22a6ab7f6a83e700bf77e01959dd6b3acbef8b662009b99a0feaf8814b32e10b

Sharing

Copy URL Twitter E-mail

General

Target

22a6ab7f6a83e700bf77e01959dd6b3acbef8b662009b99a0feaf8814b32e10b
Size

241KB
MD5

9158feedb771da390cb5a0061e0fd110
SHA1

aefc9c2276ed0b3ce078abd1c1bd697b51223405
SHA256

22a6ab7f6a83e700bf77e01959dd6b3acbef8b662009b99a0feaf8814b32e10b
SHA512

e66dddf8136d5c36fb98a7533e79ae126e8ea08f4c66dbcbb2f65153a29a8bf1f891e25a84f154826040f5a3117f3e247a606bd49dd32eff81e61cb0d18e6c79
SSDEEP

3072:s0RSDzdx/AiilXVD9MhAmgqsk3I+pwtd5e5SE7/cvUvSD5b4e5HGbkr5lNfC4t:s3D3/AiilXVBMS/IIEw1e5l/GUXbIVa

Score

N/A

Malware Config

Signatures

Files

22a6ab7f6a83e700bf77e01959dd6b3acbef8b662009b99a0feaf8814b32e10b
.exe windows x86

60c96b03f4266b0a3b68f4efb65afe02

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

SetPropA

comctl32

_TrackMouseEvent
ImageList_Duplicate
ImageList_GetBkColor
CreateStatusWindowW
ord14
ord5
ImageList_LoadImageA
ImageList_DragLeave
ImageList_Add
ImageList_GetDragImage
ImageList_DrawIndirect
ImageList_SetDragCursorImage
ImageList_Destroy
ImageList_DragEnter
ord15
FlatSB_GetScrollProp

msimg32

GradientFill

gdi32

EqualRgn
GetPixel
BitBlt
PolyBezierTo
Polygon
GdiGetBatchLimit
ScaleViewportExtEx
GetTextCharset
GetColorSpace
UpdateICMRegKeyW
RestoreDC
CreateRectRgn
GetBkMode
GetTextExtentPoint32A
DeleteEnhMetaFile
GetICMProfileA
EnumFontFamiliesA
SetROP2
CreateFontW
CreatePolygonRgn
PaintRgn
ExcludeClipRect
SetTextAlign
ExtFloodFill
SelectObject
FillPath
CreateDIBitmap
CreateDCW
GetRasterizerCaps
GetMapMode
CloseEnhMetaFile
GetDeviceGammaRamp
ExtCreateRegion
SetStretchBltMode
PolyBezier
CreateFontIndirectA
GetPath
GetArcDirection
GetMiterLimit
DeleteMetaFile
CreateMetaFileA
CopyEnhMetaFileW
CreatePatternBrush
StretchDIBits
EnumFontsW
GetNearestPaletteIndex
GetCharacterPlacementW
OffsetWindowOrgEx
BeginPath
Chord
GetWindowExtEx
PtInRegion
EndPage
InvertRgn
DrawEscape
StrokeAndFillPath
AbortPath
RemoveFontResourceA
GetTextFaceA
FlattenPath
GetDeviceCaps
CreatePen
GetNearestColor
ExtCreatePen
LineTo
CreateRoundRectRgn
GetCharWidth32W
SetPixelFormat
CreateBitmap
CloseFigure
GetSystemPaletteEntries
GetTextExtentExPointW
AbortDoc
IntersectClipRect

mpr

WNetDisconnectDialog1W
WNetCloseEnum
WNetConnectionDialog1A
WNetGetConnectionW
WNetGetProviderNameA
WNetAddConnection3W
WNetAddConnectionA
WNetCancelConnectionW
MultinetGetConnectionPerformanceW
WNetOpenEnumW
WNetCancelConnection2W

setupapi

SetupDiRemoveDevice

lz32

LZDone

winspool.drv

AddFormW
AddPrinterA
AbortPrinter
EnumPrintProcessorDatatypesA
DocumentPropertiesA
EnumPrinterDataExA
GetPrinterDataA
EndPagePrinter
DeleteMonitorW
ConfigurePortW
EnumPortsW
DeletePrinterDataW
GetPrinterDataW
GetPrintProcessorDirectoryW
AddPrinterDriverExW
GetJobW
GetPrinterDataExA
AddPrinterDriverW
DeletePrinterKeyA
AdvancedDocumentPropertiesW
SetPrinterDataExA
GetPrinterDriverDirectoryW
EnumPrintProcessorsA
ScheduleJob
EnumPrinterKeyW
ReadPrinter
GetPrinterDataExW
DeletePrinterDataExA
AddPrinterConnectionW
GetPrinterDriverW
DeletePrintProcessorA
AddPrinterDriverExA
EnumPrinterDriversA
GetPrinterDriverA
AddMonitorA
DeletePortW

oleacc

LresultFromObject
ObjectFromLresult
AccessibleChildren
AccessibleObjectFromWindow
AccessibleObjectFromEvent
AccessibleObjectFromPoint
GetRoleTextW
WindowFromAccessibleObject

advapi32

BuildTrusteeWithNameA
EncryptFileA
LookupPrivilegeDisplayNameA
ObjectOpenAuditAlarmW
BuildImpersonateExplicitAccessWithNameA
CreateServiceW
DeleteService
LookupPrivilegeValueA
RegCreateKeyExA
SetKernelObjectSecurity
ClearEventLogA
ObjectCloseAuditAlarmW
LsaSetInformationPolicy
LsaStorePrivateData
AreAnyAccessesGranted
AddAccessAllowedAce
GetSecurityDescriptorDacl
OpenBackupEventLogW
SetNamedSecurityInfoW
NotifyBootConfigStatus
BackupEventLogA
GetExplicitEntriesFromAclA
EnumServicesStatusA
SetFileSecurityW
SetThreadToken
GetServiceKeyNameW
FindFirstFreeAce
RegQueryMultipleValuesW
OpenThreadToken
RegisterEventSourceW
RegCloseKey
LookupSecurityDescriptorPartsA
ObjectOpenAuditAlarmA
RegEnumKeyExW
IsValidSecurityDescriptor
RegRestoreKeyW
QueryServiceStatus
GetTrusteeNameA
RegOpenKeyExW
EnumServicesStatusW
IsTextUnicode
LsaOpenPolicy
InitiateSystemShutdownW
GetTrusteeFormW
RegSetValueA
ObjectCloseAuditAlarmA
SetSecurityDescriptorGroup
LookupPrivilegeDisplayNameW
ObjectPrivilegeAuditAlarmA
LsaDeleteTrustedDomain
EqualSid
StartServiceCtrlDispatcherA
GetUserNameW
RegSetKeySecurity
BuildTrusteeWithSidA
QueryServiceLockStatusW
RegOpenKeyA
EnumDependentServicesA
LsaSetTrustedDomainInformation
RegConnectRegistryA
ReportEventA
GetNumberOfEventLogRecords
RegQueryValueExA
CreateServiceA
RegDeleteValueW
GetOldestEventLogRecord
DuplicateToken
LsaEnumerateAccountsWithUserRight
LookupAccountSidA
CloseServiceHandle
InitializeSid
OpenEventLogA
ObjectPrivilegeAuditAlarmW
ReadEventLogW
EnumDependentServicesW
GetAuditedPermissionsFromAclA
RegReplaceKeyW
GetSidLengthRequired
AddAce
NotifyChangeEventLog
ObjectDeleteAuditAlarmW
ImpersonateNamedPipeClient
CreateProcessAsUserW
GetSecurityDescriptorGroup
GetAclInformation
LsaFreeMemory
GetNamedSecurityInfoA
RegQueryMultipleValuesA
GetEffectiveRightsFromAclW
LookupAccountNameA
LookupPrivilegeValueW
LsaAddAccountRights
GetTrusteeTypeA
GetSidIdentifierAuthority
SetSecurityInfo
RegQueryInfoKeyA
StartServiceW
GetTokenInformation
AccessCheck
ClearEventLogW
InitializeAcl
PrivilegeCheck
DeregisterEventSource
AccessCheckAndAuditAlarmW
SetServiceObjectSecurity
GetLengthSid
GetSecurityDescriptorControl
SetFileSecurityA
LsaSetDomainInformationPolicy
LookupAccountNameW
RegDeleteKeyW
GetMultipleTrusteeA
CloseEventLog
SetSecurityDescriptorSacl
OpenSCManagerW
GetTrusteeNameW
PrivilegedServiceAuditAlarmW
RegOpenKeyExA

wininet

FindFirstUrlCacheEntryExA
InternetSetOptionExA
InternetSetStatusCallback
InternetTimeFromSystemTime
FindNextUrlCacheEntryW
GopherGetLocatorTypeW
GetUrlCacheEntryInfoExW
InternetReadFile
InternetCanonicalizeUrlA
ReadUrlCacheEntryStream
InternetAutodialHangup
SetUrlCacheEntryInfoW
InternetSetDialState
InternetGetLastResponseInfoW
GopherCreateLocatorW
FtpRenameFileW
FtpSetCurrentDirectoryA
HttpQueryInfoA
FindNextUrlCacheEntryExW
InternetOpenUrlW
FtpGetCurrentDirectoryW
GopherFindFirstFileA
GopherOpenFileW
SetUrlCacheEntryGroup
InternetGetCookieA
FindFirstUrlCacheEntryExW
FindFirstUrlCacheEntryW
FtpGetCurrentDirectoryA

imm32

ImmConfigureIMEW
ImmGetGuideLineW
ImmGetDescriptionA
ImmSetCompositionStringA
ImmIsIME
ImmGetVirtualKey
ImmIsUIMessageW
ImmConfigureIMEA
ImmGetCompositionFontW
ImmGetIMEFileNameW
ImmGetCompositionWindow
ImmSimulateHotKey
ImmRegisterWordA
ImmGetCandidateListA
ImmSetCompositionFontA
ImmGetProperty
ImmEscapeW
ImmAssociateContext
ImmUnregisterWordA
ImmSetConversionStatus
ImmGetCandidateListCountW
ImmIsUIMessageA
ImmGetContext
ImmGetDescriptionW
ImmGetStatusWindowPos
ImmGetCandidateListW
ImmGetRegisterWordStyleW
ImmGetRegisterWordStyleA

resutils

ResUtilGetSzValue
ResUtilEnumProperties
ResUtilSetMultiSzValue
ResUtilVerifyResourceService
ResUtilGetBinaryProperty
ResUtilFindSzProperty
ResUtilGetProperty
ResUtilStopResourceService
ResUtilResourceTypesEqual
ResUtilGetBinaryValue
ResUtilGetResourceDependency
ResUtilGetResourceNameDependency

shlwapi

PathRelativePathToA
ChrCmpIW
PathRemoveArgsW
PathIsSystemFolderW
SHEnumKeyExA
PathGetDriveNumberW
PathIsRootW
PathQuoteSpacesW
SHRegCreateUSKeyA
PathCanonicalizeA
ChrCmpIA
SHRegEnumUSKeyW
PathUnmakeSystemFolderW
SHDeleteEmptyKeyA
PathIsSameRootW
PathStripPathW
PathRemoveBlanksA
PathFindOnPathA
PathStripPathA
StrTrimW
SHDeleteValueA
PathIsRootA
PathBuildRootW
StrCSpnIA
StrFromTimeIntervalW
PathQuoteSpacesA
PathAddBackslashW
PathSearchAndQualifyW
PathIsURLW
SHRegEnumUSValueW
PathIsUNCServerW

msvcrt

__setusermatherr
_exit
_XcptFilter
exit
_adjust_fdiv
__p__commode
__p__fmode
_acmdln
__getmainargs
_initterm
_controlfp
__set_app_type
_except_handler3

shell32

SHGetSpecialFolderPathW
SHFreeNameMappings
SHFileOperationA

pdh

PdhParseCounterPathW
PdhParseInstanceNameA
PdhLookupPerfNameByIndexA
PdhConnectMachineA
PdhGetDefaultPerfCounterW
PdhEnumObjectItemsW
PdhOpenLogW
PdhValidatePathA
PdhLookupPerfNameByIndexW
PdhValidatePathW
PdhGetRawCounterValue
PdhOpenQueryW
PdhSelectDataSourceA
PdhSetQueryTimeRange
PdhAddCounterA
PdhEnumObjectItemsA
PdhCalculateCounterFromRawValue
PdhParseCounterPathA
PdhGetDataSourceTimeRangeA
PdhOpenQueryA
PdhFormatFromRawValue
PdhReadRawLogRecord
PdhGetDefaultPerfObjectW
PdhLookupPerfIndexByNameW
PdhOpenLogA
PdhBrowseCountersW
PdhGetFormattedCounterArrayA
PdhRemoveCounter
PdhMakeCounterPathW
PdhConnectMachineW
PdhComputeCounterStatistics
PdhParseInstanceNameW
PdhGetLogFileSize
PdhEnumMachinesW
PdhSetCounterScaleFactor
PdhEnumObjectsW

ole32

OleCreateLinkFromData
StgOpenStorageOnILockBytes
CoLoadLibrary
OleConvertIStorageToOLESTREAMEx
OleDraw
FmtIdToPropStgName
CoGetCurrentProcess
PropVariantClear
CoGetMarshalSizeMax
CoFreeLibrary
IsAccelerator
CreateFileMoniker
OleUninitialize
OleDestroyMenuDescriptor
GetHGlobalFromStream
IIDFromString
CoGetMalloc
CreateILockBytesOnHGlobal
ReadClassStg
StringFromCLSID
OleRegGetMiscStatus
CoGetTreatAsClass
CoFileTimeToDosDateTime
OleGetClipboard
CreateBindCtx
HWND_UserSize
CreateDataAdviseHolder
OleGetIconOfFile
HWND_UserUnmarshal

urlmon

CoInternetCompareUrl
CreateAsyncBindCtxEx
GetSoftwareUpdateInfo
ReleaseBindInfo
URLDownloadToCacheFileW
UrlMkSetSessionOption
GetClassURL
RevokeBindStatusCallback
URLOpenPullStreamW
FindMimeFromData
CoInternetGetSession
MkParseDisplayNameEx
CopyBindInfo
RegisterMediaTypes
CoGetClassObjectFromURL
URLOpenStreamW
CoInternetGetSecurityUrl
CreateFormatEnumerator
CreateAsyncBindCtx
HlinkSimpleNavigateToString
HlinkGoBack
FindMediaType
CopyStgMedium

kernel32

EnumTimeFormatsA
GetTapePosition
GetModuleHandleA
GetStartupInfoA

oleaut32

SafeArrayGetDim
SafeArrayGetUBound
VarR8FromI1
VarR8FromI4
BSTR_UserSize
VarCyAbs
VarBoolFromI1
LHashValOfNameSys
VarFormatCurrency
VarCyCmp
VarI4FromI1
VarI2FromUI4
VarCyFromI4
LPSAFEARRAY_UserFree
VarParseNumFromStr
OleSavePictureFile
LPSAFEARRAY_UserUnmarshal
VarBstrFromI1

comdlg32

GetFileTitleW

Sections

.text
Size: 193KB - Virtual size: 193KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 5.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

60c96b03f4266b0a3b68f4efb65afe02

Headers

File Characteristics

Imports

user32

comctl32

msimg32

gdi32

mpr

setupapi

lz32

winspool.drv

oleacc

advapi32

wininet

imm32

resutils

shlwapi

msvcrt

shell32

pdh

ole32

urlmon

kernel32

oleaut32

comdlg32

Sections

.text Size: 193KB - Virtual size: 193KB

.rdata Size: 21KB - Virtual size: 20KB

.data Size: 9KB - Virtual size: 5.2MB

.rsrc Size: 16KB - Virtual size: 15KB

.text
Size: 193KB - Virtual size: 193KB

.rdata
Size: 21KB - Virtual size: 20KB

.data
Size: 9KB - Virtual size: 5.2MB

.rsrc
Size: 16KB - Virtual size: 15KB