3a08402c8c350387c848559b0bdc5056189183c941a81d8bb4d949c817023e7e

Sharing

Copy URL Twitter E-mail

General

Target

3a08402c8c350387c848559b0bdc5056189183c941a81d8bb4d949c817023e7e
Size

940KB
MD5

60e8c17339e7c86c8839fd2373a6bea0
SHA1

2197f793e37301264bc60e1954d21bc8d0f8a23f
SHA256

3a08402c8c350387c848559b0bdc5056189183c941a81d8bb4d949c817023e7e
SHA512

2095b2a96586f83ec0b66d62da874df2d50c6218c14c2dcde5511d02f6cb89c3d1531a206fd1aab08d3eb0e65584bfbe5250ee6f64c343d03613058156addd49
SSDEEP

6144:RMIvIA7hy71kgapGR/BrSDPEP/h0eHY0wCNtahlTqie4J:tQAg71ES/BODU/h0e40nNUhlTz3

Score

N/A

Malware Config

Signatures

Files

3a08402c8c350387c848559b0bdc5056189183c941a81d8bb4d949c817023e7e
.exe windows x86

7730a54060a7e5fd0d5afc26fff89eea

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CloseEventLog
GetOldestEventLogRecord
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
AccessCheckByTypeResultList
AccessCheckByTypeResultListAndAuditAlarmByHandleW
ControlService
CryptVerifySignatureA
InitializeSecurityDescriptor
LsaDeleteTrustedDomain
QueryServiceConfig2A
QueryUsersOnEncryptedFile
RegConnectRegistryW
RegCreateKeyExW
RegDeleteKeyW
RegEnumValueW
RegQueryInfoKeyW
RegSetKeySecurity
RegSetValueExW
ReportEventW
SetSecurityDescriptorDacl
SetServiceBits
StartServiceCtrlDispatcherA
SystemFunction014
SystemFunction016
CloseServiceHandle
ConvertSecurityDescriptorToStringSecurityDescriptorW
ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
CryptSetProviderExW
ElfClearEventLogFileA
GetTrusteeTypeW
LookupAccountNameW
OpenServiceW
ReadEventLogA
RegOpenKeyExA
RegQueryValueExA
IsTextUnicode
LsaDelete
SetTraceCallback
LsaOpenPolicy
CloseEncryptedFileRaw
LsaClose
LsaFreeMemory
LsaNtStatusToWinError
LsaQueryInformationPolicy
OpenEventLogA
RegLoadKeyW
SystemFunction008
SystemFunction009
GetUserNameA
LsaEnumeratePrivilegesOfAccount
LsaSetTrustedDomainInfoByName
RegCreateKeyA
RegDeleteKeyA
RegDeleteValueA
RegEnumValueA
RegSetValueExA
StartServiceA

gdi32

CLIPOBJ_ppoGetPath
Ellipse
Escape
GdiConvertRegion
GdiGetCodePage
GetCharWidthI
OffsetRgn
ScaleViewportExtEx
SelectClipPath
SetPixelV
ChoosePixelFormat
CreateCompatibleDC
GdiConvertPalette
GetFontUnicodeRanges
GetICMProfileA
CreateBitmap
DPtoLP
ExtEscape
FontIsLinked
Pie
PolyTextOutW
EngTransparentBlt
GdiArtificialDecrementDriver
GdiEntry1
GdiGetDC
ResizePalette
SetMetaRgn
SetStretchBltMode
GdiAddGlsBounds
EngStretchBlt
EngTextOut
EnumFontFamiliesA
EudcUnloadLinkW
GdiPlayPageEMF
GdiPrinterThunk
GdiRealizationInfo
GetCharABCWidthsA
SwapBuffers
Chord
CreateFontIndirectA
CreateRectRgnIndirect
DeleteObject
GdiDeleteLocalDC
GetDeviceCaps
GetObjectA
ModifyWorldTransform
SetBkColor
SetDIBitsToDevice
StartFormPage

kernel32

GetCurrencyFormatW
LocalAlloc
LocalFree
lstrlenW
CloseHandle
CreateEventW
CreateThread
FindResourceExW
GetCurrentProcess
GetCurrentThreadId
GetEnvironmentVariableW
GetExitCodeThread
GetLocalTime
GetSystemInfo
GetUserDefaultLangID
InitializeCriticalSectionAndSpinCount
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
MoveFileW
OutputDebugStringA
RegisterWaitForSingleObject
ReleaseSemaphore
ScrollConsoleScreenBufferA
SetEvent
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsFree
UnhandledExceptionFilter
WaitForMultipleObjects
WaitForSingleObject
VirtualAlloc
FoldStringA
FormatMessageW
FreeLibraryAndExitThread
GetBinaryType
GetModuleFileNameW
GetModuleHandleW
GetTapePosition
GlobalAlloc
GlobalFree
LocalHandle
lstrcpyW
GetProcAddress
LoadLibraryW
CreateEventA
CreateFileW
DeleteFileA
EnumResourceLanguagesW
FreeLibrary
GetComputerNameExW
GetComputerNameW
GetCurrentProcessId
GetProcessHeap
GetProcessShutdownParameters
GetSystemTime
GetSystemTimeAsFileTime
GetTapeParameters
GetThreadLocale
GetTickCount
GlobalFlags
HeapUnlock
LoadLibraryExA
QueryPerformanceCounter
ReadFile
SetCommMask
SetMailslotInfo
WaitForSingleObjectEx
WideCharToMultiByte
WriteFile
_lwrite
lstrcatW
AddAtomW
ExitProcess
FindFirstVolumeW
FoldStringW
GetConsoleMode
GetConsoleOutputCP
GetFileType
GetNamedPipeInfo
GetStdHandle
GetVolumeNameForVolumeMountPointW
GlobalLock
GlobalUnlock
HeapDestroy
HeapValidate
MultiByteToWideChar
VerifyVersionInfoW
WriteConsoleW
DisableThreadLibraryCalls
GetComputerNameA
GetConsoleAliasA
GetModuleFileNameA
GetNumberFormatA
GetSystemDirectoryW
GetTimeFormatA
LoadLibraryA
LocalCompact
SetConsoleCursor
UnregisterWait
lstrcpyA
CreateFileA
CreateJobObjectW
CreateProcessA
DebugActiveProcess
DeviceIoControl
FileTimeToSystemTime
FlushInstructionCache
FormatMessageA
GetDateFormatA
GetModuleHandleA
GetPrivateProfileStructA
GetStartupInfoA
GetSystemDirectoryA
GetWindowsDirectoryA
GlobalFix
Heap32ListNext
LockResource
OpenMutexW
RaiseException
ReadConsoleInputA
SetProcessShutdownParameters
WinExec
lstrcatA
lstrcmpiA
lstrcpynA
lstrlenA
DecodePointer
GetCommandLineA
HeapSetInformation
GetStartupInfoW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
SetLastError
GetLastError
GetCurrentThread
GetStringTypeW
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
FatalAppExitA
SetConsoleCtrlHandler
GetLocaleInfoW
IsProcessorFeaturePresent
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
HeapCreate
LCMapStringW
HeapFree
RtlUnwind
HeapSize
HeapAlloc
HeapReAlloc
GetConsoleCP
FlushFileBuffers
SetFilePointer
SetStdHandle
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale

oleaut32

LPSAFEARRAY_Marshal
VarFix
VarR4FromCy
GetRecordInfoFromGuids
VarCyFromI2
VarR8Round
VarDateFromDisp
VarDecFromI2
VarUI1FromBool
VarUI2FromI4
VariantCopy
LPSAFEARRAY_UserUnmarshal
VarDecFromR4
VarNeg
VarUI1FromStr
DispGetParam
SafeArrayAllocDescriptor
VARIANT_UserUnmarshal
VarUI4FromI1

rpcrt4

NdrNonConformantStringMarshall
I_RpcClearMutex
I_RpcFreeBuffer
MesDecodeBufferHandleCreate
NdrConformantArrayFree
NdrAllocate
NdrMesTypeFree2
NdrSimpleStructMarshall
RpcBindingInqOption
RpcObjectSetType
RpcServerInqIf
RpcSmSetThreadHandle
I_RpcBindingInqWireIdForSnego
I_RpcPauseExecution
NdrClientCall2
NdrConformantArrayBufferSize
NdrConformantStructMemorySize
NdrConformantVaryingStructBufferSize
NdrRpcSmSetClientToOsf
RpcBindingFree
RpcBindingFromStringBindingW
RpcBindingSetOption
RpcMgmtStatsVectorFree
RpcStringBindingComposeW
RpcStringFreeW
I_RpcTransConnectionFreePacket
RpcServerRegisterAuthInfoW
RpcNetworkIsProtseqValidA
CStdStubBuffer_Invoke
DceErrorInqTextW
NdrComplexStructBufferSize
NdrComplexStructUnmarshall
NdrInterfacePointerBufferSize
NdrMesTypeAlignSize
RpcServerUseProtseqIfA

shell32

ExtractIconExA
Shell_NotifyIconA
SHGetFolderPathA
ExtractAssociatedIconW

user32

DlgDirSelectExW
GetClassLongA
GetMenuItemInfoA
EndPaint
GetIconInfo
GetProcessDefaultLayout
RegisterClipboardFormatW
CreateMenu
GetClientRect
GetMessageA
GetWindowTextLengthA
PeekMessageW
RemoveMenu
SendMessageW
ShowCursor
TrackPopupMenuEx
wsprintfW
GetSystemMetrics
DdeQueryNextServer
EditWndProc
GetDesktopWindow
GetKBCodePage
ReleaseCapture
CharUpperBuffA
CharUpperW
CloseClipboard
DrawFocusRect
LoadStringW
SetClipboardData
UnregisterClassA
DrawStateA
AdjustWindowRect
AnyPopup
CreateWindowStationW
DdeClientTransaction
LoadAcceleratorsW
LoadIconA
SetDlgItemInt
TranslateAcceleratorA
wsprintfA
ActivateKeyboardLayout
AdjustWindowRectEx
AppendMenuA
BeginPaint
CallWindowProcA
CascadeWindows
CharNextA
CharPrevA
CheckDlgButton
ClientToScreen
CopyIcon
CopyRect
CreateIconIndirect
CreatePopupMenu
CreateWindowExA
DefWindowProcA
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageA
DrawEdge
DrawTextA
EnableMenuItem
EnableWindow
EnumChildWindows
EqualRect
GetAltTabInfo
GetAsyncKeyState
GetClassNameA
GetCursorPos
GetDC
GetDlgItem
GetFocus
GetForegroundWindow
GetKeyState
GetMenuDefaultItem
GetMenuItemCount
GetMenuState
GetMessagePos
GetParent
GetScrollInfo
GetShellWindow
GetSubMenu
GetSysColor
GetSystemMenu
GetWindow
GetWindowLongA
GetWindowRect
GetWindowTextA
GetWindowThreadProcessId
InflateRect
InsertMenuA
InsertMenuItemA
IntersectRect
InvalidateRect
IsCharUpperW
IsDlgButtonChecked
IsIconic
IsMenu
IsRectEmpty
IsWindow
IsWindowVisible
KillTimer
LoadBitmapA
LoadCursorA
LoadImageA
LoadStringA
MapWindowPoints
MessageBeep
MessageBoxA
ModifyMenuA
MoveWindow
MsgWaitForMultipleObjects
OffsetRect
PeekMessageA
PostMessageA
PostQuitMessage
PostThreadMessageA
PtInRect
RedrawWindow
RegisterHotKey
ReleaseDC
SendDlgItemMessageA
SendMessageA
SendMessageCallbackA
SetClassLongA
SetCursor
SetFocus
SetForegroundWindow
SetMenuDefaultItem
SetMenuItemInfoA
SetRect
SetRectEmpty
SetScrollInfo
SetTimer
SetWindowLongA
SetWindowPos
SetWindowRgn
ShowWindow
ShowWindowAsync
SubtractRect
SwitchToThisWindow
SystemParametersInfoA
TileWindows
TrackPopupMenu
TranslateMDISysAccel
TranslateMessage
UnionRect
UnregisterHotKey
UpdateWindow
VkKeyScanA

Sections

.text
Size: 270KB - Virtual size: 269KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 431KB - Virtual size: 431KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 236KB - Virtual size: 249KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7730a54060a7e5fd0d5afc26fff89eea

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

gdi32

kernel32

oleaut32

rpcrt4

shell32

user32

Sections

.text Size: 270KB - Virtual size: 269KB

.rdata Size: 431KB - Virtual size: 431KB

.data Size: 236KB - Virtual size: 249KB

.text
Size: 270KB - Virtual size: 269KB

.rdata
Size: 431KB - Virtual size: 431KB

.data
Size: 236KB - Virtual size: 249KB