da08142118e88e6960c086cbe175db167df149ba8d6131ea9616d916a9cc39de

Sharing

Copy URL Twitter E-mail

General

Target

da08142118e88e6960c086cbe175db167df149ba8d6131ea9616d916a9cc39de
Size

696KB
MD5

45475772bf51c8e9497857352a33d020
SHA1

8782c177c68eeb5bd4ccab88524d6279864c6e41
SHA256

da08142118e88e6960c086cbe175db167df149ba8d6131ea9616d916a9cc39de
SHA512

26b45def75831bd4cb3d3b5dbcc71f47b16bae9ea91323f5f3982ae899cc7a977ca5fe2884a312891a8683c55330acbf7076018dff3a8886e1b2b43f89a335ff
SSDEEP

12288:mxhH1EoqRGU1TzrzhsojW2ZRBVMGfRR4qocI:uHLVU1/HhrjW2ZRBvu

Score

N/A

Malware Config

Signatures

Files

da08142118e88e6960c086cbe175db167df149ba8d6131ea9616d916a9cc39de
.dll windows x86

45ce989b2e09be8ce5e0d9eba64c60b9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

SetupDiGetDeviceRegistryPropertyA
SetupDiGetClassDevsA
SetupDiSetDeviceRegistryPropertyW
SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW
SetupDiDestroyDeviceInfoList

msi

ord137
ord92
ord32
ord159
ord160
ord118
ord8
ord141
ord190
ord205
ord88
ord113

difxapi

DriverPackageInstallW
DriverPackageUninstallW
DriverPackagePreinstallW
DIFXAPISetLogCallbackW
DriverPackageGetPathW

shlwapi

PathIsDirectoryW
PathFileExistsW

kernel32

EncodePointer
DecodePointer
InterlockedExchange
GetLastError
FindNextFileW
FindFirstFileExW
MultiByteToWideChar
WideCharToMultiByte
GetWindowsDirectoryW
GetVersionExW
FindClose
DeleteFileW
FindFirstFileW
GetSystemDirectoryW
lstrcatW
lstrcpyW
lstrlenW
CopyFileW
GetSystemTime
SetCurrentDirectoryW
GetCurrentDirectoryW
CloseHandle
WaitForSingleObject
CreateProcessW
InterlockedCompareExchange
Sleep
GetExitCodeProcess
LocalFree
LocalAlloc
GetVersionExA
FreeLibrary
GetProcAddress
LoadLibraryA
GetModuleFileNameW
OutputDebugStringW
GetCurrentProcess
GetModuleHandleW
GetSystemInfo
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
RaiseException
SetUnhandledExceptionFilter
CreateFileW
SetFilePointer
FormatMessageW
VirtualQuery
IsBadWritePtr
GetCurrentThread
WriteFile
LoadLibraryW
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
DisableThreadLibraryCalls
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
GetTickCount
GetProcessHeap

user32

EnumDisplayDevicesW
ShowWindow
wsprintfW
wvsprintfW
EnumDisplayDevicesA

advapi32

RegEnumKeyExW
RegSetValueExW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegDeleteKeyW
RegEnumValueW
RegDeleteValueW
CloseServiceHandle
OpenServiceW
RegQueryInfoKeyW
OpenSCManagerW
DeleteService
StartServiceW
ControlService
QueryServiceStatusEx

shell32

SHGetPathFromIDListW
SHGetMalloc
ShellExecuteExW
CommandLineToArgvW
SHGetFolderLocation
ShellExecuteW
SHFileOperationW

msvcp100

??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Swap_all@_Container_base0@std@@QAEXAAU12@@Z
?clear@?$basic_ios@GU?$char_traits@G@std@@@std@@QAEXH_N@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UAE@XZ
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IAE@XZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEGXZ
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JPAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JPBG_J@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEPAV12@PAG_J@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEXABVlocale@2@@Z
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXPAG00@Z
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXPAG0@Z
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEPAGXZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXPAG00@Z
?pbase@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXH@Z
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
?pbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXH@Z
?_BADOFF@std@@3_JB
?_Orphan_all@_Container_base0@std@@QAEXXZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@XZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QAEXH_N@Z
?width@ios_base@std@@QAE_J_J@Z
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAE_JPBG_J@Z
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGG@Z
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEPAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEGXZ
?flags@ios_base@std@@QBEHXZ
?width@ios_base@std@@QBE_JXZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@XZ
?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEPAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ
?good@ios_base@std@@QBE_NXZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?getline@?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV12@PAG_J@Z
?eof@ios_base@std@@QBE_NXZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@K@Z
?out@?$codecvt@GDH@std@@QBEHAAHPBG1AAPBGPAD3AAPAD@Z
?_Gndec@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEPAGXZ
?in@?$codecvt@GDH@std@@QBEHAAHPBD1AAPBDPAG3AAPAG@Z
?_Gninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEPAGXZ
??1?$basic_istream@GU?$char_traits@G@std@@@std@@UAE@XZ
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
?getloc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QBE?AVlocale@2@XZ
?_Fiopen@std@@YAPAU_iobuf@@PBGHH@Z
?_Decref@facet@locale@std@@QAEPAV123@XZ
?_Init@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXPAPAG0PAH001@Z
?_Init@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXXZ
?unshift@?$codecvt@GDH@std@@QBEHAAHPAD1AAPAD@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
?widen@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEGD@Z
??1_Lockit@std@@QAE@XZ
?_Incref@facet@locale@std@@QAEXXZ
?_Getcat@?$codecvt@GDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??Bid@locale@std@@QAEIXZ
?id@?$codecvt@GDH@std@@2V0locale@2@A
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QAE_N_N@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAI@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@I@Z
?endl@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@1@AAV21@@Z
??Bios_base@std@@QBEPAXXZ
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UAE@XZ
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z

msvcr100

__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
?terminate@@YAXXZ
_wstrtime_s
_wstrdate_s
__clean_type_info_names_internal
_except_handler4_common
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_onexit
_lock
__dllonexit
__RTDynamicCast
__CxxFrameHandler3
??3@YAXPAX@Z
??2@YAPAXI@Z
_wfullpath
_CxxThrowException
wcslen
memcpy
memmove
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??_V@YAXPAX@Z
memset
_wcsicmp
_time64
wcsstr
_lock_file
_unlock_file
fwrite
fputwc
ungetwc
memcpy_s
ungetc
fgetc
fgetwc
fgetpos
_fseeki64
fsetpos
setvbuf
fflush
fclose
wcscat_s
wcscpy_s
_itow_s
wcsncpy_s
??0bad_cast@std@@QAE@PBD@Z
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@ABV01@@Z
isdigit
wcstol
_wtof
wcstoul
toupper
_wtoi
tolower
wcsncmp
vswprintf_s
_wcslwr_s
strcpy_s
_waccess
wcschr
wcscmp
_wstat64i32
strlen
_wmkdir
towupper
towlower
wcsrchr
free
mbstowcs_s
wcstombs_s
_vsnprintf_s
_vsnwprintf_s
_unlock

netapi32

NetUserEnum
NetApiBufferFree

Exports

Exports

GetIPackageMgr
PM_SetErrorHandler
RemoveIPackageMgr

Sections

.text
Size: 254KB - Virtual size: 254KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 328KB - Virtual size: 327KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

45ce989b2e09be8ce5e0d9eba64c60b9

Headers

DLL Characteristics

File Characteristics

Imports

setupapi

msi

difxapi

shlwapi

kernel32

user32

advapi32

shell32

msvcp100

msvcr100

netapi32

Exports

Exports

Sections

.text Size: 254KB - Virtual size: 254KB

.rdata Size: 328KB - Virtual size: 327KB

.data Size: 29KB - Virtual size: 32KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 25KB - Virtual size: 24KB

.rmnet Size: 56KB - Virtual size: 60KB

.text
Size: 254KB - Virtual size: 254KB

.rdata
Size: 328KB - Virtual size: 327KB

.data
Size: 29KB - Virtual size: 32KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 25KB - Virtual size: 24KB

.rmnet
Size: 56KB - Virtual size: 60KB