d3d179e2b5f947b469a0202760c665db8abccdfd6e6e7b715174a183e0e385e5

Sharing

Copy URL Twitter E-mail

General

Target

d3d179e2b5f947b469a0202760c665db8abccdfd6e6e7b715174a183e0e385e5
Size

627KB
MD5

91d1f840c609ec8389f2038637683947
SHA1

51611fe15a1338f41e9d2b1940e37b6dce28434d
SHA256

d3d179e2b5f947b469a0202760c665db8abccdfd6e6e7b715174a183e0e385e5
SHA512

6b72125cb3d112c4b58764ca5e75dd79fa78fc0b02c8541713486763a2651cccdb2a36635696a5dd24069ecf7a402263c781d8f0f80971cce4b60a26d0370866
SSDEEP

12288:RbCLQQmLMyDtOZZNYJeUrtv5OQwFFUR+aojhEkP8Cj/c5psQCKI:VqTmLMot+gTeFFvqc8dI

Score

N/A

Malware Config

Signatures

Files

d3d179e2b5f947b469a0202760c665db8abccdfd6e6e7b715174a183e0e385e5
.exe windows x86

e47377e2414e2f4c5fb3702772197142

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegSetValueExA
BuildExplicitAccessWithNameW
GetNamedSecurityInfoA
RegReplaceKeyA
QueryServiceObjectSecurity
RegSaveKeyW
EnumDependentServicesW
GetSecurityInfo
StartServiceW
BuildImpersonateTrusteeW
ImpersonateLoggedOnUser
RegUnLoadKeyW
QueryServiceLockStatusW
ClearEventLogW
RegCreateKeyW
CreateServiceA
BackupEventLogA
CryptEnumProvidersA
RegOpenKeyExW
RegOpenKeyW
GetNamedSecurityInfoExW
EqualSid
ConvertAccessToSecurityDescriptorA
CryptGenRandom
RegSetValueW
SetSecurityDescriptorDacl
GetSecurityDescriptorOwner
CryptSetProviderExA
LookupAccountSidA
CancelOverlappedAccess
ObjectDeleteAuditAlarmA
RegisterServiceCtrlHandlerW
CryptGenKey
OpenEventLogW
ObjectCloseAuditAlarmW
GetOverlappedAccessResults
BuildExplicitAccessWithNameA
CryptEnumProviderTypesA
LookupSecurityDescriptorPartsA
CreateProcessAsUserW
BuildImpersonateExplicitAccessWithNameA
GetSecurityDescriptorGroup
ConvertAccessToSecurityDescriptorW
GetLengthSid
SetFileSecurityW
CryptGetProvParam
OpenEventLogA
AddAccessAllowedAce
PrivilegeCheck
RegisterEventSourceA
GetNumberOfEventLogRecords
RegConnectRegistryA
LookupPrivilegeValueW
RegQueryMultipleValuesA
SetNamedSecurityInfoA
OpenBackupEventLogA
GetSidSubAuthorityCount
StartServiceCtrlDispatcherW
CryptSetKeyParam
MakeAbsoluteSD
RegEnumKeyExW
RegUnLoadKeyA
LogonUserA
GetTrusteeTypeA
BuildSecurityDescriptorA
LookupPrivilegeDisplayNameA
CreateServiceW
CryptSetHashParam
RegConnectRegistryW
ConvertSecurityDescriptorToAccessNamedW
ObjectDeleteAuditAlarmW
AbortSystemShutdownA
MapGenericMask
RegOpenKeyExA
CryptSignHashA
CopySid
SetEntriesInAuditListW
CryptExportKey
SetEntriesInAclW
UnlockServiceDatabase
ObjectOpenAuditAlarmA
CryptSetProviderW
CryptAcquireContextA
RegSetValueA
RegFlushKey
GetSecurityDescriptorDacl
ReadEventLogA
OpenServiceW
GetAccessPermissionsForObjectA
LookupPrivilegeDisplayNameW
IsTextUnicode
ConvertSecurityDescriptorToAccessA
InitiateSystemShutdownW
CryptCreateHash
ObjectPrivilegeAuditAlarmW
DuplicateToken
GetMultipleTrusteeOperationA
DeregisterEventSource
CryptHashSessionKey
GetTokenInformation
GetAclInformation
DestroyPrivateObjectSecurity
GetUserNameA
LookupAccountNameW
ObjectPrivilegeAuditAlarmA
GetNamedSecurityInfoW
RegCreateKeyExA
GetServiceDisplayNameW
GetAuditedPermissionsFromAclW
IsValidAcl
CryptSetProvParam
LookupPrivilegeNameW
SetServiceBits
EnumDependentServicesA
RegQueryValueW
GetSecurityInfoExA
RegDeleteValueW
CryptAcquireContextW

shlwapi

PathStripPathW
SHRegOpenUSKeyA
StrCmpNW
wvnsprintfW
wnsprintfW
PathCanonicalizeA
PathMakePrettyA
PathGetCharTypeW
UrlUnescapeA
SHRegDeleteEmptyUSKeyW
SHQueryValueExW
PathUnmakeSystemFolderW
UrlIsOpaqueW
PathIsUNCServerShareW
PathSetDlgItemPathW
PathAppendA
PathIsRelativeW
PathStripToRootA
PathCanonicalizeW
StrStrA
PathFindExtensionA
UrlHashW
StrCmpW
PathStripPathA
SHStrDupA
GetMenuPosFromID
StrFormatByteSizeA
PathUndecorateW
SHIsLowMemoryMachine
StrRChrIA
PathQuoteSpacesW
PathFindFileNameA
UrlGetLocationA
PathUndecorateA
SHDeleteKeyA
IntlStrEqWorkerW
UrlGetPartA
UrlCombineW
StrRetToStrW
StrRChrIW
SHDeleteKeyW
PathIsFileSpecW
PathFindOnPathA
StrToIntExW
UrlCanonicalizeW
StrChrIA
PathCommonPrefixW
PathIsNetworkPathA
PathGetArgsW
PathCreateFromUrlA
StrFromTimeIntervalW
PathFindOnPathW
PathGetCharTypeA
SHRegOpenUSKeyW
AssocQueryKeyW
PathStripToRootW
ColorRGBToHLS
SHRegQueryUSValueA
StrRetToStrA
SHRegGetUSValueA
PathMakePrettyW
SHRegEnumUSKeyW
PathIsSystemFolderW
StrCSpnW
PathSearchAndQualifyA
StrFormatByteSize64A
PathIsURLW
PathSkipRootW
SHEnumValueW
PathRemoveArgsW
PathGetDriveNumberW
PathSearchAndQualifyW
StrCmpIW
StrPBrkW
UrlEscapeA
PathFindExtensionW
SHCopyKeyW
StrNCatW
StrTrimW
PathIsDirectoryEmptyA
StrSpnW
SHRegQueryUSValueW
ChrCmpIA
PathMakeSystemFolderA
SHOpenRegStreamA
PathFindNextComponentA
StrFormatKBSizeA
AssocQueryStringW
PathCreateFromUrlW
UrlIsNoHistoryW
StrCmpNIA
StrCpyW
SHCopyKeyA
StrSpnA
SHCreateStreamOnFileW
UrlCreateFromPathW
PathCompactPathA
SHRegGetBoolUSValueA
ColorAdjustLuma
UrlCanonicalizeA
PathCombineA
SHStrDupW
PathGetArgsA
PathSkipRootA
UrlIsNoHistoryA
SHRegDuplicateHKey
StrRChrA

user32

CharUpperW
CreateWindowExW
GetMenuItemInfoW
SetParent
PtInRect
SetWindowRgn
GetWindowTextLengthA
RegisterClipboardFormatW
CreateIconIndirect
SetMenuInfo
SetClassWord
DrawCaption
DdeClientTransaction
UnloadKeyboardLayout
SetClassLongW
SetActiveWindow
CharNextA
SetPropA
CharUpperBuffA
DrawStateA
CreateCaret
TabbedTextOutA
SetKeyboardState
DdeAddData
EqualRect
CreateDialogParamA
SetPropW
RegisterClassExW
CreateWindowStationW
DlgDirSelectExW
SetMessageExtraInfo
FindWindowW
IsDialogMessageA
DdeAccessData
MessageBoxExW
SetMenuItemInfoW
GetUserObjectInformationW
CharLowerA
SetRectEmpty
SetWindowsHookW
FlashWindowEx
SwapMouseButton
ArrangeIconicWindows
GetMenuItemID
GetMessageExtraInfo
GetProcessWindowStation
SetDeskWallpaper
CreateIcon
RealGetWindowClass
GetPropA
UnhookWinEvent
IntersectRect
InSendMessageEx
GetClassInfoW
GetWindowDC
GetWindowWord
RegisterClipboardFormatA
DdeNameService
IsCharAlphaNumericW
AnyPopup
InflateRect
OpenIcon
UnpackDDElParam
GetAncestor
DragDetect
InSendMessage
SendMessageTimeoutA
MonitorFromRect
DestroyWindow
CharLowerBuffW
ScreenToClient
EnableScrollBar
GetWindowRgn
UnhookWindowsHookEx
GetDlgItemTextA
SendMessageCallbackW
RegisterWindowMessageA
DdeQueryConvInfo
DrawTextExA
GetSysColorBrush
CloseWindow
SetSysColors
GetGuiResources
MessageBoxExA
AppendMenuW
DestroyCursor
EnumClipboardFormats
SetForegroundWindow
GetScrollPos
GetKeyboardLayoutNameA
GetKeyboardLayoutNameW
LoadStringA
RegisterClassW
PaintDesktop
GetDC
IsCharAlphaW
GetMenuItemRect
DdeKeepStringHandle
UnregisterClassA
SetDlgItemInt
GetClassLongA
LoadCursorFromFileA
GetWindowModuleFileNameW
GetDlgItemTextW
GetDesktopWindow
SetClipboardViewer
CharPrevW
GetClassNameA
FindWindowExA
EndDeferWindowPos
DdeGetLastError
DlgDirListA
CallMsgFilterA
ChangeDisplaySettingsExA
SetMenuContextHelpId
GetMenuContextHelpId
DeleteMenu
GetMenuDefaultItem
GetClientRect

kernel32

GetDriveTypeW
WinExec
ReadConsoleA
GetSystemDefaultLangID
HeapCreate
SleepEx
GetCompressedFileSizeW
SetEnvironmentVariableA
PrepareTape
BuildCommDCBA
FindNextChangeNotification
LocalFileTimeToFileTime
SetUnhandledExceptionFilter
GetOverlappedResult
GetPrivateProfileStringW
FindResourceExW
WriteFileEx
VirtualProtectEx
GetPrivateProfileIntA
SetCurrentDirectoryW
MultiByteToWideChar
WriteTapemark
GetACP
ResumeThread
SetConsoleCursorPosition
RequestDeviceWakeup
VerLanguageNameW
HeapLock
PulseEvent
GetConsoleTitleA
GetTempFileNameA
GetLongPathNameW
GetCalendarInfoW
SuspendThread
GetDiskFreeSpaceExA
GetDefaultCommConfigA
SetMailslotInfo
SetHandleCount
DuplicateHandle
Process32Next
lstrcpy
GetDriveTypeA
EnumSystemLocalesA
EscapeCommFunction
SearchPathW
VirtualFree
WriteProfileStringW
lstrcmpiW
CopyFileA
GetBinaryTypeW
IsBadHugeWritePtr
GetTimeFormatA
GetQueuedCompletionStatus
GetVolumeInformationW
ReadConsoleInputA
GetConsoleCursorInfo
GetEnvironmentVariableW
GlobalReAlloc
VirtualAllocEx
CreateNamedPipeA
FlushViewOfFile
GetTempPathW
SetTapeParameters
GetProcessShutdownParameters
SetLocalTime
OpenSemaphoreW
WaitNamedPipeA
FillConsoleOutputCharacterW
OpenWaitableTimerA
SetProcessAffinityMask
SetCurrentDirectoryA
GetCommandLineA
CopyFileExA
GlobalMemoryStatus
GetThreadContext
VirtualQueryEx
CreatePipe
TerminateProcess
GetLocaleInfoA
Sleep
LoadLibraryW
ConvertThreadToFiber
CopyFileExW
DeleteAtom
FindClose
GlobalCompact
FreeConsole
QueueUserAPC
FindAtomA
CreateMailslotA
SetTapePosition
GetEnvironmentStrings
SystemTimeToFileTime
CompareStringA
FreeEnvironmentStringsA
ClearCommError
WriteConsoleA
GetConsoleTitleW
CreateDirectoryExW
EnumCalendarInfoExW
GetFileAttributesA
CreateFileMappingW
LocalHandle
TlsFree
CreateProcessW
CreateMutexA
GetExitCodeProcess
SetCommBreak
FindResourceA
CancelIo
SystemTimeToTzSpecificLocalTime
ClearCommBreak
GetVersionExA
GetProcessWorkingSetSize
lstrlen
ReadFileScatter
ScrollConsoleScreenBufferA
GetProfileSectionW
PeekNamedPipe
lstrcmp
LockResource
UnlockFile
VirtualAlloc
GetFileSize
SetupComm
GetPrivateProfileSectionA
LocalFlags
GetDateFormatW
WritePrivateProfileStringA
CommConfigDialogA
GenerateConsoleCtrlEvent
GlobalDeleteAtom
OpenFileMappingA
GetStringTypeExW
FindFirstFileW
EnumSystemCodePagesW
GetFileTime
TerminateThread
WriteConsoleInputA
UpdateResourceA
ReadFileEx
GetMailslotInfo
lstrcpyn
GetCommState
FileTimeToLocalFileTime
GetLocalTime
FindResourceExA
GetThreadSelectorEntry
GetNumberOfConsoleInputEvents
VirtualProtect

ole32

CoGetInterfaceAndReleaseStream
OleCreateDefaultHandler
CoRegisterClassObject
CoCreateInstanceEx
CoRegisterChannelHook
WriteOleStg
CoCreateInstance
CoMarshalInterThreadInterfaceInStream
UpdateDCOMSettings
CoLoadLibrary
CreateClassMoniker
RevokeDragDrop
OleLoadFromStream
OleGetIconOfClass
CoRevokeClassObject
MkParseDisplayName
CoQueryClientBlanket
OleDraw
OpenOrCreateStream
OleIsCurrentClipboard
MonikerCommonPrefixWith
OleMetafilePictFromIconAndLabel
StgGetIFillLockBytesOnFile
CoUninitialize
UtConvertDvtd32toDvtd16
ReadStringStream
OleNoteObjectVisible
OleLockRunning
GetConvertStg
StgCreateDocfile
CoSuspendClassObjects
StgOpenStorage
OleDoAutoConvert
OleIsRunning
OleLoad
IIDFromString
StgOpenStorageEx
OleInitialize
OleBuildVersion
ReadFmtUserTypeStg
OleGetIconOfFile
OleConvertIStorageToOLESTREAM
FreePropVariantArray
OleQueryCreateFromData
OleGetAutoConvert
OleCreateLinkFromData
StgCreateDocfileOnILockBytes
CoFileTimeNow
CoGetClassObject
GetDocumentBitStg
OleSetAutoConvert
CreateDataAdviseHolder
CoGetPSClsid
CoGetCallContext
IsEqualGUID
StringFromGUID2
OleCreateFromDataEx
OleRun
OleCreateMenuDescriptor
CoGetCurrentProcess
RegisterDragDrop
CoInitializeSecurity
OleCreateLinkToFile
PropVariantCopy
OleSaveToStream
CoTaskMemRealloc
OleCreate
StgOpenStorageOnILockBytes
DoDragDrop
UtGetDvtd32Info
CoTaskMemAlloc
CoInitializeEx
OleCreateEmbeddingHelper
CoMarshalInterface
CoResumeClassObjects
OleCreateEx
OleSetMenuDescriptor
EnableHookObject
CreateILockBytesOnHGlobal
UtGetDvtd16Info
GetClassFile
MonikerRelativePathTo
OleRegGetMiscStatus
CLSIDFromString
OleCreateFromData
OleConvertIStorageToOLESTREAMEx
OleCreateStaticFromData
ReadClassStm
CoQueryProxyBlanket
ReadOleStg
CoGetTreatAsClass
CoDosDateTimeToFileTime
OleRegEnumFormatEtc

Sections

.text
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 294B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e47377e2414e2f4c5fb3702772197142

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shlwapi

user32

kernel32

ole32

Sections

.text Size: 61KB - Virtual size: 61KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 512B - Virtual size: 294B

.text
Size: 61KB - Virtual size: 61KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 512B - Virtual size: 294B