dde688db53ee7c3d2fdbb75900db32406756bae0093efb3d39c1bc9997596b14

Sharing

Copy URL Twitter E-mail

General

Target

dde688db53ee7c3d2fdbb75900db32406756bae0093efb3d39c1bc9997596b14
Size

183KB
MD5

62243e76f275391a5f709bbb4b7218e0
SHA1

58c346f6d908ecfa9a0dc041b43ce8aa6c09b2fb
SHA256

dde688db53ee7c3d2fdbb75900db32406756bae0093efb3d39c1bc9997596b14
SHA512

3f9016263912f7b5e6b70a2622d52d8669982199f5eb4ad9cdd228ee1669ba21ee7dd76995112143c0e787865b0862459eb7024b1916e9b1dd19f45821ca7b68
SSDEEP

3072:XX8XsEeg1vfrOdtR4n1SbBNGNtE05/7Ye/E2+UBmlF8lR76Sjf1U7:XGYej0tR4n1mTGNth0ew5lWD764f1U7

Score

N/A

Malware Config

Signatures

Files

dde688db53ee7c3d2fdbb75900db32406756bae0093efb3d39c1bc9997596b14
.exe windows x86

7c4fd3a808de7a51010efce7b3817fbd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

imagehlp

SymUnDName
RemovePrivateCvSymbolicEx
SymMatchFileName
ImageRemoveCertificate
ImageDirectoryEntryToData
ImageRvaToVa
BindImageEx
SymGetSymNext
EnumerateLoadedModules
SymSetSearchPath
ImageLoad
FindDebugInfoFile
SymUnloadModule
MapDebugInformation
SplitSymbols
SymGetModuleBase
RemovePrivateCvSymbolic
SymGetModuleInfo
ImageGetCertificateHeader
SearchTreeForFile
ImagehlpApiVersionEx
SymRegisterCallback
SymCleanup
GetImageUnusedHeaderBytes
ImageRvaToSection
SymGetLineFromAddr
UpdateDebugInfoFileEx
SetImageConfigInformation

ole32

HWND_UserFree
OleGetIconOfFile
OleSetClipboard
CoRevokeClassObject
CreateAntiMoniker
OleRegGetMiscStatus
CoRegisterPSClsid
OleQueryLinkFromData
OleConvertOLESTREAMToIStorageEx
CoInitialize
GetHGlobalFromILockBytes
CoLockObjectExternal
MonikerRelativePathTo
HPALETTE_UserUnmarshal
StgOpenStorageOnILockBytes
CreateDataCache
CoMarshalHresult
CoFileTimeNow
StgOpenStorage
CoUnmarshalHresult
OleCreateFromDataEx
OleUninitialize
CoRegisterSurrogate
OleFlushClipboard

resutils

ResUtilFindSzProperty
ResUtilEnumProperties
ResUtilAddUnknownProperties
ResUtilGetResourceDependency
ResUtilGetEnvironmentWithNetName
ClusWorkerCreate
ResUtilGetResourceNameDependency
ResUtilVerifyPropertyTable
ResUtilVerifyPrivatePropertyList
ResUtilEnumResources
ResUtilSetMultiSzValue
ResUtilResourceTypesEqual
ResUtilStopService
ResUtilGetBinaryProperty
ResUtilGetPropertiesToParameterBlock
ResUtilEnumPrivateProperties
ResUtilPropertyListFromParameterBlock
ResUtilSetExpandSzValue
ResUtilSetDwordValue
ResUtilStopResourceService
ResUtilGetProperties
ResUtilSetPropertyParameterBlock
ResUtilSetPrivatePropertyList
ResUtilSetSzValue
ResUtilDupParameterBlock
ResUtilStartResourceService
ResUtilVerifyService
ResUtilFreeParameterBlock
ResUtilSetPropertyTable
ResUtilGetMultiSzProperty
ClusWorkerTerminate
ResUtilGetAllProperties
ResUtilResourcesEqual
ResUtilGetProperty
ResUtilGetBinaryValue
ResUtilGetSzProperty
ResUtilGetDwordValue
ResUtilGetDwordProperty
ResUtilVerifyResourceService
ResUtilGetSzValue
ResUtilIsPathValid
ClusWorkerCheckTerminate

user32

EndDeferWindowPos
InvertRect
GetClassWord
IntersectRect
DlgDirSelectComboBoxExA
EndDialog
MessageBoxA
OffsetRect
IMPGetIMEA
IsWindowEnabled
CheckMenuRadioItem
IMPGetIMEW
ChangeMenuW
GetMenuItemCount
CreateDialogParamA

rpcrt4

RpcServerUnregisterIf

pdh

PdhLookupPerfIndexByNameW
PdhUpdateLogA
PdhEnumMachinesA
PdhExpandCounterPathW
PdhGetDefaultPerfObjectW
PdhExpandCounterPathA
PdhSetQueryTimeRange
PdhGetDefaultPerfCounterA
PdhConnectMachineA
PdhUpdateLogW
PdhLookupPerfIndexByNameA
PdhGetDefaultPerfCounterW
PdhSetCounterScaleFactor
PdhEnumMachinesW
PdhCalculateCounterFromRawValue
PdhValidatePathA
PdhEnumObjectsA
PdhBrowseCountersA
PdhGetFormattedCounterArrayA
PdhEnumObjectItemsA
PdhOpenQueryW
PdhEnumObjectItemsW
PdhSelectDataSourceA
PdhGetCounterInfoW
PdhOpenQueryA
PdhSelectDataSourceW
PdhGetCounterInfoA
PdhLookupPerfNameByIndexW
PdhEnumObjectsW
PdhGetRawCounterValue
PdhCloseQuery
PdhParseCounterPathW
PdhGetDefaultPerfObjectA
PdhMakeCounterPathW
PdhMakeCounterPathA
PdhOpenLogW
PdhCloseLog
PdhComputeCounterStatistics

urlmon

GetClassURL
CoGetClassObjectFromURL
IsAsyncMoniker
RegisterMediaTypeClass
MkParseDisplayNameEx
CoInternetGetSession
URLOpenStreamA
FindMimeFromData
URLOpenPullStreamW
CoInternetParseUrl
CreateURLMoniker
RevokeBindStatusCallback
URLOpenPullStreamA
CoInternetCombineUrl
CreateAsyncBindCtxEx
URLDownloadToCacheFileW
ObtainUserAgentString
URLOpenBlockingStreamA
HlinkGoForward
HlinkNavigateString
URLDownloadToFileA
RegisterFormatEnumerator
GetClassFileOrMime
HlinkSimpleNavigateToMoniker
CoInternetCreateSecurityManager
RegisterBindStatusCallback
HlinkNavigateMoniker
CreateFormatEnumerator
IsValidURL
SetSoftwareUpdateAdvertisementState
FindMediaTypeClass
GetSoftwareUpdateInfo
FindMediaType
RegisterMediaTypes
CoInternetQueryInfo
HlinkGoBack
CopyStgMedium
CoInternetCompareUrl
URLDownloadToFileW
CoInternetGetProtocolFlags
WriteHitLogging
CreateAsyncBindCtx
HlinkSimpleNavigateToString

shell32

ExtractIconExA
SHFileOperationA
SHGetSettings
ExtractAssociatedIconA
SHBrowseForFolderW
Shell_NotifyIconA
SHGetPathFromIDListA
ShellExecuteExA
SHFileOperationW

gdi32

CreateICW
SetPixelV
GetPath
CombineTransform
CreateDIBPatternBrush
EnumFontFamiliesW
ScaleViewportExtEx
AngleArc
GetCharWidthFloatW
FixBrushOrgEx
GetDIBColorTable
GetEnhMetaFilePixelFormat
GetPolyFillMode

msvcrt

memcmp

winmm

mciSendStringA
DefDriverProc
midiOutGetErrorTextA
midiInGetID
joyReleaseCapture
waveInStop
midiInClose
waveInAddBuffer
mixerGetLineInfoW
mmioStringToFOURCCA
waveOutGetDevCapsA
midiDisconnect
timeSetEvent
mciGetDeviceIDA
midiInReset
waveOutRestart
mmioRenameA

oleaut32

VarI4FromStr
VarCyMul
VarI4FromUI1
VarNeg
VarUI4FromCy
VarI2FromStr
VarI2FromDec
SafeArrayGetElement
VarUI2FromI1
BSTR_UserFree
VarUI4FromDate
VarDecFromI1
VarI4FromDisp
VarBoolFromR4
VarDecCmp
VarUI1FromBool
CreateTypeLi
VarDecFromDate
SafeArraySetRecordInfo
VarCyFromR4
VarCyFromDate
BSTR_UserUnmarshal
VarNot
VarR8Pow
VarBstrFromUI2
VarUI1FromR4
VarR8FromUI2
VarUI1FromR8
VarI1FromDisp
VarFormatFromTokens
VarDiv
VarUI1FromI2
VarBstrCat
VarBstrFromDec
SafeArrayUnaccessData
VarUI2FromDate
VarBoolFromStr
VarI4FromR8
QueryPathOfRegTypeLi
LoadTypeLibEx
GetErrorInfo
SysReAllocStringLen
VarDecAdd
OleLoadPictureEx
VarNumFromParseNum
SafeArrayGetElemsize
VARIANT_UserSize
VarDateFromI4
SysAllocStringLen
VarBoolFromDec

Sections

.text
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7c4fd3a808de7a51010efce7b3817fbd

Headers

File Characteristics

Imports

imagehlp

ole32

resutils

user32

rpcrt4

pdh

urlmon

shell32

gdi32

msvcrt

winmm

oleaut32

Sections

.text Size: 56KB - Virtual size: 52KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 4KB - Virtual size: 1.2MB

.rsrc Size: 4KB - Virtual size: 1KB

.text
Size: 56KB - Virtual size: 52KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 4KB - Virtual size: 1.2MB

.rsrc
Size: 4KB - Virtual size: 1KB