9de7cd4b2a1e1a0ed6726dbcbdc343b2106caf1ae0447ddd91b7be3a2af349d0

Sharing

Copy URL Twitter E-mail

General

Target

9de7cd4b2a1e1a0ed6726dbcbdc343b2106caf1ae0447ddd91b7be3a2af349d0
Size

132KB
MD5

35fb5559f9242f8e19c5cfa1d7464402
SHA1

867ad1b7ed7af7764830e1f652212f72aab5fdd8
SHA256

9de7cd4b2a1e1a0ed6726dbcbdc343b2106caf1ae0447ddd91b7be3a2af349d0
SHA512

db9331f35569e10ea97b5804a167e1be83ad2c2bf82c334781b336d6163aef7363e832181f271e23b2d253098d22d1cb826cdc5b90ab4dfe285be4e4adf942f4
SSDEEP

3072:NtVXu/k2WJSnKYRI3NoOSTxPZGkoHZuAUMUk/i4g1l:Nne/pTI94yZuFM7

Score

N/A

Malware Config

Signatures

Files

9de7cd4b2a1e1a0ed6726dbcbdc343b2106caf1ae0447ddd91b7be3a2af349d0
.dll windows x86

cb6da5651f2814c7a820513845c2790a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateWaitableTimerW
GetVolumeInformationW
OutputDebugStringA
GetAtomNameW
SetFilePointerEx
VirtualUnlock
EnumResourceTypesW
VirtualProtect
PostQueuedCompletionStatus
WriteConsoleOutputCharacterA
GetVersionExA
ShowConsoleCursor
LocalFlags
SetComputerNameA
ResumeThread
AddAtomA
GetVersion
BuildCommDCBW
DeleteVolumeMountPointW
EndUpdateResourceA
ReadConsoleInputW
GetVDMCurrentDirectories
Module32Next
GetAtomNameA
SetVolumeMountPointA
DisconnectNamedPipe
ReadConsoleOutputCharacterW
SetCriticalSectionSpinCount
ReadDirectoryChangesW
UTUnRegister
GetShortPathNameW
RtlZeroMemory
GetCurrentProcessId
EraseTape
VerLanguageNameA
SetSystemPowerState
GetLastError
UpdateResourceW
GetExitCodeProcess
CreateFileMappingA
_llseek
SearchPathW
DuplicateHandle
RemoveDirectoryA
OpenProfileUserMapping
SetThreadAffinityMask
SetThreadLocale
ExpungeConsoleCommandHistoryW
LoadResource
WaitForMultipleObjectsEx
SetComputerNameW
GetQueuedCompletionStatus
OpenFileMappingA
GetProcAddress
GetProcessAffinityMask
CreateFileA
HeapFree
LoadLibraryA
GetCommMask
CreateJobObjectA
GetFileAttributesExA
GetConsoleAliasA
ContinueDebugEvent
SetVDMCurrentDirectories
FoldStringW
OpenProcess
GetSystemTime
CreateHardLinkA
CancelTimerQueueTimer
SetCommTimeouts
CreateProcessA
WriteFileGather
GetSystemDefaultLCID
CompareStringW
SetThreadContext
SetMailslotInfo
GetConsoleCursorInfo
GetConsoleInputWaitHandle
VerLanguageNameW
VirtualAllocEx
GetCurrentProcess
SetConsoleCursorPosition
BackupWrite
GetPrivateProfileIntW
SetConsoleNumberOfCommandsW
SetTimeZoneInformation
SetLastConsoleEventActive
QueryDosDeviceW
CreateHardLinkW
Thread32Next
LocalAlloc
SetFileTime
GetConsoleFontSize
Heap32First
BuildCommDCBA
CreatePipe
GetHandleInformation
InitializeCriticalSectionAndSpinCount
GetModuleHandleA
CommConfigDialogA
OpenEventA
IsValidLocale
VirtualAlloc

advapi32

SetUserFileEncryptionKey
CreateServiceW
ReportEventA
GetAccessPermissionsForObjectA
CryptHashData
ConvertSecurityDescriptorToAccessW
StartServiceCtrlDispatcherW
BuildTrusteeWithNameA
SystemFunction003
SystemFunction031
BuildTrusteeWithNameW
GetUserNameA
BackupEventLogW
GetTrusteeNameA
BuildImpersonateExplicitAccessWithNameW
SystemFunction004
DestroyPrivateObjectSecurity
SetKernelObjectSecurity
CreateRestrictedToken
GetTrusteeFormA
ChangeServiceConfigW
ChangeServiceConfig2W
LsaEnumeratePrivilegesOfAccount
LsaLookupSids
SetThreadToken
RegEnumValueA
CryptSetProvParam
ClearEventLogA
AccessCheckByTypeAndAuditAlarmW
GetTrusteeTypeW
ConvertSidToStringSidW
SystemFunction030
AreAllAccessesGranted
GetServiceDisplayNameW
CryptHashSessionKey
ConvertAccessToSecurityDescriptorA
AccessCheckAndAuditAlarmW
LsaEnumeratePrivileges
LsaSetInformationPolicy
RegUnLoadKeyW
ConvertStringSidToSidA
GetNamedSecurityInfoA
InitializeSecurityDescriptor
AddAccessAllowedObjectAce
GetSecurityInfo
CryptContextAddRef
EnumDependentServicesW
LsaSetDomainInformationPolicy
SetEntriesInAccessListW
SetFileSecurityA
CryptGetDefaultProviderW
GetOverlappedAccessResults
SystemFunction019
CryptSetProviderExA
AccessCheckByTypeResultListAndAuditAlarmW
ElfBackupEventLogFileA
LsaQuerySecret
GetFileSecurityW
AccessCheckByTypeResultList
SetNamedSecurityInfoExW
CryptDestroyHash
RegConnectRegistryW
GetEffectiveRightsFromAclW
SetSecurityInfoExW
EqualPrefixSid
MakeSelfRelativeSD
DeleteService
RegRestoreKeyA
CryptDecrypt
IsValidSid
FileEncryptionStatusW
LsaRetrievePrivateData
GetExplicitEntriesFromAclA
LsaCreateTrustedDomain
MakeAbsoluteSD
SystemFunction011
SetFileSecurityW
LsaRemoveAccountRights
BackupEventLogA
GetExplicitEntriesFromAclW
GetKernelObjectSecurity
GetSecurityDescriptorControl
RegCloseKey
SystemFunction025
DecryptFileW
CloseServiceHandle
SystemFunction010
BuildSecurityDescriptorW
SetSecurityInfo
GetUserNameW
ImpersonateLoggedOnUser
GetOldestEventLogRecord
GetMultipleTrusteeA
QueryServiceObjectSecurity
SystemFunction017
GetFileSecurityA
LsaEnumerateTrustedDomains
CryptEnumProvidersW
LsaGetSystemAccessAccount
OpenBackupEventLogA
RegQueryValueW
GetSecurityDescriptorLength

opengl32

glCopyTexImage2D

shell32

StrStrW
StrChrIW
SHGetDataFromIDListW
StrCmpNIA
StrCmpNW
DragQueryPoint
WOWShellExecute
SHBrowseForFolderW
Shell_NotifyIconW
SHInvokePrinterCommandW
InternalExtractIconListA
ExtractIconExW
DragQueryFileAorW
CheckEscapesW
ExtractAssociatedIconExA
StrStrIW
StrRChrW
StrRStrW
FreeIconList
StrChrW
CommandLineToArgvW
Shell_NotifyIconA
RealShellExecuteA
SHQueryRecycleBinW
StrNCmpIA
SHGetPathFromIDListW
SHGetFileInfoW
SHQueryRecycleBinA
FindExecutableW
ShellAboutW
SHUpdateRecycleBinIcon
ShellExecuteA
StrRChrIW
SHFileOperationW
SHGetSpecialFolderLocation
SHGetFileInfoA
SHAddToRecentDocs
DuplicateIcon
SHAppBarMessage
DragFinish
StrNCmpW
SHGetDataFromIDListA
SHBrowseForFolderA
StrChrA
StrCmpNIW
StrRStrIW
DragQueryFileW
SHGetInstanceExplorer
ExtractIconExA
RealShellExecuteW
SHFormatDrive
FindExecutableA
ExtractIconW
InternalExtractIconListW
RealShellExecuteExW
StrStrIA
DoEnvironmentSubstW
ShellHookProc
ExtractAssociatedIconExW
RegenerateUserEnvironment
StrNCmpA
DragQueryFileA
ord180
SHGetDesktopFolder
StrChrIA
SheSetCurDrive
ShellExecuteExW
SheChangeDirExW
SHGetPathFromIDListA
SHGetSettings
DoEnvironmentSubstA
ShellExecuteExA
StrRStrIA
StrRChrIA
SHLoadInProc
StrRChrA
RealShellExecuteExA
ExtractAssociatedIconA
ShellExecuteW
ExtractAssociatedIconW
SHGetSpecialFolderPathW
SHGetSpecialFolderPathA
ExtractIconA
SHEmptyRecycleBinW
ord179
SHChangeNotify
SHFreeNameMappings
StrNCmpIW
SHGetMalloc
SHGetDiskFreeSpaceA
ShellAboutA
SHEmptyRecycleBinA
StrRStrA
StrStrA
SHFileOperationA
SheGetDirA
DragAcceptFiles
SHInvokePrinterCommandA
SheChangeDirA
StrCmpNA

shlwapi

SHGetValueA
PathRemoveBlanksA
PathUnmakeSystemFolderA
UrlHashA
SHOpenRegStreamW
SHQueryInfoKeyW
PathGetDriveNumberA
SHRegSetUSValueW
UrlGetPartW
SHDeleteKeyA
StrFromTimeIntervalA
UrlIsOpaqueA
PathCreateFromUrlA
SHRegEnumUSValueW
StrPBrkW
PathCanonicalizeA
UrlGetPartA
PathSearchAndQualifyA
StrCSpnIA
StrToIntExW
SHCreateShellPalette
UrlHashW
PathCompactPathExW
PathStripPathW
StrToIntW

version

GetFileVersionInfoSizeA
VerInstallFileA
VerFindFileW
GetFileVersionInfoW
GetFileVersionInfoA
VerInstallFileW
VerFindFileA
VerQueryValueW
VerQueryValueA
GetFileVersionInfoSizeW

winmm

waveOutRestart
waveOutGetPosition
mciSetYieldProc
NotifyCallbackData
mci32Message
mciGetDriverData
midiInAddBuffer
midiStreamOut
mciDriverYield
waveInUnprepareHeader
mmioRenameW
joyGetThreshold
midiInMessage
midiStreamStop
midiInPrepareHeader
aux32Message
joyGetDevCapsW
midiInGetDevCapsW
mixerMessage
mmioWrite
midiConnect
mmioClose
waveOutGetErrorTextW
waveInReset
sndPlaySoundW
timeGetSystemTime
midiOutGetErrorTextW
mmTaskBlock
midiOutMessage
waveOutSetPlaybackRate
waveOutOpen
midiOutOpen
mmioDescend
mmioCreateChunk
auxSetVolume
midiInClose
WOW32ResolveMultiMediaHandle
waveOutGetDevCapsA
timeGetDevCaps
mmioOpenW
mixerGetDevCapsW

msvcrt

_mbscmp
_mbsnicmp
_mbsrev
_mbsncmp
getwc
_mbsnbset
_outpd
_safe_fprem
_getcwd
__initenv
swscanf
iswctype
__set_app_type
feof
_itow
ftell
_kbhit
_wsplitpath
_winver
_wcsnicoll
_mbsncpy
difftime
_inp
_memicmp
_findclose
fseek
_set_sbh_threshold
memset
_amsg_exit
_wgetenv
_mbsnbicoll
strtok
_getdcwd
_pwctype
_isnan
_wstati64
_read
atexit
_mbsset
strncpy
_wstrtime
_fpreset
_mbsnbcpy
wcstoul
_gcvt
_CIatan
tanh
_spawnlp
_ismbbkprint
_mbslen
_getws
cos
_cscanf
strerror
fmod
_scalb
tmpnam
_getche
_adj_fdivr_m16i
_findfirsti64
_dup2
_adj_fprem
_itoa
_makepath
_HUGE
_wutime
_unlink
_atoldbl
freopen
iswxdigit
_strnicmp
_eof
fclose
_CIexp
_CIcos
_exit
log10
__unDName
_ismbcl1
wprintf
wcstod
_loaddll
sin
_wfindfirsti64
fsetpos
_wcsdup
_putenv
_wfindnext
fwprintf
fputc
fprintf
_CItanh
fputs
_endthreadex
_rotr
wcscoll
_findnext
getc
_mbsnbcmp
_adj_fpatan
_vsnprintf
sinh
__argv
tmpfile
__badioinfo
printf
sprintf
_ismbcdigit
_CIsqrt
fread
labs
ferror
longjmp
_mbsrchr
__p__daylight
vfwprintf
_open_osfhandle
_creat
_isatty
towlower
_utime
_chgsign
fwrite
__p___argc
fopen

Exports

Exports

Eruukrnysr
Fxze
Hsaasxx
Psge
Vmilckft
Ztteq

Sections

.text
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cb6da5651f2814c7a820513845c2790a

Headers

File Characteristics

Imports

kernel32

advapi32

opengl32

shell32

shlwapi

version

winmm

msvcrt

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 48KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 52KB - Virtual size: 50KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 52KB - Virtual size: 48KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 52KB - Virtual size: 50KB

.reloc
Size: 8KB - Virtual size: 7KB