98d8d3ebe8a2aeb6ed767fa445eb8f001cd972d0e6599d4dfb8f8704c1af38c1

Sharing

Copy URL Twitter E-mail

General

Target

98d8d3ebe8a2aeb6ed767fa445eb8f001cd972d0e6599d4dfb8f8704c1af38c1
Size

839KB
MD5

3b1ca5a15ac9d58c95ee7486d76dbe11
SHA1

8f9f0ebcae109cb81c3e00093b2d5139cd3be2b8
SHA256

98d8d3ebe8a2aeb6ed767fa445eb8f001cd972d0e6599d4dfb8f8704c1af38c1
SHA512

cf5344f9c2e7ddfe0b0e4b0deb27bf511433d52dad9c44ed23295fa2dbda6a8311bb738a68654d175bf433cfed2e280d38537b493307c933fbe41e4afd2d22f4
SSDEEP

12288:FbSOrCQ2ggiahafH31kM+dHmbjqF+Ixvnjkk5yH2ndOpPazVTOH7qdXYso0Y:9NYaNJ3qx9IFHMCi+7qJY

Score

N/A

Malware Config

Signatures

Files

98d8d3ebe8a2aeb6ed767fa445eb8f001cd972d0e6599d4dfb8f8704c1af38c1
.exe windows x86

a2d314a4698e7157c70b28d62c8bf782

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

DdeAccessData
GetKeyboardLayoutNameW
SetScrollRange
ChildWindowFromPointEx
GetAppCompatFlags2
ScreenToClient
RecordShutdownReason
RegisterLogonProcess
IsHungAppWindow
SetInternalWindowPos
RegisterClipboardFormatA
SetClipboardData
TabbedTextOutA
EnumDisplayDevicesW
RegisterDeviceNotificationA
UnlockWindowStation
keybd_event

mscat32

MsCatConstructHashTag
CryptCATPutCatAttrInfo
CryptCATGetMemberInfo
CryptCATClose
CryptCATPutAttrInfo
CryptCATCDFClose
CryptCATGetAttrInfo
MsCatFreeHashTag
CryptCATAdminAddCatalog
IsCatalogFile
CryptCATCDFOpen
CryptCATEnumerateCatAttr
CryptCATAdminReleaseContext
CryptCATPersistStore
CryptCATCDFEnumMembersByCDFTag
CryptCATAdminReleaseCatalogContext
CryptCATCDFEnumAttributes
CryptCATCDFEnumMembers
CryptCATOpen
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminEnumCatalogFromHash
CryptCATPutMemberInfo

kernel32

ReadProcessMemory
LoadLibraryW
GetVolumeNameForVolumeMountPointA
BuildCommDCBW
GetGeoInfoW
MapUserPhysicalPagesScatter
VerLanguageNameA
CompareFileTime
OpenEventA
GetCompressedFileSizeA
RemoveDirectoryW
HeapCreate
GetOEMCP
EnumSystemCodePagesA
RegisterWowExec
GetModuleFileNameA
SetThreadContext
LZCopy
SearchPathA

advapi32

SetServiceBits
ElfReadEventLogA
RegFlushKey
OpenBackupEventLogW
RegQueryValueExW
CryptSetProviderExW
I_ScIsSecurityProcess
GetEffectiveRightsFromAclA
TrusteeAccessToObjectW
ConvertAccessToSecurityDescriptorA
WmiQuerySingleInstanceMultipleW
EqualDomainSid
DecryptFileA
OpenEventLogA
CryptAcquireContextA
I_ScSetServiceBitsA
GetUserNameA
RegNotifyChangeKeyValue
SystemFunction022
LsaCreateSecret
CryptSetKeyParam
ElfRegisterEventSourceA
GetSidLengthRequired
DeleteService
ObjectDeleteAuditAlarmW
LsaSetSecurityObject
BuildSecurityDescriptorA
CredFree
RegisterServiceCtrlHandlerExA

hhsetup

?Close@CCollection@@QAEKXZ
?SetPath@CLocation@@QAEXPBG@Z
?GetNextLocation@CLocation@@QAEPAV1@XZ
?CheckTitleRef@CCollection@@AAEKPBDG@Z
?SetNextLocation@CLocation@@QAEXPAV1@@Z
?FirstLocation@CCollection@@QAEPAVCLocation@@XZ
?HandleCollectionEntry@CCollection@@AAEKPAVCParseXML@@PAD@Z
??1CFolder@@QAE@XZ
?GetCollectionFileNameW@CCollection@@QAEPBGXZ
?GetLangId@CCollection@@QAEGPBD@Z
??1CPointerList@@QAE@XZ
?DeleteFolders@CCollection@@AAEXPAPAVCFolder@@@Z
?DeleteLocalFiles@CCollection@@AAEXPAULocationHistory@@PAVCTitle@@@Z
?AddLocationHistory@CTitle@@QAEKKPBG00PBVCLocation@@00H@Z
??1CLocation@@QAE@XZ
?FindTitle@CCollection@@QAEPAVCTitle@@PBDG@Z
?AddRef@CCollection@@QAEXXZ
??0CFolder@@QAE@XZ
?GetRootFolder@CCollection@@QAEPAVCFolder@@XZ

mprddm

IfObjectNotifyOfReachabilityChange
DDMConnectInterface
DDMAdminConnectionEnum
IfObjectSetDialoutHoursRestriction
RasAcctConfigChangeNotification
RasAuthProviderFreeAttributes
DDMTransportCreate
IfObjectLoadPhonebookInfo
DDMServicePostListens
DDMAdminPortGetInfo
DDMRegisterConnectionNotification
DDMAdminPortDisconnect
RasAcctProviderFreeAttributes
DDMAdminServerGetInfo
DDMAdminConnectionGetInfo
RasAcctProviderInterimAccounting
DDMServiceInitialize
RasAcctProviderStartAccounting
RasAuthProviderInitialize
DDMAdminPortClearStats
DDMAdminPortReset
DDMAdminPortEnum
RasAcctProviderStopAccounting
RasAcctProviderTerminate
DDMAdminConnectionClearStats
DDMSendUserMessage

opengl32

glPopAttrib
glMultMatrixf
glEvalCoord2fv
glVertex4i
glClear
glLoadMatrixd
glPushAttrib
glTexCoord4dv
glScalef
glDisableClientState
glTexGend
glFeedbackBuffer
glRasterPos3f
glVertex3f
wglSwapMultipleBuffers
glScissor
glColor4b
wglGetCurrentContext
GlmfEndGlsBlock
glRasterPos4iv
glRectf
glTexCoord2f
glColor3f
glColor3fv
glMap1d

crtdll

strcoll
_mbsnbset
_tempnam
_mbsnbcpy
_ultoa
_beep
wcscat
strtod
wcscspn
printf
putc
_ismbbgraph
_expand
_CIfmod
_sopen
_osmode_dll

Sections

.text
Size: 378KB - Virtual size: 377KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 181KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 146KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 900B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a2d314a4698e7157c70b28d62c8bf782

Headers

DLL Characteristics

File Characteristics

Imports

user32

mscat32

kernel32

advapi32

hhsetup

mprddm

opengl32

crtdll

Sections

.text Size: 378KB - Virtual size: 377KB

.rdata Size: 132KB - Virtual size: 131KB

.data Size: 181KB - Virtual size: 1.6MB

.rsrc Size: 146KB - Virtual size: 145KB

.reloc Size: 1024B - Virtual size: 900B

.text
Size: 378KB - Virtual size: 377KB

.rdata
Size: 132KB - Virtual size: 131KB

.data
Size: 181KB - Virtual size: 1.6MB

.rsrc
Size: 146KB - Virtual size: 145KB

.reloc
Size: 1024B - Virtual size: 900B