eb0b808905575c26cec79a1294419400ff91cdb0dbbe0449d643761f76b32cb8

Sharing

Copy URL Twitter E-mail

General

Target

eb0b808905575c26cec79a1294419400ff91cdb0dbbe0449d643761f76b32cb8
Size

231KB
MD5

11c50f42fed6610eb8e28ab9bbd746b0
SHA1

106b5ad0cae5ac96b02bc8358f6e3c8bf7ca5564
SHA256

eb0b808905575c26cec79a1294419400ff91cdb0dbbe0449d643761f76b32cb8
SHA512

fa0a0000d49f15648af7ab1f178ece42b7174b8c3ff59bd655d439f1328925b3545c18698e9ed402b67415305805babaafa59572a3735960641417a1b0b40201
SSDEEP

3072:6rdZYy4QTcpOnzMJoiWqdbmNTdNJCxdJalfw4oZz6eNHaMCOnbG:6rdBhT4On+j0dfCTJaJwTnNCOna

Score

N/A

Malware Config

Signatures

Files

eb0b808905575c26cec79a1294419400ff91cdb0dbbe0449d643761f76b32cb8
.exe windows x86

cc9239bbfa410a653ed0406fa2fff169

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mpr

WNetGetNetworkInformationA
WNetGetLastErrorA
WNetCancelConnection2A
WNetCancelConnectionW
WNetGetProviderNameW
WNetGetResourceParentA
WNetGetResourceInformationA
WNetGetResourceParentW
WNetDisconnectDialog1W
WNetAddConnection3W
WNetGetUserA
MultinetGetConnectionPerformanceW
WNetGetLastErrorW
WNetOpenEnumA
WNetGetConnectionA
MultinetGetConnectionPerformanceA
WNetGetNetworkInformationW
WNetDisconnectDialog1A
WNetConnectionDialog1W
WNetSetLastErrorA
WNetOpenEnumW

crypt32

CertGetPublicKeyLength
CertAddEncodedCertificateToSystemStoreA
CertDeleteCTLFromStore
CertSetEnhancedKeyUsage
CertFindCertificateInCRL
CertEnumPhysicalStore
CryptSIPLoad
CryptLoadSip
CertEnumSystemStore
CertVerifyRevocation
CryptRegisterDefaultOIDFunction
CertResyncCertificateChainEngine
CryptUninstallDefaultContext
CryptVerifyCertificateSignatureEx
CryptMsgDuplicate
CertFindCertificateInStore
CertSerializeCTLStoreElement
CryptSetOIDFunctionValue
CertGetEnhancedKeyUsage
CryptInstallOIDFunctionAddress
CertSetCRLContextProperty
CryptEnumOIDFunction
CertAddEncodedCTLToStore
CryptMsgVerifyCountersignatureEncoded
CryptCreateKeyIdentifierFromCSP
CertFreeCRLContext
CryptGetKeyIdentifierProperty
CertSerializeCRLStoreElement
CertFindCTLInStore

ole32

HACCEL_UserUnmarshal
WriteClassStm
IsAccelerator
CoGetMarshalSizeMax
OleCreateEx
DllGetClassObjectWOW
GetHGlobalFromStream
OleGetIconOfClass
HWND_UserMarshal
CreatePointerMoniker
PropSysFreeString
CoCreateObjectInContext
OleDoAutoConvert
CoResumeClassObjects
ReadClassStm
HWND_UserUnmarshal
CoFileTimeToDosDateTime
IsEqualGUID
HBITMAP_UserMarshal
OleGetAutoConvert
HBITMAP_UserUnmarshal
CoRevokeClassObject
HBITMAP_UserFree
ReadStringStream
ReadOleStg
CoInitializeSecurity
HMENU_UserUnmarshal
CLSIDFromProgID

gdi32

GetObjectType
GetDeviceGammaRamp
CreateEllipticRgnIndirect
EnumICMProfilesW
CreatePatternBrush
SetColorAdjustment
CreateColorSpaceW
SetBkColor
SetDIBits
CreateCompatibleBitmap
CreateDiscardableBitmap
CreatePen
GetCurrentPositionEx
CancelDC
GetClipBox
GetBitmapBits
SetTextAlign
SetPixelFormat
GetCharABCWidthsA
StretchDIBits
SetEnhMetaFileBits
ScaleViewportExtEx
GetTextMetricsW
EndFormPage
DeleteEnhMetaFile
CreateHalftonePalette
GetBrushOrgEx
PolyBezierTo
CreatePenIndirect
Polyline
GetCurrentObject
GetTextFaceA

query

CITextToFullTree
CICreateCommand
LocateCatalogsW
CIGetGlobalPropertyList
CIBuildQueryNode
DoneCIPerformanceData
BindIFilterFromStorage
CITextToFullTreeEx
DoneFILTERPerformanceData
LoadBinaryFilter
CITextToSelectTree
CIState
CIBuildQueryTree
InitializeCIPerformanceData
CollectCIPerformanceData
SetupCache
CIMakeICommand
LoadTextFilter

kernel32

CreateMailslotA
GetDateFormatW
GetAtomNameW
GetEnvironmentVariableW
_lwrite
ResetWriteWatch
GetProcessWorkingSetSize
PostQueuedCompletionStatus
FindNextVolumeMountPointW
GetUserDefaultLangID
FreeLibrary
FindFirstFileExA
GetDefaultCommConfigW
GetFileAttributesA
lstrcmpiW
GetCPInfo
GetQueuedCompletionStatus
DebugBreak
GetNamedPipeInfo
BindIoCompletionCallback
CreatePipe
GlobalFindAtomW
CreateFileW
GetFileTime
OpenEventW
SetMailslotInfo
BackupSeek
GetCurrentDirectoryA
IsBadStringPtrA
GetDiskFreeSpaceW
FindNextVolumeA

comctl32

DrawStatusTextA
PropertySheetA
ImageList_SetIconSize
ImageList_GetImageInfo
ImageList_Remove
ImageList_DrawEx
ImageList_DragShowNolock
ImageList_Replace
CreatePropertySheetPageW
ImageList_GetDragImage
ImageList_DrawIndirect
DrawInsert
FlatSB_GetScrollRange
LBItemFromPt
FlatSB_ShowScrollBar
FlatSB_GetScrollPos
GetMUILanguage
ImageList_ReplaceIcon
ImageList_Draw
ImageList_Write
InitMUILanguage
FlatSB_SetScrollInfo
ImageList_Duplicate
ImageList_Add

psapi

GetDeviceDriverBaseNameA
GetDeviceDriverFileNameA
EnumProcessModules
EmptyWorkingSet
EnumProcesses
GetWsChanges
GetMappedFileNameA
GetDeviceDriverBaseNameW
QueryWorkingSet
GetMappedFileNameW

rpcrt4

NdrComplexArrayFree
NdrConformantStringMarshall
UuidToStringA
RpcServerListen
RpcSsSwapClientAllocFree
NdrMesTypeDecode
NdrInterfacePointerMarshall
NdrServerUnmarshall
NdrXmitOrRepAsBufferSize
RpcBindingInqAuthInfoExW

winmm

midiInGetErrorTextW
timeGetSystemTime
waveInReset
mciGetDriverData
midiInUnprepareHeader
wid32Message
mixerOpen
OpenDriver
mmioAscend
waveInGetPosition
midiStreamOut
midiInGetDevCapsA
waveOutReset
midiOutGetNumDevs
midiInStart
mmioInstallIOProcW
mmioRenameW
WOW32ResolveMultiMediaHandle
mmsystemGetVersion
mciSetYieldProc
mci32Message
waveInGetNumDevs
waveInOpen
mmioOpenW
waveInStop
mmioRenameA
mmioGetInfo
waveOutGetPlaybackRate
waveOutGetNumDevs
waveOutRestart
midiOutUnprepareHeader

winspool.drv

DeviceMode
AddPrinterW
GetDefaultPrinterA
EnumPortsW
GetFormW
GetJobA
SetFormA
DeviceCapabilitiesA
DeletePortA
FreePrinterNotifyInfo
EnumPrinterDriversW
EnumPrintersW
QueryRemoteFonts
SpoolerPrinterEvent
EndPagePrinter
GetPrintProcessorDirectoryA
DeviceCapabilitiesW
SplDriverUnloadComplete
SetPrinterDataExA
EnumFormsA
GetPrinterW
SetDefaultPrinterA
EXTDEVICEMODE
CommitSpoolData
AddPrintProcessorA
QueryColorProfile
XcvDataW
QuerySpoolMode

user32

CharToOemW
SetWindowPos
LoadKeyboardLayoutA
GetClassInfoExA
IsClipboardFormatAvailable
FindWindowExW
GetPropA
MsgWaitForMultipleObjectsEx
EditWndProc
DrawTextA
GetQueueStatus
GetKeyboardLayout
CopyRect
GetClientRect
GetAsyncKeyState
RegisterDeviceNotificationW
DestroyMenu
SetCaretBlinkTime
GetKBCodePage
GetWindowModuleFileNameW
PostQuitMessage
DeleteMenu
VkKeyScanA
GetKeyNameTextW
SetDlgItemTextW
GetDoubleClickTime
MonitorFromWindow
OpenIcon
DdeInitializeW
DdeDisconnectList
GetCapture
SwitchToThisWindow

advapi32

CopySid
BuildTrusteeWithNameW
ObjectPrivilegeAuditAlarmW
SystemFunction028
SystemFunction029
QueryServiceStatusEx
LsaSetInformationPolicy
GetUserNameW
SetThreadToken
StartServiceCtrlDispatcherA
MakeAbsoluteSD
AddAccessDeniedAce
SetServiceStatus
LookupPrivilegeValueA
LsaCreateSecret
QueryServiceObjectSecurity
SetEntriesInAuditListA
RegCreateKeyA
AddAccessAllowedObjectAce
AddAccessAllowedAce
SystemFunction006
OpenEncryptedFileRawW
SetSecurityDescriptorSacl
UninstallApplication
CryptSetProviderA
CryptGenKey
PrivilegedServiceAuditAlarmW
RegOpenKeyW
CryptDestroyKey
EnableTrace

shell32

DragQueryFileAorW
SHGetFileInfoA
ExtractIconExW
SHFormatDrive
SHGetFolderPathW
SHGetPathFromIDListW
SHGetDesktopFolder
InternalExtractIconListW
SheSetCurDrive
ShellHookProc
SHIsFileAvailableOffline
SheChangeDirA
SHLoadInProc
CheckEscapesW
SHGetFolderLocation
SHGetNewLinkInfoW
SHGetDiskFreeSpaceA
ShellExecuteExW
InternalExtractIconListA
ExtractIconA
SHBrowseForFolderA
Shell_NotifyIconW
ExtractIconExA
SHGetPathFromIDListA
SHFileOperationA
SHGetIconOverlayIndexW
SHCreateProcessAsUserW
SHFileOperationW

pdh

PdhComputeCounterStatistics
PdhGetCounterInfoA
PdhLookupPerfIndexByNameA
PdhLookupPerfNameByIndexW
PdhGetDefaultPerfCounterW
PdhEnumObjectItemsW
PdhSetQueryTimeRange
PdhVbGetLogFileSize
PdhGetFormattedCounterArrayA
PdhUpdateLogW
PdhValidatePathW
PdhExpandWildCardPathW
PdhExpandCounterPathA
PdhValidatePathA
PdhParseInstanceNameA
PdhBrowseCountersA
PdhCloseLog
PdhVbGetDoubleCounterValue
PdhVbGetCounterPathElements
PdhConnectMachineW
PdhOpenQueryA
PdhVbIsGoodStatus
PdhGetFormattedCounterArrayW
PdhEnumObjectsW
PdhBrowseCountersW

Sections

.text
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 335KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cc9239bbfa410a653ed0406fa2fff169

Headers

File Characteristics

Imports

mpr

crypt32

ole32

gdi32

query

kernel32

comctl32

psapi

rpcrt4

winmm

winspool.drv

user32

advapi32

shell32

pdh

Sections

.text Size: 73KB - Virtual size: 73KB

.rdata Size: 19KB - Virtual size: 19KB

.data Size: 32KB - Virtual size: 335KB

.rsrc Size: 105KB - Virtual size: 104KB

.text
Size: 73KB - Virtual size: 73KB

.rdata
Size: 19KB - Virtual size: 19KB

.data
Size: 32KB - Virtual size: 335KB

.rsrc
Size: 105KB - Virtual size: 104KB