476b543ae2c40822204958fbfec1337379d5e4fa507f340c13903b77f66e81d8

Sharing

Copy URL Twitter E-mail

General

Target

476b543ae2c40822204958fbfec1337379d5e4fa507f340c13903b77f66e81d8
Size

530KB
MD5

10bb238d982067b35fd6af1c96f175f0
SHA1

b3270b189d4af6be5dce7629f43a2ac44d50b77a
SHA256

476b543ae2c40822204958fbfec1337379d5e4fa507f340c13903b77f66e81d8
SHA512

88da70e6fdc2d55a68ada73dc9f15d708c8b2660c565ee6f8ff4fdbea76783ad9aabc99d775b7ff025e8a167d40edc521d97165958c39f26da2cd514add1857d
SSDEEP

12288:XHk2+MDNKw29nLWrf+30Ln1K5quJYrpQ3Pdpz:Xt+MZ32M+8QJJYgPdp

Score

N/A

Malware Config

Signatures

Files

476b543ae2c40822204958fbfec1337379d5e4fa507f340c13903b77f66e81d8
.dll windows x86

9f5157a35502b9ecb33ff71d3f58d92a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

AccessCheckByTypeAndAuditAlarmA
ConvertStringSidToSidW
DecryptFileA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueA
RegSetValueExA
SetAclInformation
CryptSetProvParam
RegCreateKeyExA
AddUsersToEncryptedFile
CryptImportKey
GetMultipleTrusteeW
CryptGetHashParam
DecryptFileW
LsaOpenSecret
OpenProcessToken
ProcessTrace
RegDeleteKeyA
AddAce
BuildImpersonateTrusteeW
ElfNumberOfRecords
GetNamedSecurityInfoW
LsaEnumerateTrustedDomains
LsaOpenTrustedDomain
RegEnumValueW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
SetSecurityDescriptorGroup

kernel32

FreeLibrary
GetCurrentThreadId
GetModuleFileNameW
GetProcAddress
GetSystemWindowsDirectoryA
InitializeCriticalSectionAndSpinCount
LoadLibraryW
OutputDebugStringA
CloseHandle
CreateEventA
CreateFileW
CreateSemaphoreA
GetProfileIntA
GlobalFree
GlobalHandle
GlobalUnlock
HeapDestroy
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
LocalAlloc
LocalFree
LocalHandle
MultiByteToWideChar
ReleaseSemaphore
ResetEvent
SetConsoleMode
SetEvent
SetThreadPriority
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
lstrlenA
ExpandEnvironmentStringsA
GetDriveTypeA
GetFullPathNameA
GetModuleFileNameA
InterlockedCompareExchange
RaiseException
SearchPathA
Sleep
CreateIoCompletionPort
GetCurrentProcess
GetLocalTime
SetUnhandledExceptionFilter
TerminateProcess
UnhandledExceptionFilter
lstrcatW
lstrcpyW
lstrlenW
CompareStringA
CompareStringW
CreateFileA
DeleteFileA
EnumDateFormatsExA
FlushFileBuffers
GetCurrencyFormatA
GetModuleHandleA
GetProcessVersion
GetTempFileNameA
GetVersion
GlobalAlloc
GlobalLock
GlobalReAlloc
IsBadReadPtr
OpenFile
ReadFile
SetFilePointer
lstrcpyA
CreateEventW
CreateThread
FindFirstVolumeW
GetBinaryTypeW
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
ResumeThread
CreateProcessA
FormatMessageA
GetFileAttributesA
GetPrivateProfileSectionA
GetSystemDirectoryA
GetWindowsDirectoryA
LoadLibraryA
LoadLibraryExW
MoveFileA
SetFileAttributesA
WaitForSingleObjectEx
WriteFile
lstrcatA
lstrcpynA
CreateDirectoryW
CreateTimerQueueTimer
FindClose
FindFirstFileW
FindNextFileW
FormatMessageW
GetComputerNameW
GetProcessHeap
GetStringTypeW
HeapWalk
LoadResource
LockResource
SetSystemTime
SizeofResource
lstrcmpi
VirtualAlloc
DnsHostnameToComputerNameW
GetEnvironmentStrings
MapUserPhysicalPagesScatter
ReleaseMutex
SetThreadExecutionState
lstrcpynW
GetLocaleInfoW
GetLastError
HeapFree
HeapAlloc
GetExitCodeProcess
GetCurrentDirectoryA
SetCurrentDirectoryA
SetErrorMode
ExitThread
MoveFileW
GetModuleHandleW
ExitProcess
GetCPInfo
HeapSize
GetTimeFormatA
GetDateFormatA
FindFirstFileA
FindNextFileA
GetFileType
DeleteCriticalSection
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
IsDBCSLeadByteEx
ReadConsoleA
GetConsoleCP
ReadConsoleW
GetConsoleMode
SetEnvironmentVariableA
GetCommandLineA
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThread
IsDebuggerPresent
SetHandleCount
GetStdHandle
GetStartupInfoA
HeapCreate
VirtualFree
HeapReAlloc
LCMapStringW
SetConsoleCtrlHandler
LCMapStringA
GetStringTypeA
SetStdHandle
GetTimeZoneInformation
ReadConsoleInputA
PeekConsoleInputA
GetNumberOfConsoleInputEvents
FileTimeToSystemTime
FileTimeToLocalFileTime
SetEndOfFile
GetFileAttributesW
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
RtlUnwind
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateProcessW
SetEnvironmentVariableW

ole32

OpenOrCreateStream
HMETAFILE_UserFree
HMETAFILEPICT_UserFree
CLIPFORMAT_UserSize
StgCreateDocfile
OleCreateEmbeddingHelper
HMENU_UserMarshal
HENHMETAFILE_UserSize
CLIPFORMAT_UserMarshal
HDC_UserFree
ReadClassStm
CoGetClassObject
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
SNB_UserUnmarshal
CoTaskMemRealloc

oleaut32

VarCyAdd
VarDateFromR4
VarCyFromUI4
VarR4FromUI4
VarDecFromR4
VarCyFromUI2
OleLoadPictureFileEx
VarBstrCmp
VarR8FromDisp
VarI2FromUI4
VarDateFromR8
VarCyFromR8
OleLoadPicturePath

shell32

SHBrowseForFolderA

Exports

Exports

nheasgotlt

Sections

.text
Size: 431KB - Virtual size: 431KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9f5157a35502b9ecb33ff71d3f58d92a

Headers

File Characteristics

Imports

advapi32

kernel32

ole32

oleaut32

shell32

Exports

Exports

Sections

.text Size: 431KB - Virtual size: 431KB

.rdata Size: 54KB - Virtual size: 54KB

.data Size: 27KB - Virtual size: 41KB

.reloc Size: 15KB - Virtual size: 15KB

.text
Size: 431KB - Virtual size: 431KB

.rdata
Size: 54KB - Virtual size: 54KB

.data
Size: 27KB - Virtual size: 41KB

.reloc
Size: 15KB - Virtual size: 15KB