04188f33382bac88d9c60bb94127037146a1940977d1c526d3eb067d6acec513

Sharing

Copy URL Twitter E-mail

General

Target

04188f33382bac88d9c60bb94127037146a1940977d1c526d3eb067d6acec513
Size

828KB
MD5

5f2f86b74447398ddabbd8fec6d9ff30
SHA1

74675fc23914c2e3619eeafda2a8716b3fe2e3de
SHA256

04188f33382bac88d9c60bb94127037146a1940977d1c526d3eb067d6acec513
SHA512

a6af3d53aa90b93857a97731eb92c6b928813d9eccffb4aa0580fc955a990cdebf496cba03b620b788541daace46ff509956c1f82863e951134394a39f1b90d0
SSDEEP

24576:jDv9l7ONKi5dp2CCgHpDECXU0mPgfkD7M:jD77t2dQkNTd

Score

N/A

Malware Config

Signatures

Files

04188f33382bac88d9c60bb94127037146a1940977d1c526d3eb067d6acec513
.exe windows x86

6f135938f5396c81174c0f09f578ecf4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

SetUserObjectInformationA
GetMessagePos
LoadBitmapW
SetSystemMenu
ActivateKeyboardLayout
EnumThreadWindows
GetPropW
GetRawInputData
CreateWindowExA
IMPGetIMEW
GetFocus
GetClipboardViewer
GetWindowModuleFileNameA
CharToOemW
MonitorFromRect
SetForegroundWindow
CreateAcceleratorTableW
MessageBoxIndirectA
SetMenu
DrawIconEx
SwapMouseButton
ReasonCodeNeedsBugID
GetCursor
GetMenuItemCount
LoadCursorFromFileA
UnregisterUserApiHook
RegisterHotKey
LockWorkStation
DdeDisconnect
RemovePropA

dbghelp

SymRegisterFunctionEntryCallback64
SymEnumerateSymbols64
sym
MapDebugInformation
FindDebugInfoFile
SymEnumTypes
DbgHelpCreateUserDumpW
lmi
SymEnumerateSymbolsW
SymRegisterCallback64
SymGetSymPrev
StackWalk
SymGetModuleBase64
SymFunctionTableAccess
srcfiles
SymGetLinePrev64
SymEnumerateModules
SymSetSearchPath
FindExecutableImageEx
SymGetLineFromAddr64
vc7fpo
SymGetTypeFromName
FindDebugInfoFileEx
ImagehlpApiVersionEx
SymMatchFileName
SymGetOptions

mapi32

RTFSync
BMAPISaveMail
FreeProws@4
SzFindCh@8
FBadProp@4
MAPIAllocateBuffer@8
cmc_send
HrEntryIDFromSz@12
UNKOBJ_ScCOAllocate@12
ScCountNotifications@12
OpenIMsgSession@12
FBadRowSet@4
CbOfEncoded@4
FBadRestriction@4
cmc_act_on
UNKOBJ_ScCOReallocate@12
UFromSz@4
MAPIAdminProfiles
FtAddFt@16
FBadPropTag@4

crypt32

CertFindRDNAttr
CertGetPublicKeyLength
CertDuplicateStore
I_CryptRemoveLruEntry
CryptGetOIDFunctionAddress
CryptSetProviderU
CryptAcquireCertificatePrivateKey
CryptSIPRemoveSignedDataMsg
CertVerifyCTLUsage
CryptMemAlloc
RegOpenHKCUKeyExU
PFXExportCertStoreEx
I_CryptAddSmartCardCertToStore
CryptHashToBeSigned
CryptDecryptAndVerifyMessageSignature
I_CryptEnumMatchingLruEntries
I_CryptGetLruEntryIdentifier
CertEnumCRLsInStore
I_CryptInstallOssGlobal
I_CryptUninstallAsn1Module
PFXExportCertStore
CryptAcquireContextU
CertResyncCertificateChainEngine
CertGetCRLContextProperty
CertStrToNameW
CryptMsgDuplicate

kernel32

GetConsoleAliasExesA
DefineDosDeviceA
GetFullPathNameA
GetCPInfoExW
SetFileValidData
LoadLibraryW
GetPrivateProfileIntW
RemoveDirectoryA
GetCurrentDirectoryW
GetHandleContext
CreateJobObjectA
RtlCaptureStackBackTrace
lstrcpy
ReleaseSemaphore
GetModuleHandleA
GetOEMCP
EnumSystemLanguageGroupsA
BackupSeek
EnumResourceLanguagesA
GetCommConfig

shlwapi

SHDeleteValueA
SHOpenRegStream2W
StrCmpIW
SHCopyKeyW
SHDeleteEmptyKeyW
SHEnumValueW
PathFindSuffixArrayA
PathUnExpandEnvStringsW
UrlCombineA
StrCmpLogicalW
UrlCreateFromPathW
PathRemoveFileSpecW
UrlCreateFromPathA
UrlCompareA
PathRemoveBackslashA
PathSearchAndQualifyA
PathQuoteSpacesW
SHRegOpenUSKeyW
UrlIsW
UrlUnescapeA
HashData
PathRelativePathToW
SHRegCreateUSKeyW
PathAddExtensionA
PathFileExistsA
PathIsPrefixW
PathCombineW
PathGetCharTypeA
SHCopyKeyA
PathIsSameRootW

ole32

CoTreatAsClass
GetDocumentBitStg
OleQueryLinkFromData
StgGetIFillLockBytesOnFile
OleConvertOLESTREAMToIStorageEx
CoRegisterClassObject
ReadClassStg
OleCreateEx
OleIsRunning
WdtpInterfacePointer_UserMarshal
SetConvertStg
DcomChannelSetHResult
OleCreateMenuDescriptor
CoSwitchCallContext
OleLockRunning
ReadFmtUserTypeStg
OleDraw
IsAccelerator
GetConvertStg
UtConvertDvtd32toDvtd16
StgGetIFillLockBytesOnILockBytes
CoQueryAuthenticationServices
CoCreateObjectInContext
IsValidIid
OleCreateLinkEx

winmm

mmsystemGetVersion
waveInGetErrorTextA
joyGetPos
waveInGetDevCapsA
waveInGetPosition
midiStreamRestart
mciGetDeviceIDA
mixerGetLineInfoA
mmioStringToFOURCCW
PlaySound
midiInGetID
waveInUnprepareHeader
waveOutMessage
midiInStart
midiOutGetDevCapsA
waveOutSetVolume
WOW32ResolveMultiMediaHandle
joyGetDevCapsA
mmioClose
auxGetDevCapsW
midiStreamOpen
mmioRead
waveInAddBuffer
mmioAdvance
wid32Message

Sections

.text
Size: 390KB - Virtual size: 390KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 165KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 138KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 868B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6f135938f5396c81174c0f09f578ecf4

Headers

DLL Characteristics

File Characteristics

Imports

user32

dbghelp

mapi32

crypt32

kernel32

shlwapi

ole32

winmm

Sections

.text Size: 390KB - Virtual size: 390KB

.rdata Size: 132KB - Virtual size: 131KB

.data Size: 165KB - Virtual size: 1.5MB

.rsrc Size: 138KB - Virtual size: 137KB

.reloc Size: 1024B - Virtual size: 868B

.text
Size: 390KB - Virtual size: 390KB

.rdata
Size: 132KB - Virtual size: 131KB

.data
Size: 165KB - Virtual size: 1.5MB

.rsrc
Size: 138KB - Virtual size: 137KB

.reloc
Size: 1024B - Virtual size: 868B