a70feb0664fcf9dd70df1fa80a3f23fe668378dbd7f83f82e22143e96916f6d2

Sharing

Copy URL Twitter E-mail

General

Target

a70feb0664fcf9dd70df1fa80a3f23fe668378dbd7f83f82e22143e96916f6d2
Size

40KB
MD5

12d3a269b4889e67241fd6efbabd2d32
SHA1

22a4c39c9bdedd30f9b0655ab856cb11b4e0b7e1
SHA256

a70feb0664fcf9dd70df1fa80a3f23fe668378dbd7f83f82e22143e96916f6d2
SHA512

8d3b45894743ed7dd7468bdccd22a2687340e5f1a6da87ecc1daa36cb246cee37be644cf2210e84cfddb1f3d106999d9dd9f6d28a553dd248e7fc22926245a22
SSDEEP

768:9K3fCxxgX+hZ8x17qfSzS3hkgQqursBHXztcrQYncHZNVXdMK:YPaoSZ87qESxHQqksB3OdcddD

Score

N/A

Malware Config

Signatures

Files

a70feb0664fcf9dd70df1fa80a3f23fe668378dbd7f83f82e22143e96916f6d2
.exe windows x86

a73eb17b8baeba3b2a24fa071da28001

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalLock
DebugSetProcessKillOnExit
GetModuleHandleExW
EnumResourceTypesW
GetVolumePathNamesForVolumeNameW
GetLogicalDriveStringsW
GetConsoleInputWaitHandle
GetThreadPriorityBoost
LocalSize
EnumDateFormatsExW
FreeConsole
Module32Next
IsBadHugeReadPtr
GetProfileSectionW
SetFileApisToOEM
LCMapStringW
WriteConsoleInputVDMA
_lclose
LockFileEx
VirtualAlloc
CreateNamedPipeA
IsBadWritePtr
OpenJobObjectA
GetLastError
SetConsoleCursorInfo
LoadLibraryA
lstrlen
GetCommandLineW
InvalidateConsoleDIBits
WriteFileEx
UnregisterWait
ExitProcess
ResetWriteWatch
IsValidLocale
OpenProfileUserMapping
QueueUserWorkItem
GetConsoleKeyboardLayoutNameW
GetStartupInfoA
WriteTapemark
WriteConsoleOutputCharacterW
CreateNamedPipeW
SetSystemPowerState
FindFirstChangeNotificationW
OpenSemaphoreA
RtlUnwind
OutputDebugStringW
TlsGetValue
GetThreadLocale
ReadDirectoryChangesW
GlobalAlloc
CreateJobObjectW
FindFirstVolumeW
Heap32ListFirst
EnumLanguageGroupLocalesA
SetConsoleCursor
ProcessIdToSessionId
CloseHandle
LoadLibraryExA
lstrcpy
SetConsoleInputExeNameW
SetEndOfFile
EnumCalendarInfoW
SetProcessAffinityMask

ntdll

RtlNumberGenericTableElements
RtlLogStackBackTrace
RtlAssert
RtlLargeIntegerAdd
RtlMultiByteToUnicodeN
_wtoi64
ZwOpenProcessToken
NlsAnsiCodePage
RtlIpv4AddressToStringW
NtTerminateProcess
RtlAddAccessDeniedAce
ZwAccessCheckByType
NtCreateDirectoryObject
NtQueryPortInformationProcess
ZwFlushKey
_strcmpi
NtQueryEvent
ZwQueryQuotaInformationFile
LdrSetDllManifestProber
ZwQueryVirtualMemory
NtSetSecurityObject
NtSetInformationObject
strncat
LdrAddRefDll
DbgUiConvertStateChangeStructure

gdi32

XFORMOBJ_bApplyXform
GdiGetPageHandle
SetMiterLimit
CreateFontIndirectA
GdiEntry10
GetFontAssocStatus
AddFontResourceW
SaveDC
DdEntry24
EngDeleteSemaphore
GetBkColor
EngReleaseSemaphore
GdiGetLocalDC
CreateFontA
STROBJ_bEnum
SetVirtualResolution
SetWindowOrgEx
EngAcquireSemaphore
SetROP2
GetCurrentPositionEx
GdiGetCharDimensions
SelectClipPath
NamedEscape
GdiStartPageEMF
CopyEnhMetaFileA
GdiAddFontResourceW
EnumICMProfilesA
EngTextOut
SetBitmapDimensionEx
BRUSHOBJ_hGetColorTransform
GetWindowOrgEx
Pie
EndDoc
GetMiterLimit
SetDCBrushColor

avifil32

AVIMakeStreamFromClipboard
AVIStreamGetFrameOpen
AVIStreamWrite
EditStreamClone
AVIStreamCreate
AVIStreamGetFrameClose
AVIStreamOpenFromFileA
AVIFileInfoA
AVISaveA
EditStreamSetInfoW
AVIFileReadData
AVIStreamInfo
AVIStreamBeginStreaming
AVIFileCreateStreamW
AVIStreamReadFormat
AVISaveVW
AVIStreamInfoW
IID_IAVIStream
AVIStreamGetFrame
EditStreamSetNameA
AVIFileEndRecord
EditStreamCut
EditStreamSetNameW
AVIMakeCompressedStream
AVIStreamSampleToTime
AVIStreamTimeToSample
AVIFileRelease
AVIStreamRead
AVISaveV
IID_IGetFrame
AVIStreamOpenFromFileW
AVIClearClipboard
AVIStreamLength
AVISaveW
AVIFileWriteData

msdart

?sm_lpOSVERSIONINFO@CMdVersionInfo@@0PAU_OSVERSIONINFOW@@A
?sm_wDefaultSpinCount@CSpinLock@@1GA
?TryReadLock@CReaderWriterLock@@QAE_NXZ
?_TryWriteLock2@CReaderWriterLock3@@AAE_NXZ
?TryReadLock@CSmallSpinLock@@QAE_NXZ
?BucketSizes@CLKRHashTableStats@@SGPBJXZ
?_Clear@CLKRLinearHashTable@@AAEX_N@Z
?FindRecord@CLKRHashTable@@QBE?AW4LK_RETCODE@@PBX@Z
?GetSpinCount@CSpinLock@@QBEGXZ
?_InsertThisIntoGlobalList@CLKRLinearHashTable@@AAEXXZ
?WriteUnlock@CSpinLock@@QAEXXZ
?InsertTail@CLockedDoubleList@@QAEXQAVCListEntry@@@Z
?_TryReadLock@CReaderWriterLock3@@AAE_NXZ
?GetSpinCount@CSmallSpinLock@@QBEGXZ
?IsEmpty@CLockedDoubleList@@QBE_NXZ
?_CurrentThreadId@CReaderWriterLock3@@CGJXZ
?IsWriteUnlocked@CLKRLinearHashTable@@QBE_NXZ
?_Expand@CLKRLinearHashTable@@AAE?AW4LK_RETCODE@@XZ
MpHeapCreate
?GetSpinCount@CReaderWriterLock2@@QBEGXZ
?IsWriteLocked@CSmallSpinLock@@QBE_NXZ
?_LockSpin@CReaderWriterLock@@AAEX_N@Z
??4CLockedSingleList@@QAEAAV0@ABV0@@Z
?IsWinNT@CMdVersionInfo@@SAHXZ
?MpHeapCompact@@YAKPAX@Z
?ConvertExclusiveToShared@CFakeLock@@QAEXXZ
?sm_wDefaultSpinCount@CSmallSpinLock@@1GA
?_ReadLockSpin@CReaderWriterLock@@AAEXXZ

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a73eb17b8baeba3b2a24fa071da28001

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ntdll

gdi32

avifil32

msdart

Sections

.text Size: 27KB - Virtual size: 27KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 1KB - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 2KB

.text
Size: 27KB - Virtual size: 27KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 2KB