9cb18e4c61c0cc48094ef24ac43e0b3fa122c70c9e451cfedaf4ba8ad6d2f8b8

Sharing

Copy URL Twitter E-mail

General

Target

9cb18e4c61c0cc48094ef24ac43e0b3fa122c70c9e451cfedaf4ba8ad6d2f8b8
Size

228KB
MD5

a17d1ec94c08346cdf51132f70922000
SHA1

c98942c723ae5b3581b7ffe1634aa8f1ada6ef44
SHA256

9cb18e4c61c0cc48094ef24ac43e0b3fa122c70c9e451cfedaf4ba8ad6d2f8b8
SHA512

4c6a06b9e24ca4da0458d4e3e3636d51adfc2c16c3e86a3c03814856c3f776dc97ed2069a456ea66d6d4a6b61fe5926f0c2216d36153990e1ae608aef6253fa1
SSDEEP

6144:zDnVxVnGX2Yrf2yo88klYq82lFG/wdYzAulYUi:rFGPfNo8Nu2lWwdY0

Score

N/A

Malware Config

Signatures

Files

9cb18e4c61c0cc48094ef24ac43e0b3fa122c70c9e451cfedaf4ba8ad6d2f8b8
.exe windows x86

f70dda25065784a138c1d82a03c6db0a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

oleacc

CreateStdAccessibleObject

comdlg32

ChooseFontW
GetOpenFileNameW
ReplaceTextA
CommDlgExtendedError
FindTextW

winspool.drv

ScheduleJob
AdvancedDocumentPropertiesA
GetPrinterDriverA
AddPrinterDriverExA
EnumPrintProcessorDatatypesA
EnumPrintProcessorsA
DeletePrinterDriverA
AddMonitorA
DeletePrinterConnectionW
DeletePrinterDriverW
EnumPrintersW
SetFormA
AddPrintProvidorA
DeviceCapabilitiesA
FindNextPrinterChangeNotification
GetFormW
AddPrinterDriverA
EnumPrinterKeyW
PrinterMessageBoxW
AddPrinterConnectionA
DeletePortA
ReadPrinter
AbortPrinter
AddPrintProcessorA
AddPrinterW
EnumJobsA
SetPortA
AddJobW
SetPrinterDataA
DeleteFormA
DeletePrinterConnectionA
GetPrintProcessorDirectoryW
DocumentPropertiesA
EndPagePrinter
EnumPrinterKeyA
AddPrinterDriverExW
GetFormA
EnumPortsW
DeletePortW
DeletePrinterDataA
DeletePrintProvidorW
DeletePrintProvidorA
SetPrinterW
OpenPrinterA
GetJobA
GetPrinterDriverDirectoryA
EnumPrinterDataA
DeletePrinterDriverExW
GetJobW
DeletePrintProcessorW
SetJobW
StartDocPrinterW
DeletePrinterDataW
DeletePrintProcessorA
GetPrintProcessorDirectoryA
ConnectToPrinterDlg
StartPagePrinter
SetPrinterA
GetPrinterDataW
ClosePrinter
StartDocPrinterA
FindFirstPrinterChangeNotification

kernel32

GetStringTypeA
CreateProcessA

rasapi32

RasGetCountryInfoW
RasGetErrorStringA

wsock32

WSAAsyncGetProtoByName

wininet

FtpGetCurrentDirectoryA
InternetQueryOptionA
InternetAttemptConnect
InternetCreateUrlW
FindCloseUrlCache
GopherGetAttributeA
CommitUrlCacheEntryW

msvcrt

_except_handler3

rpcrt4

NdrServerInitializeMarshall
NdrFixedArrayFree
RpcMgmtEpEltInqDone
RpcServerUseProtseqEpExA
RpcBindingInqAuthInfoExW
NdrNonEncapsulatedUnionUnmarshall
NdrFullPointerInsertRefId
NdrFixedArrayBufferSize
RpcTestCancel
NdrNonConformantStringMemorySize
NdrEncapsulatedUnionMarshall
RpcServerUseProtseqIfW
NdrByteCountPointerBufferSize
NdrNsSendReceive
NdrComplexStructMemorySize
NdrAsyncServerCall
MesDecodeBufferHandleCreate
RpcSsDestroyClientContext
RpcBindingFromStringBindingW
NdrXmitOrRepAsFree
RpcMgmtInqIfIds
I_RpcAsyncSetHandle
RpcServerUseAllProtseqsIfEx
I_RpcServerRegisterForwardFunction
NdrVaryingArrayBufferSize
DceErrorInqTextW
NdrAllocate
RpcMgmtEpEltInqBegin
MesBufferHandleReset
NdrByteCountPointerFree
NdrPointerMarshall
RpcSsSetClientAllocFree
NdrContextHandleSize
RpcNetworkIsProtseqValidW
I_RpcNsBindingSetEntryNameA
RpcSmAllocate
I_RpcPauseExecution
NDRCContextBinding
RpcStringFreeA
RpcStringBindingParseW
RpcServerInqBindings
NdrConformantVaryingArrayUnmarshall
MIDL_wchar_strcpy
NdrVaryingArrayMemorySize
NdrPointerBufferSize
NdrMesSimpleTypeDecode
I_RpcBindingIsClientLocal
NdrUserMarshalBufferSize
RpcMgmtIsServerListening
long_from_ndr
NdrMapCommAndFaultStatus
RpcBindingInqAuthClientA
MesEncodeDynBufferHandleCreate
NdrRpcSsEnableAllocate
RpcMgmtEnableIdleCleanup
RpcSmClientFree
RpcServerUseAllProtseqs
IUnknown_AddRef_Proxy
MesHandleFree
RpcSsDontSerializeContext
NdrConformantVaryingStructBufferSize
NdrVaryingArrayUnmarshall
RpcMgmtEpEltInqNextA
NdrNsGetBuffer
NdrNonEncapsulatedUnionMemorySize
NdrUserMarshalMarshall
RpcBindingInqAuthInfoExA
data_size_ndr
NdrMesTypeAlignSize
RpcAsyncGetCallStatus
NdrConformantVaryingArrayBufferSize
RpcObjectSetType
NdrComplexStructMarshall

clusapi

GetClusterNodeId
CreateClusterResourceType
CloseClusterResource
ClusterRegSetValue
GetClusterNetworkKey
OpenClusterNode
OpenClusterNetwork
OnlineClusterGroup
OnlineClusterResource
FailClusterResource
ClusterGroupEnum
ClusterGroupOpenEnum
DeleteClusterGroup
ClusterRegCreateKey
ClusterNodeControl
ClusterEnum
ClusterResourceTypeControl
ClusterOpenEnum
GetClusterNetInterfaceState
SetClusterNetworkPriorityOrder
ClusterRegDeleteValue
GetClusterNotify
CloseClusterNetwork
RegisterClusterNotify
PauseClusterNode
OpenClusterGroup
CanResourceBeDependent
ClusterNodeEnum
SetClusterResourceName
OfflineClusterResource

msi

ord165
ord32
ord7
ord33
ord8
ord64
ord34
ord45
ord42
ord46
ord164
ord58
ord62
ord71
ord36
ord49
ord171
ord19
ord31
ord24
ord73
ord74
ord53
ord59
ord63
ord70
ord38
ord40
ord16
ord169
ord47
ord10
ord27
ord26
ord35
ord22
ord43
ord37
ord57

mpr

WNetCloseEnum
WNetAddConnection3W
WNetConnectionDialog1W
WNetCancelConnectionA
WNetEnumResourceW
WNetConnectionDialog

shlwapi

StrCSpnIW
PathFindOnPathA
StrCmpIW
PathCombineA
PathRemoveFileSpecW
PathRemoveBackslashW
PathAppendW
PathIsFileSpecW
StrDupW
SHRegQueryInfoUSKeyA
SHRegQueryUSValueW
SHDeleteEmptyKeyW
PathUnmakeSystemFolderW
PathSetDlgItemPathW
PathUnmakeSystemFolderA
SHRegWriteUSValueA
PathParseIconLocationW
PathFindFileNameW
StrTrimW
PathAddExtensionA
StrCpyW
PathSearchAndQualifyA
SHRegDeleteEmptyUSKeyW
PathFindExtensionA
SHGetValueA
PathCanonicalizeA
PathMakePrettyW
PathIsDirectoryW
PathRelativePathToA
PathSearchAndQualifyW
SHGetValueW

comctl32

ImageList_SetBkColor
PropertySheetW
ord17
ImageList_DrawEx
ImageList_ReplaceIcon

setupapi

SetupDiCreateDeviceInterfaceA
SetupAdjustDiskSpaceListW
SetupGetTargetPathW
SetupDiCreateDeviceInfoListExA
SetupFindNextMatchLineA
SetupDiGetClassDevPropertySheetsW
SetupDiGetDeviceRegistryPropertyW
SetupInitDefaultQueueCallbackEx
SetupGetInfInformationW
SetupSetSourceListA
SetupDiClassNameFromGuidW
SetupQueueDefaultCopyA
SetupDiDrawMiniIcon
SetupInstallServicesFromInfSectionExA
SetupAddToSourceListW

winmm

midiConnect
mciGetErrorStringA
joySetCapture
mmioOpenW
mixerSetControlDetails
waveOutUnprepareHeader
timeKillEvent
mmioStringToFOURCCW
mixerGetDevCapsW
auxSetVolume
mciGetDeviceIDA
mmioClose
auxGetVolume
midiOutOpen
waveInMessage
midiOutPrepareHeader
mmioCreateChunk
midiInOpen
mmioAscend
joyGetPos
mmioSetBuffer
mciSetYieldProc
midiOutLongMsg
PlaySoundA
midiOutMessage
joyGetNumDevs
midiInGetID
SendDriverMessage
auxGetNumDevs
waveInReset
mmioStringToFOURCCA
joyReleaseCapture
waveOutRestart
mixerMessage
midiStreamProperty
midiInGetNumDevs

version

VerInstallFileW

advapi32

RegUnLoadKeyW
GetServiceDisplayNameA
InitiateSystemShutdownA
RegUnLoadKeyA
GetTokenInformation
RegSetKeySecurity
GetFileSecurityW
GetAclInformation
ChangeServiceConfig2W
SetKernelObjectSecurity
RegDeleteValueA
LookupAccountSidA
LookupAccountSidW
SetSecurityDescriptorGroup
StartServiceCtrlDispatcherA
DeregisterEventSource
RegSaveKeyA
RegNotifyChangeKeyValue
RegOpenKeyA
AccessCheck
RegOpenKeyExA
RegSetValueExA
DuplicateToken
BuildTrusteeWithSidW
RegLoadKeyA
AllocateAndInitializeSid
MakeAbsoluteSD
RegSetValueA
RegLoadKeyW
RegOpenKeyW
RegSetValueW
SetEntriesInAclA
OpenSCManagerA
LsaNtStatusToWinError
QueryServiceConfigW
IsValidSid
LsaEnumerateAccountRights
SetSecurityDescriptorSacl
CreateProcessAsUserW
AddAce
EqualSid
LsaRetrievePrivateData
RegCreateKeyExW
RegDeleteKeyA
AddAccessAllowedAce
RegEnumKeyExW
LockServiceDatabase
GetUserNameA
RegSaveKeyW
RegQueryValueExW
OpenThreadToken
LsaClose
EnumDependentServicesW
EnumServicesStatusW
RegRestoreKeyA
GetSecurityDescriptorGroup
CloseEventLog
RegConnectRegistryW
SetThreadToken
CopySid
RegOpenKeyExW
IsValidSecurityDescriptor
OpenSCManagerW
RegQueryValueW
ImpersonateLoggedOnUser
RegCloseKey
ChangeServiceConfigW
EnumDependentServicesA
AdjustTokenPrivileges
RegDeleteKeyW
LsaStorePrivateData

oleaut32

VarBoolFromDisp

Sections

.text
Size: 216KB - Virtual size: 215KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f70dda25065784a138c1d82a03c6db0a

Headers

File Characteristics

Imports

oleacc

comdlg32

winspool.drv

kernel32

rasapi32

wsock32

wininet

msvcrt

rpcrt4

clusapi

msi

mpr

shlwapi

comctl32

setupapi

winmm

version

advapi32

oleaut32

Sections

.text Size: 216KB - Virtual size: 215KB

.data Size: 4KB - Virtual size: 1.7MB

.rsrc Size: 4KB - Virtual size: 3KB

.text
Size: 216KB - Virtual size: 215KB

.data
Size: 4KB - Virtual size: 1.7MB

.rsrc
Size: 4KB - Virtual size: 3KB