b010b53cd2936ba4abefe3d801a01f28f99f7b1328bda97378771e4664f50c16

Sharing

Copy URL Twitter E-mail

General

Target

b010b53cd2936ba4abefe3d801a01f28f99f7b1328bda97378771e4664f50c16
Size

816KB
MD5

452ae2f25c138d43a780eaef7bd35425
SHA1

76c6fdf80ba6c713c80c33fd33e47e7de0b1142f
SHA256

b010b53cd2936ba4abefe3d801a01f28f99f7b1328bda97378771e4664f50c16
SHA512

555af08c971bcc47397b23985986f8957370caa732e336f70386e223c3cf7a7ba179ae20b80a1838763ebb047c190d9fd4a3f0b2d04bfba73ef32292fc1fb3e9
SSDEEP

24576:D1vM9jZnas/RqSGkPdev7XYNPmCNGN85KT7a6iVHD0vOxZCGxT:67ZOG6UNPmCNq82QHD0vOxZCGxT

Score

N/A

Malware Config

Signatures

Files

b010b53cd2936ba4abefe3d801a01f28f99f7b1328bda97378771e4664f50c16
.exe windows x86

f09383a1fce20e4261d88029dcdaf133

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

gdi32

DeleteEnhMetaFile
CreateFontIndirectA
UpdateColors
GdiGetPageHandle
SetPixelFormat
EngLockSurface
GdiAlphaBlend
EnumEnhMetaFile
EngStretchBlt
EnumFontFamiliesExA
SetWorldTransform
EngFindResource
AddFontResourceA
RemoveFontResourceA
GetBitmapDimensionEx
CreateHalftonePalette
AnimatePalette
WidenPath
EnumMetaFile
GetTextExtentPoint32A
PolyPolygon
SetMetaFileBitsEx
EngEraseSurface
GetTextMetricsA
IntersectClipRect
GetEnhMetaFileBits

comctl32

_TrackMouseEvent
CreatePropertySheetPageA
ImageList_GetBkColor
InitCommonControlsEx
ImageList_Add
ImageList_GetIconSize
ImageList_Read
CreateStatusWindowA
CreatePropertySheetPageW
ImageList_AddMasked
ImageList_GetDragImage
ImageList_Create
ImageList_Remove
ImageList_LoadImageA
ImageList_Replace
ImageList_EndDrag
ImageList_DrawEx
PropertySheetW
PropertySheetA
ImageList_DragShowNolock
ImageList_ReplaceIcon
DestroyPropertySheetPage
ImageList_DrawIndirect
ImageList_Write

setupapi

SetupDiGetClassInstallParamsW
SetupRemoveInstallSectionFromDiskSpaceListW
CM_Get_Next_Res_Des
CM_Get_DevNode_Registry_PropertyW
SetupDiCreateDevRegKeyW
CM_Get_Device_ID_Size
pSetupStringTableAddStringEx
SetupDiSetDeviceInstallParamsW
SetupDiGetDeviceInstanceIdW
CM_Get_DevNode_Registry_Property_ExW
SetupDiGetDeviceInfoListDetailW
SetupDiCreateDeviceInfoListExW
SetupGetTargetPathW
CM_Get_First_Log_Conf
SetupDiGetClassDescriptionExW
SetupDiEnumDeviceInterfaces
SetupCopyOEMInfA
SetupDiSetClassInstallParamsA
CM_Free_Log_Conf_Handle
SetupDiCreateDeviceInfoA
SetupQueueCopyIndirectW
SetupDiLoadClassIcon
CM_Get_Device_ID_ExW
SetupDiGetClassInstallParamsA
SetupDiSetSelectedDriverW
SetupDiGetClassDevsA

msvcrt

_wfullpath
_endthread
scanf
_wcslwr
_hypot
_wsopen
pow
_strdup
_CIlog
_mbsupr
_mbscpy
islower
clock
_commode
_errno
_findfirst
_timezone
fgetws
iswalpha
_spawnlp
fwscanf
_mbsncpy
strspn
_isnan
_getdrives
iswpunct
rand
_exit
__getmainargs
_fileno
_CIatan
ferror

kernel32

HeapLock
EnumTimeFormatsW
GetNumberFormatA
GetProcessWorkingSetSize
SetThreadContext
GetFileSizeEx
GetLocaleInfoW
DeleteTimerQueue
LocalUnlock
lstrcmpA
lstrcatA
FindVolumeMountPointClose
SetVolumeLabelA
SetConsoleTitleW
QueryPerformanceCounter
CreateEventA
HeapValidate
VirtualAlloc
OpenThread
CreateFileW
CreateConsoleScreenBuffer
WriteConsoleOutputCharacterA
ResetEvent
GetLastError
LockFile
MultiByteToWideChar
TerminateThread
SetFileTime
FindAtomW
IsBadCodePtr

crypt32

CertCreateCTLContext

advapi32

SetKernelObjectSecurity
OpenTraceW
LsaSetDomainInformationPolicy
LsaStorePrivateData
IsWellKnownSid
AddAuditAccessObjectAce
RegDeleteKeyA
AddAccessDeniedAce
CryptDuplicateKey
RegSetValueExW
AddAuditAccessAce
OpenEventLogW
StartTraceW
AreAnyAccessesGranted
CryptDestroyKey
InitializeSecurityDescriptor
RegRestoreKeyW
LsaSetInformationPolicy
SetFileSecurityW
MapGenericMask
RegOpenUserClassesRoot
CheckTokenMembership
IsTextUnicode
LookupPrivilegeValueA
CryptReleaseContext
GetEventLogInformation
LsaAddAccountRights
RegFlushKey
IsValidSid
InitializeAcl
LsaEnumerateAccountRights
ClearEventLogW
RegSetValueExA
LsaRetrievePrivateData

userenv

RsopResetPolicySettingStatus
GetProfileType
ForceSyncFgPolicy
UnregisterGPNotification
GetAppliedGPOListW
RsopSetPolicySettingStatus
DestroyEnvironmentBlock
DeleteProfileW
RefreshPolicy
RegisterGPNotification
EnterCriticalPolicySection
CreateEnvironmentBlock
GetUserProfileDirectoryW
GetUserProfileDirectoryA
ExpandEnvironmentStringsForUserW
LeaveCriticalPolicySection
UnloadUserProfile
ProcessGroupPolicyCompletedEx
LoadUserProfileW
ProcessGroupPolicyCompleted
FreeGPOListW
GetDefaultUserProfileDirectoryW
GetAllUsersProfileDirectoryW

Sections

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 68KB - Virtual size: 439KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 315KB - Virtual size: 572KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 145KB - Virtual size: 209KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 204KB - Virtual size: 253KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 820B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f09383a1fce20e4261d88029dcdaf133

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

comctl32

setupapi

msvcrt

kernel32

crypt32

advapi32

userenv

Sections

.data Size: 2KB - Virtual size: 1KB

.text Size: 68KB - Virtual size: 439KB

.rdata Size: 315KB - Virtual size: 572KB

.idata Size: 145KB - Virtual size: 209KB

.bss Size: 204KB - Virtual size: 253KB

.rsrc Size: 79KB - Virtual size: 79KB

.reloc Size: 1024B - Virtual size: 820B

.data
Size: 2KB - Virtual size: 1KB

.text
Size: 68KB - Virtual size: 439KB

.rdata
Size: 315KB - Virtual size: 572KB

.idata
Size: 145KB - Virtual size: 209KB

.bss
Size: 204KB - Virtual size: 253KB

.rsrc
Size: 79KB - Virtual size: 79KB

.reloc
Size: 1024B - Virtual size: 820B