9a0f07dd0f856d142937c2ef39a725e15aa5a96f929a4af6939cdc6c9fa33b88

Sharing

Copy URL

Twitter E-mail

General

Target

9a0f07dd0f856d142937c2ef39a725e15aa5a96f929a4af6939cdc6c9fa33b88
Size

251KB
MD5

906ae00a27a776e5039267b51c64f250
SHA1

817e2312d50dddf06d78b1a84f12aeef97dc69d2
SHA256

9a0f07dd0f856d142937c2ef39a725e15aa5a96f929a4af6939cdc6c9fa33b88
SHA512

19c09d4539fa64e8fbd2baab630c3157bf9808e8b047fdf4dc45a89bc3487ebcab071ba7f3f3da63910f86a204cdf079b2a1aba9d5829a65edc7aba36415fad5
SSDEEP

6144:OY9eF7vHJNXoJk1LGHHdHaNJLBRITgZl5AHWj3BchNERF:D94jHj+k1LWQNOgZ/jGgL

Score

N/A

Malware Config

Signatures

Files

9a0f07dd0f856d142937c2ef39a725e15aa5a96f929a4af6939cdc6c9fa33b88
.exe windows x86

782baa30297a079fd87cd912bd6e16e1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathStripPathW
PathRemoveFileSpecW
StrTrimW
PathUnquoteSpacesW
PathRemoveExtensionW
PathAppendW
PathFindFileNameW
PathFileExistsW
PathRemoveBlanksW
PathRenameExtensionW

iphlpapi

NotifyAddrChange

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

advapi32

GetSidSubAuthorityCount
GetAce
RegOpenKeyExW
RegDeleteValueW
SetSecurityDescriptorDacl
CryptCreateHash
CryptHashData
StartServiceCtrlDispatcherW
OpenSCManagerW
RegisterServiceCtrlHandlerExW
OpenServiceW
RegEnumValueW
GetSidIdentifierAuthority
GetUserNameW
SetServiceStatus
GetSidSubAuthority
RegOpenKeyW
RegSetValueExW
SetNamedSecurityInfoW
InitializeSecurityDescriptor
QueryServiceStatus
CryptReleaseContext
SetEntriesInAclW
AddAccessAllowedAce
DuplicateTokenEx
RegEnumKeyW
GetLengthSid
AllocateAndInitializeSid
GetNamedSecurityInfoW
OpenProcessToken
CloseServiceHandle
StartServiceW
QueryServiceStatusEx
RegQueryValueExW
AddAce
RegCloseKey
CryptDestroyHash
RegCreateKeyExW
ImpersonateLoggedOnUser
GetAclInformation
CryptGetHashParam
RevertToSelf
InitializeAcl
CryptAcquireContextW
FreeSid

ws2_32

inet_ntoa
getservbyport
WSACleanup
WSAGetLastError
inet_addr
WSASetLastError
getservbyname
WSACloseEvent
gethostbyaddr
gethostbyname
ntohs
htons
WSAResetEvent
WSAStartup
htonl
WSACreateEvent

shell32

SHGetSpecialFolderPathW
SHGetFolderPathW
SHCreateDirectoryExW

kernel32

GetCurrentThreadId
RaiseException
DebugBreak
EnterCriticalSection
LoadResource
CreateFileMappingW
GetQueuedCompletionStatus
OpenFileMappingW
ResetEvent
FindNextFileW
ExpandEnvironmentStringsW
CreateIoCompletionPort
GetLongPathNameW
OutputDebugStringA
HeapFree
SetUnhandledExceptionFilter
LocalFree
IsDebuggerPresent
GetDriveTypeW
LeaveCriticalSection
GetSystemTime
ReadFile
GetProcessHeap
CreateDirectoryW
GlobalLock
GetProcessVersion
VirtualQuery
GetFileAttributesExW
GetProcessTimes
ReadProcessMemory
CreateWaitableTimerW
PostQueuedCompletionStatus
CreateFileW
CreateToolhelp32Snapshot
SetLastError
DeleteCriticalSection
FreeLibrary
WaitForMultipleObjects
LocalAlloc
GlobalMemoryStatus
OpenMutexW
HeapDestroy
GetFileSizeEx
FindClose
GetFileSize
CopyFileW
GetVolumeNameForVolumeMountPointW
SetWaitableTimer
GetFileInformationByHandle
FileTimeToDosDateTime
DeviceIoControl
SizeofResource
HeapSize
ProcessIdToSessionId
DeleteFileW
GlobalAlloc
WaitForMultipleObjectsEx
lstrcmpiW
FindResourceExW
FindResourceW
LockResource
Module32FirstW
GetSystemTimeAsFileTime
GlobalUnlock
GlobalFree
FindFirstFileW
CreateEventW
WideCharToMultiByte
GetLocalTime
GetSystemDirectoryA
MapViewOfFile
CreateMutexW
GetShortPathNameW
SetFilePointer
SetEndOfFile
FileTimeToSystemTime
GetModuleHandleW
HeapReAlloc
GetOverlappedResult
CreateProcessW
SignalObjectAndWait
OpenEventW
HeapAlloc
GetSystemInfo
UnhandledExceptionFilter
UnmapViewOfFile
OpenProcess
ReleaseMutex
MoveFileW
GetSystemDirectoryW
CreateFileA
WriteFile
WaitForSingleObject
GetTempPathW
InitializeCriticalSectionAndSpinCount
CloseHandle
Module32NextW
SystemTimeToFileTime
VirtualAlloc

ole32

CoInitializeEx
CoCreateInstance
CoUninitialize

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory
WTSEnumerateSessionsW

mpr

WNetGetConnectionW

rasapi32

RasEnumConnectionsW
RasGetProjectionInfoW
RasGetEntryPropertiesW

psapi

GetModuleFileNameExW
EnumProcessModules
EnumProcesses

cabinet

ord13
ord10
ord11
ord14

oleaut32

VariantClear
VariantInit

user32

wsprintfW
GetSystemMetrics

odbccp32

SQLGetPrivateProfileString
SelectTransDlg
SQLCreateDataSourceEx
SQLInstallDriverEx
SQLCreateDataSourceW
SQLRemoveTranslatorW
SQLInstallTranslatorExW
SQLWritePrivateProfileString
SQLGetConfigMode
SQLRemoveTranslator

cryptdlg

DecodeRecipientID
DecodeAttrSequence

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.NANk
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Fayn
Size: 1024B - Virtual size: 677B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.mo
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.oNJpL
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.eXMtpA
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.XZjgvm
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 212KB - Virtual size: 280KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.FlgaTc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.SmopNO
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.D
Size: 512B - Virtual size: 321B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

782baa30297a079fd87cd912bd6e16e1

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

iphlpapi

version

advapi32

ws2_32

shell32

kernel32

ole32

wtsapi32

mpr

rasapi32

psapi

cabinet

oleaut32

user32

odbccp32

cryptdlg

Sections

.text Size: 18KB - Virtual size: 18KB

.NANk Size: 1024B - Virtual size: 1KB

.Fayn Size: 1024B - Virtual size: 677B

.rdata Size: 6KB - Virtual size: 6KB

.mo Size: 2KB - Virtual size: 2KB

.oNJpL Size: 1KB - Virtual size: 1KB

.eXMtpA Size: 1024B - Virtual size: 1KB

.XZjgvm Size: 1024B - Virtual size: 1KB

.data Size: 212KB - Virtual size: 280KB

.FlgaTc Size: 2KB - Virtual size: 2KB

.SmopNO Size: 2KB - Virtual size: 2KB

.D Size: 512B - Virtual size: 321B

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 18KB - Virtual size: 18KB

.NANk
Size: 1024B - Virtual size: 1KB

.Fayn
Size: 1024B - Virtual size: 677B

.rdata
Size: 6KB - Virtual size: 6KB

.mo
Size: 2KB - Virtual size: 2KB

.oNJpL
Size: 1KB - Virtual size: 1KB

.eXMtpA
Size: 1024B - Virtual size: 1KB

.XZjgvm
Size: 1024B - Virtual size: 1KB

.data
Size: 212KB - Virtual size: 280KB

.FlgaTc
Size: 2KB - Virtual size: 2KB

.SmopNO
Size: 2KB - Virtual size: 2KB

.D
Size: 512B - Virtual size: 321B

.rsrc
Size: 1KB - Virtual size: 1KB