungAppWindow
SetThreadDesktop

Sections

.text
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 230KB - Virtual size: 229KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 373KB - Virtual size: 384KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7614c799acf226f83a0ad9d44d4537b3

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

gdi32

kernel32

oleaut32

rpcrt4

shell32

user32

Sections

.text Size: 164KB - Virtual size: 163KB

.rdata Size: 230KB - Virtual size: 229KB

.data Size: 373KB - Virtual size: 384KB

.text
Size: 164KB - Virtual size: 163KB

.rdata
Size: 230KB - Virtual size: 229KB

.data
Size: 373KB - Virtual size: 384KB