0ba8c3f94d1392e12310091c232db884cb4c31a00e73c70587e3d9dac6ab489e

Sharing

Copy URL Twitter E-mail

General

Target

0ba8c3f94d1392e12310091c232db884cb4c31a00e73c70587e3d9dac6ab489e
Size

396KB
MD5

335dbfbb22476284d5974b2b56fe0430
SHA1

db60c8fa84ea39605816de30e1657af7b10c2d11
SHA256

0ba8c3f94d1392e12310091c232db884cb4c31a00e73c70587e3d9dac6ab489e
SHA512

df8d65a700af065d6e9ab7075bdfc1ba2e33184d85729c598ec90378063b59159c79b177c6447c27fb0e85c56446316ed21edc531510aa21028308a037f8fc5b
SSDEEP

12288:eKogIJ2m36PCHe2s0nfkcmETvjvYRg8kKllYep1a6d:eKTsj36P6rs08XEe/pRd

Score

N/A

Malware Config

Signatures

Files

0ba8c3f94d1392e12310091c232db884cb4c31a00e73c70587e3d9dac6ab489e
.exe windows x64

38db00a2fb8ba916f608082caeed55eb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
TraceEvent
TraceMessage

kernel32

lstrlenW
FindResourceW
LoadResource
LockResource
SizeofResource
CreateFileW
GetTempPathW
GetTempFileNameW
InitializeCriticalSection
ReadFile
DeleteFileW
EnterCriticalSection
LeaveCriticalSection
FindResourceExW
GetModuleFileNameW
SetLastError
GetCurrentProcess
FlushInstructionCache
GlobalUnlock
GlobalLock
GlobalAlloc
MulDiv
lstrcmpW
MultiByteToWideChar
SetEvent
RaiseException
DeleteCriticalSection
GetCurrentThreadId
RegisterApplicationRestart
GetModuleHandleW
CloseHandle
GetLastError
CreateMutexW
HeapSetInformation
GetFileSize
SetUnhandledExceptionFilter
GetStartupInfoW
Sleep
InterlockedPushEntrySList
VirtualAlloc
InterlockedPopEntrySList
VirtualFree
WideCharToMultiByte
GetVersionExA
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
OutputDebugStringA
QueryPerformanceCounter

gdi32

CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteObject
BitBlt
DeleteDC
GetStockObject
GetObjectW
GetDeviceCaps

user32

GetMessageW
GetSysColor
TranslateMessage
DispatchMessageW
PostThreadMessageW
LoadStringW
RegisterClassExW
LoadCursorW
DefWindowProcW
SetWindowLongW
GetWindowLongW
GetWindowLongPtrW
PostMessageW
GetDesktopWindow
ReleaseDC
GetDC
CallWindowProcW
SetRectEmpty
InvalidateRect
GetClientRect
FillRect
ReleaseCapture
SetCapture
MoveWindow
ScreenToClient
GetParent
KillTimer
SetWindowLongPtrW
SetTimer
ClientToScreen
CreateAcceleratorTableW
CreateWindowExW
GetClassInfoExW
DestroyWindow
RedrawWindow
DestroyAcceleratorTable
SetWindowPos
CharNextW
UnregisterClassA
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
BeginPaint
EndPaint
IsChild
GetClassNameW
GetFocus
SetFocus
GetWindow
GetDlgItem
SendMessageW
IsWindow
InvalidateRgn

msvcrt

__setusermatherr
_commode
_fmode
__set_app_type
_unlock
__dllonexit
_lock
_onexit
realloc
_errno
?terminate@@YAXXZ
_amsg_exit
memcpy
_initterm
_acmdln
exit
_cexit
_ismbblead
_exit
_XcptFilter
__getmainargs
__C_specific_handler
memset
printf
swprintf_s
memmove_s
calloc
memcpy_s
??_U@YAPEAX_K@Z
_vsnwprintf
_purecall
free
malloc
??2@YAPEAX_K@Z
??3@YAXPEAX@Z
??_V@YAXPEAX@Z
memcmp

oleaut32

VarBstrCmp
DispCallFunc
VariantInit
VariantClear
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
VarBstrCat
SysAllocStringLen
SysAllocStringByteLen
SysStringByteLen
SysAllocString
SysStringLen
SysFreeString

ole32

CoTaskMemFree
OleInitialize
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CreateStreamOnHGlobal
OleLockRunning
StringFromGUID2
OleUninitialize
CoTaskMemAlloc
PropVariantClear
CoCreateInstance
CoUninitialize
CoInitialize

shlwapi

PathRemoveFileSpecW
PathFileExistsW

gdiplus

GdipDrawImageRectI
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDisposeImage
GdipFree
GdipCreateBitmapFromScan0
GdipCloneImage
GdipAlloc
GdipLoadImageFromFile
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipSaveImageToFile

Exports

Exports

Microsoft_WDF_UMDF_Version

Sections

.text
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 236KB - Virtual size: 460KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

38db00a2fb8ba916f608082caeed55eb

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

msvcrt

oleaut32

ole32

shlwapi

gdiplus

Exports

Exports

Sections

.text Size: 107KB - Virtual size: 106KB

.data Size: 1KB - Virtual size: 8KB

.pdata Size: 4KB - Virtual size: 4KB

.rsrc Size: 46KB - Virtual size: 45KB

.reloc Size: 236KB - Virtual size: 460KB

.text
Size: 107KB - Virtual size: 106KB

.data
Size: 1KB - Virtual size: 8KB

.pdata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 46KB - Virtual size: 45KB

.reloc
Size: 236KB - Virtual size: 460KB