d8d4f9993bd761f6deccceef59ca56035383819533f01ee38471479125becf03

Sharing

Copy URL Twitter E-mail

General

Target

d8d4f9993bd761f6deccceef59ca56035383819533f01ee38471479125becf03
Size

284KB
MD5

6d8a10f3de8821c974b787ff42c093b7
SHA1

e6d507a5445fdcab59baf73ee69ee94e86778465
SHA256

d8d4f9993bd761f6deccceef59ca56035383819533f01ee38471479125becf03
SHA512

3508337049ef2b2c5c795530ca1e98ad267341cc96e06e29ca8a2776ce60d5c53f918cec508b042d469acdbf0b65096675bbd24d18eca932830a149d88a9642b
SSDEEP

6144:tHXMRClAEE1mYJUmWCe7jqylXBQwNZRA:XT8hJ9WJ7jqy76

Score

N/A

Malware Config

Signatures

Files

d8d4f9993bd761f6deccceef59ca56035383819533f01ee38471479125becf03
.exe windows x86

7cf36f5ac1a2c02b1f8bf98867f4ad5d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

DllUnregisterServer
DragQueryFileA
SHGetDesktopFolder
SHGetFileInfoA
StrChrA
SHGetDiskFreeSpaceA
SHGetMalloc
FindExecutableA
SHCreateShellItem
ExtractIconA
DuplicateIcon

kernel32

VirtualProtect
CloseHandle
WriteConsoleW
GetPrivateProfileIntA
lstrcmpi
GetCurrentDirectoryA
GetTimeFormatA
GetConsoleAliasW
LoadLibraryW
HeapSize
GetModuleHandleA
ReadConsoleA
SleepEx
SetEnvironmentVariableW
SetFilePointer
CreateDirectoryA

ctl3d32

Ctl3dGetVer
Ctl3dCtlColor

modemui

InvokeControlPanel
drvCommConfigDialogA

wtsapi32

WTSVirtualChannelPurgeInput
WTSVirtualChannelQuery
WTSEnumerateProcessesA
WTSEnumerateServersA
WTSVirtualChannelWrite
WTSSetSessionInformationW
WTSQuerySessionInformationA
WTSVirtualChannelRead
WTSSendMessageA
WTSLogoffSession
WTSUnRegisterSessionNotification
WTSFreeMemory
WTSVirtualChannelClose
WTSWaitSystemEvent
WTSEnumerateSessionsW
WTSOpenServerW

uxtheme

GetWindowTheme
GetThemeTextMetrics
OpenThemeData
GetThemeSysSize
GetThemeInt
DrawThemeBackground
GetThemeColor
GetThemeRect
SetWindowTheme
CloseThemeData
IsThemeActive

cfgmgr32

CM_Add_Range
CMP_Init_Detection
CM_Add_IDA
CM_Add_Empty_Log_Conf
CMP_Report_LogOn

onex

OneXFreeMemory
OneXDeInitialize
OneXCopyAuthParams
OneXAddTLV
OneXInitialize

Sections

.text
Size: 204KB - Virtual size: 200KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7cf36f5ac1a2c02b1f8bf98867f4ad5d

Headers

DLL Characteristics

File Characteristics

Imports

shell32

kernel32

ctl3d32

modemui

wtsapi32

uxtheme

cfgmgr32

onex

Sections

.text Size: 204KB - Virtual size: 200KB

.data Size: 48KB - Virtual size: 44KB

.rsrc Size: 28KB - Virtual size: 25KB

.text
Size: 204KB - Virtual size: 200KB

.data
Size: 48KB - Virtual size: 44KB

.rsrc
Size: 28KB - Virtual size: 25KB