cbce1f8eb3e1feba86fa45b74bbb2581024a43c70b6fb2becabeb89fc0e8f71a

Sharing

Copy URL Twitter E-mail

General

Target

cbce1f8eb3e1feba86fa45b74bbb2581024a43c70b6fb2becabeb89fc0e8f71a
Size

182KB
MD5

909f09fd7572384bba8ba625d2be96ee
SHA1

071a291d11ec924203c9ef83789c4db96471dbec
SHA256

cbce1f8eb3e1feba86fa45b74bbb2581024a43c70b6fb2becabeb89fc0e8f71a
SHA512

0f33aae950399ec5eafe0c342a7b1ec89bc30dfa6490236b399afc3aeb6da420f1769adfcb6b9074659a1d9a853c342fac3b05b4c4776620779167c3f832a76e
SSDEEP

3072:zkBWVctjSX5mdbKIujpJA2rnHSVaAT+RRkNiH+TfwdAfkwnK5Ia0A3AvYLqjlN+/:zk6cNSX5165aG+RuJbwdAcyAF0AjmjLq

Score

N/A

Malware Config

Signatures

Files

cbce1f8eb3e1feba86fa45b74bbb2581024a43c70b6fb2becabeb89fc0e8f71a
.dll windows x86

7bcda1a37b23936b3f75c02dd3aab71e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

towupper
wcschr
wcsrchr
memset
towlower
iswalpha
_wcsnicmp
_wcsicmp
RtlUnwind

ole32

CLSIDFromString

kernel32

GetFullPathNameW
GetLastError
GetModuleHandleA
GetProcAddress
GetSystemTimeAsFileTime
GetTickCount
GetWindowsDirectoryW
InterlockedCompareExchange
InterlockedExchange
LoadLibraryW
GetFileAttributesW
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep
TerminateProcess
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualProtect
lstrlenW
GetDateFormatW
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
FreeLibrary
FormatMessageW
FindNextFileW
CloseHandle
FindFirstFileW
FindClose
FileTimeToSystemTime
ExitProcess
LocalFree

advapi32

OpenServiceW
LookupPrivilegeValueW
LsaQueryTrustedDomainInfoByName
MakeAbsoluteSD
OpenProcessToken
RegCloseKey
RegDeleteValueW
RegQueryValueExW
RegSetValueExW
CloseServiceHandle
AdjustTokenPrivileges
InitiateSystemShutdownExW

user32

LoadStringW
CharNextW
CharPrevW

shell32

SHGetInstanceExplorer
SHGetFolderPathW
ExtractAssociatedIconW

msvcrt

_amsg_exit
__setusermatherr
_cexit
__p__fmode
__p__commode
_CIasin
_controlfp
_initterm
exit
fputs
fputws
strerror
__set_app_type
wprintf

setupapi

CM_Connect_MachineW
CM_Delete_Class_Key
CM_Disconnect_Machine
CM_Free_Log_Conf_Handle
CM_Get_DevNode_Status_Ex
CM_Get_Device_ID_ExW
CM_Get_Next_Res_Des_Ex
CM_Get_Res_Des_Data_Ex
CM_Is_Version_Available_Ex
CM_Locate_DevNode_ExW
CM_Reenumerate_DevNode_Ex
SetupCloseInfFile
SetupCopyOEMInfW
SetupDiBuildClassInfoListExW
SetupDiBuildDriverInfoList
SetupDiCallClassInstaller
SetupDiClassGuidsFromNameExW
SetupDiClassNameFromGuidExW
SetupDiCreateDeviceInfoList
SetupDiCreateDeviceInfoListExW
SetupDiCreateDeviceInfoW
SetupDiDestroyDeviceInfoList
SetupDiDestroyDriverInfoList
SetupDiEnumDeviceInfo
SetupDiEnumDriverInfoW
SetupDiGetClassDescriptionExW
SetupDiGetClassDevsExW
SetupDiGetDeviceInfoListDetailW
SetupDiGetDeviceInstallParamsW
SetupDiGetDeviceRegistryPropertyW
SetupDiGetDriverInstallParamsW
SetupDiOpenClassRegKeyExW
SetupDiRemoveDevice
SetupDiSetClassInstallParamsW
SetupDiSetDeviceInstallParamsW
SetupOpenFileQueue
SetupOpenInfFileW
SetupGetStringFieldW

Exports

Exports

CchFileTimeToDateTimeW
FBuildTempPathW
FIsSpaceA
HrCopyStreamToByte

Sections

.text
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7bcda1a37b23936b3f75c02dd3aab71e

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

ole32

kernel32

advapi32

user32

shell32

msvcrt

setupapi

Exports

Exports

Sections

.text Size: 57KB - Virtual size: 57KB

.rdata Size: 100KB - Virtual size: 99KB

.data Size: 9KB - Virtual size: 9KB

.rsrc Size: 15KB - Virtual size: 14KB

.text
Size: 57KB - Virtual size: 57KB

.rdata
Size: 100KB - Virtual size: 99KB

.data
Size: 9KB - Virtual size: 9KB

.rsrc
Size: 15KB - Virtual size: 14KB