c4d7fc0b4e805ed1cfbd35049820e2299158bb07170bd7da26c2fbd8d3f114c4

Sharing

Copy URL Twitter E-mail

General

Target

c4d7fc0b4e805ed1cfbd35049820e2299158bb07170bd7da26c2fbd8d3f114c4
Size

57KB
MD5

a1df9144374e121456f0471f58660510
SHA1

4dde22f8395f950a25b097a1b94b7beb23f604a6
SHA256

c4d7fc0b4e805ed1cfbd35049820e2299158bb07170bd7da26c2fbd8d3f114c4
SHA512

51cb566273d4a6489439f77ebe6f1a392729b33f1aae642165f55d0804458bcb307540172a9e540b6f38ae34a4202831329e4b907438b30c1903bd7d6a36ffde
SSDEEP

1536:55sNN4NQFNGr1gToQb92JQjOij92hCm+vjBat3D+C:LsE6NGWPIj+7IF

Score

N/A

Malware Config

Signatures

Files

c4d7fc0b4e805ed1cfbd35049820e2299158bb07170bd7da26c2fbd8d3f114c4
.dll windows x86

1740cd816542251d935406fe72ed0efa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

cabisafd

ILCombine
ImmPenAuxInput
CtfImmTIMActivate
ImmGetOpenStatus
SdbCloseApphelpInformation
CtfImmSetCiceroStartInThread
SdbReadMsiTransformInfo
DAD_DragEnterEx
CheckEscapesA
DAD_DragLeave
ILFindChild
ImmSetConversionStatus
DragQueryFileA
SdbGrabMatchingInfo
SdbOpenDatabase
ImmWINNLSEnableIME
SdbDeletePermLayerKeys
ImmNotifyIME
ImmLockIMC
OpenAs_RunDLL
ImmGetCandidateListA
ImmGetIMCCSize
ImmEnumInputContext
DAD_SetDragImage
ImmSetCompositionStringA
ImmSetActiveContext
SdbGetNextChild
CtfImmLeaveCoInitCountSkipMode
RegenerateUserEnvironment
ImmProcessKey
SdbReadBinaryTag
ImmGetHotKey
ImmDestroyIMCC
ImmGetStatusWindowPos
DragQueryFile
ImmSetStatusWindowPos
DragAcceptFiles
ImmUnlockIMC
ImmSimulateHotKey
SdbGetFirstChild
IsLFNDrive
PathGetShortPath
DllGetClassObject
DuplicateIcon
IsNetDrive

user32

ScreenToClient
InvalidateRgn
SetCursor
ShowWindow
GetSystemMetrics
ChildWindowFromPoint
GetNextDlgGroupItem
SetTimer
DrawFocusRect
DeleteMenu

kernel32

CreateFileMappingA
SetErrorMode
UnmapViewOfFile
ReleaseMutex
BackupRead
GlobalAlloc
CreateThread
LoadLibraryA
GetModuleHandleA
BackupSeek
HeapFree
GetTapeParameters
LeaveCriticalSection
WaitForMultipleObjects
MapViewOfFile
PrepareTape
GetTapePosition
SetUnhandledExceptionFilter
VirtualQueryEx
CloseHandle

advapi32

AddAccessAllowedAce
GetTokenInformation
ControlService
InitializeSecurityDescriptor
RegCloseKey

netapi32

NetApiBufferFree
NetShareGetInfo

ole32

CoInitializeEx
CoUninitialize

ntdll

NtQueryQuotaInformationFile

Exports

Exports

CreateProcessNotify
calcntui

Sections

.text
Size: 49KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1740cd816542251d935406fe72ed0efa

Headers

File Characteristics

Imports

cabisafd

user32

kernel32

advapi32

netapi32

ole32

ntdll

Exports

Exports

Sections

.text Size: 49KB - Virtual size: 52KB

.rdata Size: 3KB - Virtual size: 4KB

.data Size: 2KB - Virtual size: 4KB

.rsrc Size: 1024B - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 4KB

.text
Size: 49KB - Virtual size: 52KB

.rdata
Size: 3KB - Virtual size: 4KB

.data
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 4KB