1097d8f6b933f04b08fcf7931bbd2b3e9e19e9b0dda387fa1ee144ff8268d8b8

Sharing

Copy URL Twitter E-mail

General

Target

1097d8f6b933f04b08fcf7931bbd2b3e9e19e9b0dda387fa1ee144ff8268d8b8
Size

727KB
MD5

536dae0677aec258d5206e701e6964c0
SHA1

3a69db665c17612ca1f7d45e1820e7841b291e90
SHA256

1097d8f6b933f04b08fcf7931bbd2b3e9e19e9b0dda387fa1ee144ff8268d8b8
SHA512

9a576a88fe5ea9c90b62b56ebdc25b32cf49fd43f29eff5e66394fd68fdc986f775667fa85944c384929265f75249cb762cf95d117fc7409168fa17fca89ccba
SSDEEP

12288:o72+n0iq2GokUuMx0GM78fFCZW7SG7cD3pU:4iHFoj0V7wFCZW+6E3

Score

N/A

Malware Config

Signatures

Files

1097d8f6b933f04b08fcf7931bbd2b3e9e19e9b0dda387fa1ee144ff8268d8b8
.dll windows x86

9792753cc315a36f249a28883cb0284d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_vsnwprintf
isdigit
memcpy
_except_handler4_common
_amsg_exit
_initterm
free
malloc
_XcptFilter
memset
??2@YAPAXI@Z
??3@YAXPAX@Z

kernel32

GetCurrentThread
InterlockedIncrement
InterlockedDecrement
DisableThreadLibraryCalls
LoadLibraryA
GetModuleHandleA
CloseHandle
ExpandEnvironmentStringsW
GetModuleHandleExW
LocalAlloc
LocalFree
GetUserDefaultUILanguage
GetLocaleInfoW
LoadLibraryW
GetModuleHandleW
GetProcAddress
GetFileAttributesW
GetVersion
GetLastError
InitializeSRWLock
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
SetLastError
GetModuleFileNameW
OutputDebugStringA
CompareStringOrdinal
FreeLibrary
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
FormatMessageW
GetTickCount
InterlockedExchange
HeapAlloc
GetProcessHeap
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork
Sleep
InterlockedCompareExchange
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter

shlwapi

ord219
ord631
StrStrW
PathParseIconLocationW
StrChrW
ord278
ord158
SHRegGetValueW

advapi32

EventRegister
EventUnregister
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
ConvertSidToStringSidW
OpenThreadToken
OpenProcessToken
RegSetValueExW
RegGetValueW
GetTokenInformation
EventWrite

user32

SetPropW
ShowWindow
NotifyWinEvent
PostMessageW
SetTimer
SetWindowLongW
LoadCursorW
DispatchMessageW
TranslateMessage
GetMessageW
RemovePropW
CalculatePopupWindowPosition
SetWindowPos
SendMessageW
IsWindowVisible
PostQuitMessage
GetAncestor
CreateWindowExW
DestroyIcon
LoadStringW
LoadMenuW
GetSubMenu
GetCursorPos
KillTimer
GetProcessDefaultLayout
DefWindowProcW
GetWindowLongW
GetDoubleClickTime
RegisterClassExW
AdjustWindowRectEx
InflateRect
PtInRect
SetForegroundWindow
TrackPopupMenuEx
DestroyMenu
DestroyWindow
GetWindowRect

ntdll

WinSqmAddToStream
WinSqmAddToStreamEx
WinSqmIncrementDWORD

rpcrt4

NdrOleAllocate
NdrOleFree
IUnknown_QueryInterface_Proxy
IUnknown_AddRef_Proxy
IUnknown_Release_Proxy
CStdStubBuffer_QueryInterface
CStdStubBuffer_AddRef
NdrCStdStubBuffer_Release
CStdStubBuffer_Disconnect
CStdStubBuffer_Invoke
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_CountRefs
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_Connect
NdrDllCanUnloadNow
NdrDllGetClassObject

ole32

HWND_UserSize
CoCreateFreeThreadedMarshaler
StringFromGUID2
HWND_UserMarshal
HWND_UserUnmarshal
HWND_UserFree
CoCreateInstance
CoTaskMemFree
CoGetMalloc
CoTaskMemAlloc
CoUninitialize
CoInitializeEx
CoTaskMemRealloc

oleaut32

SysAllocString

shell32

SHQueryUserNotificationState
ord723
ShellExecuteExW
Shell_NotifyIconGetRect
Shell_NotifyIconW

dui70

?SetXMLFromResource@DUIXmlParser@DirectUI@@QAEJIPAUHINSTANCE__@@0@Z
?CreateElement@DUIXmlParser@DirectUI@@QAEJPBGPAVElement@2@1PAKPAPAV32@@Z
?Add@Element@DirectUI@@QAEJPAV12@@Z
?SetWrapKeyboardNavigate@HWNDElement@DirectUI@@QAEJ_N@Z
GetElementDataEntry
?SetContentString@Element@DirectUI@@QAEJPBG@Z
??1HWNDElement@DirectUI@@UAE@XZ
?WndProc@HWNDElement@DirectUI@@UAEJPAUHWND__@@IIJ@Z
?CreateStyleParser@HWNDElement@DirectUI@@UAEJPAPAVDUIXmlParser@2@@Z
?CanSetFocus@HWNDElement@DirectUI@@UAE_NXZ
?OnCompositionChanged@HWNDElement@DirectUI@@UAEXXZ
?OnWmThemeChanged@HWNDElement@DirectUI@@UAEXIJ@Z
?OnGetDlgCode@HWNDElement@DirectUI@@UAEXPAUtagMSG@@PAJ@Z
?OnNoChildWithShortcutFound@HWNDElement@DirectUI@@UAEXPAUKeyboardEvent@2@@Z
?OnThemeChanged@HWNDElement@DirectUI@@UAEXPAUThemeChangedEvent@2@@Z
?GetHWND@HWNDElement@DirectUI@@UAEPAUHWND__@@XZ
?HandleUiaEventListener@Element@DirectUI@@UAEXPAUEvent@2@@Z
?HandleUiaPropertyChangingListener@Element@DirectUI@@UAEXPBUPropertyInfo@2@@Z
?HandleUiaPropertyListener@Element@DirectUI@@UAEXPBUPropertyInfo@2@HPAVValue@2@1@Z
?HandleUiaDestroyListener@Element@DirectUI@@UAEXXZ
?GetElementProviderImpl@Element@DirectUI@@UAEJPAVInvokeHelper@2@PAPAVElementProvider@2@@Z
?DefaultAction@Element@DirectUI@@UAEJXZ
?SetLayout@Element@DirectUI@@QAEJPAVLayout@2@@Z
?GetClassInfoW@HWNDElement@DirectUI@@UAEPAUIClassInfo@2@XZ
?Create@FillLayout@DirectUI@@SGJPAPAVLayout@2@@Z
?SetDirection@Element@DirectUI@@QAEJH@Z
?Initialize@HWNDElement@DirectUI@@QAEJPAUHWND__@@_NIPAVElement@2@PAK@Z
?GetChildren@Element@DirectUI@@QAEPAV?$DynamicArray@PAVElement@DirectUI@@$0A@@2@PAPAVValue@2@@Z
?SetDataEngine@Repeater@DirectUI@@QAEXPAUIDataEngine@2@@Z
?SetAccState@Element@DirectUI@@QAEJH@Z
?SetLayoutPos@Element@DirectUI@@QAEJH@Z
?GetKeyFocused@Element@DirectUI@@UAE_NXZ
?RemoveTooltip@HWNDElement@DirectUI@@UAEXPAVElement@2@@Z
?ActivateTooltip@HWNDElement@DirectUI@@UAEXPAVElement@2@K@Z
?UpdateTooltip@HWNDElement@DirectUI@@UAEXPAVElement@2@@Z
?OnUnHosted@Element@DirectUI@@MAEXPAV12@@Z
?OnHosted@Element@DirectUI@@MAEXPAV12@@Z
?_SelfLayoutUpdateDesiredSize@Element@DirectUI@@MAE?AUtagSIZE@@HHPAVSurface@2@@Z
?_SelfLayoutDoLayout@Element@DirectUI@@MAEXHH@Z
?Create@DUIXmlParser@DirectUI@@SGJPAPAV12@P6GPAVValue@2@PBGPAX@Z2P6GX11H2@Z2@Z
?MessageCallback@Element@DirectUI@@UAEIPAUtagGMSG@@@Z
?SetKeyFocus@Element@DirectUI@@UAEXXZ
?EnsureVisible@Element@DirectUI@@UAE_NHHHH@Z
?GetAdjacent@Element@DirectUI@@UAEPAV12@PAV12@HPBUNavReference@2@K@Z
?Remove@Element@DirectUI@@UAEJPAPAV12@I@Z
?Insert@Element@DirectUI@@UAEJPAPAV12@II@Z
?Add@Element@DirectUI@@UAEJPAPAV12@I@Z
?GetContentSize@Element@DirectUI@@UAE?AUtagSIZE@@HHPAVSurface@2@@Z
?Paint@Element@DirectUI@@UAEXPAUHDC__@@PBUtagRECT@@1PAU4@2@Z
?OnMouseFocusMoved@Element@DirectUI@@UAEXPAV12@0@Z
?OnKeyFocusMoved@Element@DirectUI@@UAEXPAV12@0@Z
?OnGroupChanged@HWNDElement@DirectUI@@UAEXH_N@Z
?OnPropertyChanged@Element@DirectUI@@UAEXPAUPropertyInfo@2@HPAVValue@2@1@Z
?OnPropertyChanged@HWNDElement@DirectUI@@UAEXPBUPropertyInfo@2@HPAVValue@2@1@Z
?OnPropertyChanging@Element@DirectUI@@UAE_NPAUPropertyInfo@2@HPAVValue@2@1@Z
?OnPropertyChanging@Element@DirectUI@@UAE_NPBUPropertyInfo@2@HPAVValue@2@1@Z
?GetContentStringAsDisplayed@Element@DirectUI@@UAEPBGPAPAVValue@2@@Z
?IsContentProtected@Element@DirectUI@@UAE_NXZ
?IsRTLReading@Element@DirectUI@@UAE_NXZ
??0HWNDElement@DirectUI@@QAE@XZ
??1IDataEngine@DirectUI@@UAE@XZ
??0IDataEngine@DirectUI@@QAE@XZ
?GetClassInfoPtr@Macro@DirectUI@@SGPAUIClassInfo@2@XZ
?Destroy@DUIXmlParser@DirectUI@@QAEXXZ
?SetClass@Element@DirectUI@@QAEJPBG@Z
?SetVisible@Element@DirectUI@@QAEJ_N@Z
?GetContentString@Element@DirectUI@@QAEPBGPAPAVValue@2@@Z
?SetAccName@Element@DirectUI@@QAEJPBG@Z
?OnInput@HWNDElement@DirectUI@@UAEXPAUInputEvent@2@@Z
?OnEvent@HWNDElement@DirectUI@@UAEXPAUEvent@2@@Z
?SetActive@Element@DirectUI@@QAEJH@Z
?KeyboardNavigate@Element@DirectUI@@SG?AVUID@@XZ
?Release@Value@DirectUI@@QAEXXZ
StrToID
?FindDescendent@Element@DirectUI@@QAEPAV12@G@Z
??1IDataEntry@DirectUI@@UAE@XZ
?Click@Button@DirectUI@@SG?AVUID@@XZ
UnInitThread
InitThread
?SetAccRole@Element@DirectUI@@QAEJH@Z
?QueryInterface@Element@DirectUI@@UAGJABU_GUID@@PAPAX@Z
?SetAccessible@Element@DirectUI@@QAEJ_N@Z
?GetAccessibleImpl@HWNDElement@DirectUI@@UAEJPAPAUIAccessible@@@Z
??0IDataEntry@DirectUI@@QAE@XZ
UnInitProcessPriv
InitProcessPriv
?EndDefer@Element@DirectUI@@QAEXK@Z
?StartDefer@Element@DirectUI@@QAEXPAK@Z
?OnDestroy@HWNDElement@DirectUI@@UAEXXZ

dwmapi

DwmIsCompositionEnabled
DwmSetWindowAttribute

comctl32

ord328
ord332
ord336
ord335
ord386
ord329
ord334

wevtapi

EvtSeek
EvtSubscribe
EvtQuery
EvtNext
EvtCreateRenderContext
EvtRender
EvtClose
EvtCreateBookmark
EvtUpdateBookmark

slc

SLGetWindowsInformationDWORD

crypt32

CryptProtectData
CryptUnprotectData

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 1024B - Virtual size: 732B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 606KB - Virtual size: 605KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9792753cc315a36f249a28883cb0284d

Headers

File Characteristics

Imports

msvcrt

kernel32

shlwapi

advapi32

user32

ntdll

rpcrt4

ole32

oleaut32

shell32

dui70

dwmapi

comctl32

wevtapi

slc

crypt32

Exports

Exports

Sections

.text Size: 109KB - Virtual size: 109KB

.orpc Size: 1024B - Virtual size: 732B

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 606KB - Virtual size: 605KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 109KB - Virtual size: 109KB

.orpc
Size: 1024B - Virtual size: 732B

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 606KB - Virtual size: 605KB

.reloc
Size: 8KB - Virtual size: 8KB