f1e53f36e857ff74e12f414c5a69cf4dba6b6e85bb46d21d28116cc743a970a2

Sharing

Copy URL Twitter E-mail

General

Target

f1e53f36e857ff74e12f414c5a69cf4dba6b6e85bb46d21d28116cc743a970a2
Size

120KB
MD5

42674315204e90f691afd5a8b6d6284f
SHA1

a2538eff454138063dcf40d9c65c40273d44bc3a
SHA256

f1e53f36e857ff74e12f414c5a69cf4dba6b6e85bb46d21d28116cc743a970a2
SHA512

c8ee11b23bcdd846f8214f4291fbd1fe7f6ab8204db540b237c9310a69976a5ba599698d9af93e318de8384e17622207c4613630a85bd8d160036f0fd9cb5555
SSDEEP

3072:xhKUABiarcH887/DMWRyPcsDGLgI9XUusRZh44ZoZfO:srrMzDJRMaLD9E33ZoZfO

Score

N/A

Malware Config

Signatures

Files

f1e53f36e857ff74e12f414c5a69cf4dba6b6e85bb46d21d28116cc743a970a2
.dll windows x86

ef8829a83a9c8fd8feda1f12a83f2d6a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteConsoleOutputCharacterW
DeleteTimerQueue
GetVolumeInformationW
SetConsoleCursor
SetComputerNameW
DeleteFiber
CreateMailslotA
GetLocalTime
CancelWaitableTimer
CreateIoCompletionPort
VerLanguageNameW
GetConsoleTitleA
FreeConsole
GetSystemTime
GetPrivateProfileIntW
SwitchToThread
GetMailslotInfo
Thread32First
IsValidLocale
GetModuleHandleA
GetTickCount
GetLargestConsoleWindowSize
FindResourceW
FreeLibrary
InvalidateConsoleDIBits
GetEnvironmentVariableA
VerifyConsoleIoHandle
GetEnvironmentStringsA
SetConsoleActiveScreenBuffer
InterlockedIncrement
TlsSetValue
LocalLock
SetCommMask
ContinueDebugEvent
OpenSemaphoreW
GetHandleInformation
VerLanguageNameA
GetStartupInfoW
GetProcAddress
VirtualAlloc
LoadLibraryA
GetVersion

gdi32

CreateColorSpaceA
PolyDraw
CreateFontA
SetBitmapDimensionEx
DeleteEnhMetaFile
SelectBrushLocal
GetPolyFillMode
SetICMProfileW
GetTextExtentPoint32W
PolyPolyline
CreateHatchBrush
GdiPlayPrivatePageEMF
OffsetWindowOrgEx
CreateBitmap
GetMetaFileW
SetViewportExtEx
GetCharABCWidthsFloatA
SetWinMetaFileBits
RealizePalette
StrokePath
SetTextCharacterExtra
SaveDC
GetGlyphIndicesA
RectInRegion
AngleArc
GetStockObject
OffsetViewportOrgEx
GetCharacterPlacementW
SetMetaRgn
GdiResetDCEMF
Ellipse
GetCharWidthI
SelectObject
SetDeviceGammaRamp
SetTextAlign
AbortDoc
DeviceCapabilitiesExW
PtVisible
ExtFloodFill
GetTextFaceW
SetDIBits
SetBkMode
BeginPath
CreateCompatibleBitmap
CreateDIBitmap
GdiGetPageHandle
GetStretchBltMode
GetEnhMetaFilePaletteEntries
RectVisible
DeleteDC
GetObjectA
GetTextExtentPointW
GetBitmapDimensionEx
CreateCompatibleDC
CreateColorSpaceW
CreateEllipticRgnIndirect
ArcTo
SetEnhMetaFileBits
GetDIBColorTable
GetEnhMetaFileA
CreatePalette
CopyEnhMetaFileW
DPtoLP
ChoosePixelFormat
GetBkMode
GetPixelFormat
RoundRect
GetPath
GetFontData
ScaleWindowExtEx
CreatePatternBrush
CreateDCW
CombineRgn
GetMetaFileBitsEx
GetTextMetricsW
DescribePixelFormat
CancelDC
SetPixelFormat
GetTextExtentExPointA
BitBlt
Rectangle

advapi32

ChangeServiceConfigW
RegQueryValueA
LookupPrivilegeNameA
LookupPrivilegeValueW
CryptSetProvParam
ObjectPrivilegeAuditAlarmW
CryptEnumProviderTypesA
SystemFunction014
I_ScSetServiceBitsA
GetCurrentHwProfileA
CancelOverlappedAccess
CreateServiceW
CryptImportKey
RegSetKeySecurity
AddAuditAccessAce
SystemFunction028
SystemFunction015
BuildImpersonateTrusteeW
LsaStorePrivateData
OpenSCManagerW
GetSecurityInfoExA
ClearEventLogA
GetSecurityDescriptorDacl
BuildImpersonateExplicitAccessWithNameW
FileEncryptionStatusA
SetPrivateObjectSecurityEx
GetTrusteeFormA
RegEnumKeyA
RegSaveKeyW
LsaLookupPrivilegeDisplayName
GetAuditedPermissionsFromAclA
AddAccessAllowedAceEx
RemoveUsersFromEncryptedFile
RegDeleteValueW
QueryServiceLockStatusA
LsaOpenSecret
MapGenericMask
GetMultipleTrusteeA
RegEnumKeyW
SystemFunction005
LookupSecurityDescriptorPartsW
LsaEnumerateAccountRights
GetOverlappedAccessResults
GetAclInformation
DuplicateToken
SetAclInformation
AreAnyAccessesGranted
SetSecurityInfoExW
SetServiceObjectSecurity
RegUnLoadKeyA
CryptVerifySignatureW
GetFileSecurityA
AddAccessAllowedAce
GetSecurityInfoExW
EncryptFileA
CryptAcquireContextA
LookupAccountNameW
LsaSetSecurityObject
ElfReadEventLogA
SystemFunction030
LookupAccountSidA
LsaClearAuditLog
RegLoadKeyW
LsaQueryDomainInformationPolicy
GetUserNameW
SystemFunction012
PrivilegeCheck
FreeEncryptionCertificateHashList
SetEntriesInAuditListA
ConvertSecurityDescriptorToStringSecurityDescriptorW
GetExplicitEntriesFromAclW
GetEffectiveRightsFromAclW
EnumServicesStatusA
GetSecurityDescriptorOwner
SystemFunction013
GetAuditedPermissionsFromAclW
CryptEnumProvidersW

opengl32

wglCreateContext
glTexCoord3sv
glFlush
glVertex4i
glVertex4f
glColor4sv
wglGetCurrentDC
glEvalCoord1dv
glTexCoord4s
wglDeleteContext
glRasterPos4f
glPopClientAttrib
glMap1d
glTexGeni
glColorMask
glEvalPoint2
glTexCoord3iv
glEvalCoord1fv
glStencilFunc
glGenLists
glLineWidth
glClipPlane
glRasterPos3s
glRasterPos2iv
glCopyTexSubImage1D
glNormal3iv
glFogiv
glNormal3f
GlmfPlayGlsRecord
GlmfCloseMetaFile
glVertex3f
glNewList
glRectf
glClearStencil
glEndList
glTexEnvi
glEnableClientState
glTexCoord2s
glTexCoord4d
glDisable
glMapGrid1d
wglShareLists
glDrawArrays
glPopName
glMaterialiv
wglUseFontOutlinesW
glPixelStoref
glPrioritizeTextures
glGetTexLevelParameteriv
glPolygonStipple
glGetTexGeniv
wglMakeCurrent
glPushMatrix
glVertex3fv
glIndexi
glColor4iv
glListBase
glRasterPos4i
glTexParameteriv
glTexGenf
glEnd
glAccum
glAlphaFunc
glLightModeliv
glGetTexEnvfv
glCopyTexImage2D
glPushClientAttrib
glVertex3iv
glRasterPos4d

shell32

StrStrIW
ExtractAssociatedIconExW
ShellAboutW
SHChangeNotify
StrStrW
DragQueryFileW
StrStrIA
SHFileOperationA
DuplicateIcon
DragQueryFileA
StrRChrA
SHFileOperationW
SHEmptyRecycleBinW
SHGetInstanceExplorer
InternalExtractIconListA
StrNCmpIW
ExtractAssociatedIconExA
StrCmpNA
SHGetDataFromIDListA
StrChrIW
StrChrW
ExtractIconExA
SheSetCurDrive
StrRStrIW
SHGetDataFromIDListW
SHGetSpecialFolderPathW
Shell_NotifyIconW
StrNCmpA

version

GetFileVersionInfoSizeA
VerFindFileA
GetFileVersionInfoSizeW

winmm

timeSetEvent
waveInGetID
mmTaskCreate
PlaySoundA
midiInGetDevCapsW
timeGetTime
NotifyCallbackData
waveOutGetDevCapsA
midiOutOpen
midiInGetID
joySetThreshold
midiStreamProperty
mixerGetNumDevs

winspool.drv

ord205
DeletePortW
DocumentPropertySheets
CloseSpoolFileHandle
AddPrinterA
SpoolerDevQueryPrintW
SetPrinterDataExW
EnumMonitorsA
StartDocPrinterW
ord203
EndDocPrinter
SeekPrinter
EnumPrinterKeyW
DeletePrinterDriverExA
SplDriverUnloadComplete
SetJobW
EnumPrinterDataA
GetPrinterDataA
ConfigurePortA
SetPortA
AddJobA
EnumPrinterKeyA
DeletePrintProcessorA
SetPrinterDataExA
AddJobW
ADVANCEDSETUPDIALOG
QuerySpoolMode
ord100
StartPagePrinter
DeletePrinterDataW
ord212
ord204
AdvancedDocumentPropertiesW
ConvertAnsiDevModeToUnicodeDevmode
OpenPrinterA
PrinterMessageBoxW
EnumPortsW
DeletePrinterKeyA
EnumPrintProcessorsW
AbortPrinter
DeleteMonitorA
DeviceMode
ord207
GetPrinterA
EXTDEVICEMODE
AddPortExA
OpenPrinterW
DevicePropertySheets
FindClosePrinterChangeNotification
ord215
AddPrinterDriverW
PlayGdiScriptOnPrinterIC
ClosePrinter
GetPrinterDriverDirectoryW
DeleteMonitorW
DeletePrinterDriverW
ConfigurePortW
AddPrintProcessorA
SetJobA
DocumentPropertiesA

msvcrt

_mbsnbcnt
_mbslen
_mbsrev
_mbscmp
_wcreat
div
memchr
atoi
isgraph
iscntrl
_callnewh
wcscspn
feof
_wtoi
_ismbbpunct
localeconv
log10
atexit
_beep
fseek
_putch
abort
_tolower
isalpha
_ultow
fopen
fprintf
_control87
_c_exit
_spawnv
fputc
_Getmonths
_except_handler2
_mbclen
_sopen
_access
_mbccpy
_findnexti64
_wstat
_spawnle
_ftime
fputs
fsetpos
sprintf
ftell
_ismbclegal
_fcloseall
frexp
ferror
printf
_spawnve
_fgetchar
_makepath
_mbctohira
_endthread
fclose
_rotl
_toupper
_heapmin
_vsnwprintf
_unlink
fwprintf
_read
fwrite
_flsbuf
_execvp
_stati64
memset
strcpy
fread

Exports

Exports

Floe
Itodd
Jeryrcic
Mvubx
Orcqhkjph
Rwyaq
Wuun
Wzwmz

Sections

.text
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ef8829a83a9c8fd8feda1f12a83f2d6a

Headers

File Characteristics

Imports

kernel32

gdi32

advapi32

opengl32

shell32

version

winmm

winspool.drv

msvcrt

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 41KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 52KB - Virtual size: 50KB

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 44KB - Virtual size: 41KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 52KB - Virtual size: 50KB

.reloc
Size: 8KB - Virtual size: 6KB