df23a5eb677a8cea13d80e59e266d33515c567eccc5ac1cf83a05516b9dc85c9

Sharing

Copy URL Twitter E-mail

General

Target

df23a5eb677a8cea13d80e59e266d33515c567eccc5ac1cf83a05516b9dc85c9
Size

107KB
MD5

410736204356b691e302a124ff94a991
SHA1

e89804b1867668d2979ebab5ddd22caec8b5f600
SHA256

df23a5eb677a8cea13d80e59e266d33515c567eccc5ac1cf83a05516b9dc85c9
SHA512

f3e496186a8439c00fea45a5ba8a065491dac9a4d5eae494588af81349a60585015f60d25127a7275599a4f6551121324f86d413d60c3231b663383c9d7e7ae3
SSDEEP

1536:RWObkYQU/qeAfRlPfGTTCgCSGhzZLB9SGwzoxwXJoq4AAMY:WU/qeAp9GTTCaG3B9SDzoxwXJoqHY

Score

N/A

Malware Config

Signatures

Files

df23a5eb677a8cea13d80e59e266d33515c567eccc5ac1cf83a05516b9dc85c9
.exe windows x86

70a4a8a108d409e41bb3e575d8ca7ba5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mprapi

MprAdminMIBEntrySet
MprAdminMIBEntryGet
MprAdminIsServiceRunning
MprConfigServerGetInfo
MprConfigInterfaceCreate
MprAdminMIBEntryDelete
MprInfoBlockSet
MprAdminInterfaceCreate

winspool.drv

EnumPrinterDataA
QueryRemoteFonts
SetFormA
DeletePrintProcessorW
EnumFormsW
SetPortA
SetPrinterDataW
GetPrinterDataExW

rpcrt4

RpcCertGeneratePrincipalNameW
RpcServerUseAllProtseqsIfEx
RpcServerUseAllProtseqsEx
RpcSsGetThreadHandle
RpcServerUseAllProtseqsIf
UuidIsNil
RpcCancelThreadEx
NdrRpcSsEnableAllocate
RpcServerInqDefaultPrincNameW
RpcServerUnregisterIf
NdrVaryingArrayMemorySize
RpcServerUseProtseqIfW
NdrFixedArrayMemorySize
NdrFullPointerQueryPointer
MesBufferHandleReset
NdrRangeUnmarshall
NdrStubInitialize
NdrEncapsulatedUnionUnmarshall
I_RpcConnectionSetSockBuffSize
NdrClientContextUnmarshall
RpcNetworkIsProtseqValidA
RpcRaiseException
NdrClientInitializeNew
I_RpcTurnOnEEInfoPropagation
NdrConformantStringUnmarshall
NdrContextHandleSize
RpcServerUseProtseqIfA
NdrGetDcomProtocolVersion
I_RpcLogEvent
NdrPartialIgnoreClientMarshall
NdrEncapsulatedUnionFree
IUnknown_AddRef_Proxy
RpcSmFree
RpcSmClientFree
RpcMgmtStopServerListening
NdrMesSimpleTypeEncode
NdrSimpleTypeUnmarshall
RpcServerTestCancel
NdrProxySendReceive
I_RpcBindingInqDynamicEndpointW
NdrTypeUnmarshall
NdrAsyncClientCall
NdrUserMarshalFree
RpcServerInqBindings
NdrConformantVaryingArrayMarshall
NdrUnmarshallBasetypeInline
UuidCompare
UuidCreateSequential
RpcMgmtEpEltInqNextA
I_RpcTransConnectionReallocPacket
UuidEqual
NdrFixedArrayUnmarshall
NdrServerContextMarshall
RpcEpRegisterW
MesEncodeFixedBufferHandleCreate
NdrTypeFlags
I_RpcGetBufferWithObject
CreateStubFromTypeInfo

setupapi

SetupDiDeleteDeviceInterfaceData
SetupDiGetDeviceInstanceIdA
CM_Enumerate_Classes
SetupDiCreateDeviceInfoListExW
CM_Get_Device_Interface_AliasW
SetupFindNextMatchLineA
SetupQueryFileLogA
CM_Uninstall_DevNode_Ex
pSetupStringTableInitialize
SetupCopyErrorW
CM_Get_Res_Des_Data_Size_Ex
SetupCopyOEMInfW
SetupDeleteErrorA
SetupDiSetSelectedDriverA
CM_Setup_DevNode_Ex
SetupDiSelectBestCompatDrv
SetupGetInfFileListW
pSetupGetQueueFlags
CM_Add_Empty_Log_Conf
CM_Open_Class_Key_ExA
CM_Query_And_Remove_SubTree_ExW
SetupDiOpenDevRegKey
SetupGetLineTextA
SetupDiGetDeviceInfoListDetailA
SetupDiRegisterCoDeviceInstallers
SetupQueryInfVersionInformationA
SetupRemoveFromDiskSpaceListW
InstallHinfSectionA
SetupRemoveInstallSectionFromDiskSpaceListA
SetupDiBuildClassInfoList
CM_Get_DevNode_Registry_Property_ExW
CM_Detect_Resource_Conflict_Ex
CM_Get_Class_Name_ExA
SetupGetTargetPathA
SetupSetDirectoryIdExW
CM_Remove_SubTree_Ex
pSetupInstallCatalog
SetupOpenFileQueue
SetupCommitFileQueueW
SetupDiGetClassInstallParamsW
CM_Get_Device_Interface_ListA
CM_Get_DevNode_Custom_PropertyA
pSetupStringTableEnum
SetupDiGetActualSectionToInstallExW
SetupPrepareQueueForRestoreA
CM_Get_Class_Key_Name_ExA
CM_Delete_DevNode_Key_Ex
SetupGetInfSections
SetupScanFileQueue
SetupQueueDefaultCopyA
SetupDiDestroyDriverInfoList
SetupInitDefaultQueueCallbackEx
SetupGetInfFileListA
SetupDiGetDeviceInfoListClass
SetupAddSectionToDiskSpaceListW
CM_Create_Range_List
CM_Set_HW_Prof
pSetupWriteLogEntry
CM_Get_Device_ID_List_Size_ExA
SetupGetFileQueueCount
CM_Create_DevNode_ExA
CM_Get_HW_Prof_FlagsA
SetupQueueDeleteSectionW
CM_Get_Depth_Ex
SetupRenameErrorW
CM_Get_Hardware_Profile_InfoW
CM_Get_First_Log_Conf_Ex
SetupDiGetDeviceInterfaceAlias
UnicodeToMultiByte
SetupDiGetHwProfileFriendlyNameExA
CM_Get_Device_Interface_List_ExA
SetupGetSourceFileSizeW
SetupDiSelectDevice
CMP_Init_Detection
SetupDiSetClassRegistryPropertyA
CM_Register_Device_InterfaceA
SetupDiGetDeviceInterfaceDetailW
pSetupShouldDeviceBeExcluded
CM_Get_Depth
CM_Is_Dock_Station_Present_Ex
SetupRemoveFromDiskSpaceListA
CM_Disable_DevNode_Ex
SetupDiCreateDeviceInfoList

odbc32

SQLColumnsW
SQLGetConnectOption
SQLCancel
SQLPrepareW
SQLProcedures
SQLDriversW
SQLParamData
SQLGetFunctions
SQLGetConnectOptionA
GetODBCSharedData
g_hHeapMalloc
SQLRowCount
PostComponentError

crypt32

CertFreeCertificateChain
CryptQueryObject
CertSerializeCRLStoreElement
CertAddEncodedCertificateToSystemStoreW
CryptSetKeyIdentifierProperty
CryptVerifyMessageSignatureWithKey
CertCreateSelfSignCertificate
CryptFormatObject
CryptBinaryToStringA
CryptEnumOIDFunction
CertEnumCRLContextProperties
CryptMsgVerifyCountersignatureEncoded
CryptFindCertificateKeyProvInfo
CertOpenSystemStoreA
CertVerifySubjectCertificateContext
CertFreeCertificateContext
RegQueryValueExU
CertEnumCertificateContextProperties
I_CryptGetAsn1Encoder
CertRDNValueToStrA
CryptInstallOIDFunctionAddress
CertAddEnhancedKeyUsageIdentifier
CertNameToStrA
CertCompareCertificate
I_CertSyncStore
CryptRegisterOIDInfo
CertNameToStrW
CertVerifyCRLTimeValidity
CryptSetProviderU
RegDeleteValueU
CertDuplicateStore
CryptImportPKCS8
CertDuplicateCRLContext
CertFreeCRLContext

kernel32

VirtualAlloc
lstrlenW
lstrcmpA
GetTickCount
InitializeCriticalSection
SetEndOfFile
GlobalAddAtomW
SetProcessShutdownParameters
FindClose
RtlCaptureStackBackTrace
SetHandleInformation
OpenEventA
GetConsoleAliasExesW
lstrcpynA
WaitNamedPipeW
lstrcatA
GetCPInfoExA
LCMapStringW
GetLocaleInfoW
GetCurrentDirectoryA
GetHandleInformation
ResumeThread
GetMailslotInfo
BaseFlushAppcompatCache
OpenJobObjectA
FindAtomA
VerLanguageNameA
GetDateFormatA
SetCommConfig
GetPrivateProfileStructW
IsValidLocale
Heap32ListNext
GetConsoleKeyboardLayoutNameW
FindNextVolumeW
FindNextVolumeMountPointA
lstrcatW
GetSystemDirectoryW
GetDiskFreeSpaceExW
LocalFileTimeToFileTime
WriteConsoleInputA
VirtualQuery
RegisterWowBaseHandlers
GetConsoleCommandHistoryW
GetFileAttributesA
GetCurrentActCtx
EnumDateFormatsW
GetSystemPowerStatus
GetWindowsDirectoryW
GlobalCompact
LoadResource
ReplaceFileW
RemoveVectoredExceptionHandler
EnumCalendarInfoA
CreateRemoteThread
SetVolumeMountPointW
FindFirstFileW
CommConfigDialogA
GlobalMemoryStatus
WaitForMultipleObjectsEx
CreateFileA
InterlockedExchange
GetFirmwareEnvironmentVariableA
InterlockedPushEntrySList
SetCommMask
GetProfileSectionW
QueryDosDeviceA
GetThreadTimes
VerSetConditionMask
GetThreadLocale
SetWaitableTimer
GetVolumePathNamesForVolumeNameA
HeapSummary
SetThreadExecutionState
GetFullPathNameW
ReplaceFileA
FileTimeToDosDateTime
WriteFile
SetTimerQueueTimer
SetThreadContext
GetLargestConsoleWindowSize
GetConsoleTitleW
WriteProcessMemory
GetConsoleOutputCP
MoveFileW
GetProcessShutdownParameters

gdi32

CreateDCA
EngReleaseSemaphore
AbortDoc
FONTOBJ_pxoGetXform
GdiEntry4
LPtoDP
CreateFontIndirectA
GdiAddFontResourceW
GetCharABCWidthsA
TranslateCharsetInfo
GetNearestPaletteIndex
ClearBitmapAttributes
SetMetaRgn
bInitSystemAndFontsDirectoriesW
GetKerningPairs
EngGetCurrentCodePage
GetLogColorSpaceA
GetTextExtentExPointW
GdiEntry7
SetAbortProc
GetCharWidthW
GetTextExtentExPointWPri
GetCharABCWidthsFloatW
TextOutA
GetTextMetricsA
EngTransparentBlt
EngDeleteSemaphore
GetEnhMetaFileDescriptionW
EnumICMProfilesW
NamedEscape
GetDCPenColor
PATHOBJ_vGetBounds
GdiEntry8
GetColorSpace
GetTextExtentPointW
ExtFloodFill
DeleteEnhMetaFile
SetWorldTransform
CreatePenIndirect
DdEntry4
CLIPOBJ_bEnum
PolyBezier
EngUnlockSurface
STROBJ_bGetAdvanceWidths
EngDeletePath
GetTextExtentPoint32A
Pie
DdEntry40
SetViewportOrgEx
GetOutlineTextMetricsW
PolyPolyline
MirrorRgn
DdEntry33
GdiGetPageHandle
EnumICMProfilesA
DescribePixelFormat
EngBitBlt
GetRelAbs
GetStringBitmapA
GdiPlayPageEMF
DdEntry44
SetVirtualResolution
CreateBitmapIndirect
GdiConvertToDevmodeW
SetWindowExtEx
CreateCompatibleDC
GetRasterizerCaps
DdEntry39
EngQueryLocalTime
GdiDeleteLocalDC
GdiPlayJournal
GetBrushOrgEx
GetMetaFileW
GetObjectW
GetKerningPairsA
GdiSetAttrs

winmm

waveOutSetPlaybackRate
midiInUnprepareHeader
waveInGetPosition
midiOutGetErrorTextA
midiOutUnprepareHeader
DrvGetModuleHandle
timeKillEvent
mixerMessage
midiStreamOut
waveOutGetNumDevs
mixerGetDevCapsA
mixerGetDevCapsW
auxGetVolume
mid32Message
mciExecute
mixerSetControlDetails
mixerGetID
waveOutWrite
mciFreeCommandResource
auxGetDevCapsA

user32

GetDesktopWindow
DlgDirListW
ScrollChildren
LoadLocalFonts
CreateAcceleratorTableW
GetScrollPos
UserLpkTabbedTextOut
UnloadKeyboardLayout
SystemParametersInfoA
ScrollWindowEx
SetProgmanWindow
CopyAcceleratorTableW
LoadImageA
SetThreadDesktop
SetProcessWindowStation
RegisterClassExW
BeginPaint
OpenDesktopA
CopyImage
CharUpperBuffW
GetMessageTime
DlgDirSelectExW
GetWinStationInfo
IMPQueryIMEW
RegisterServicesProcess
IsDialogMessageW
GetKeyboardLayout
RegisterMessagePumpHook
GetWindowWord
GetShellWindow
CharUpperBuffA
ValidateRgn
CreateWindowStationW
EnumClipboardFormats
EndPaint
GetClipboardOwner
SetMenu
SetPropA
BroadcastSystemMessageW
DdeAddData
CreateCursor
GetPropW
CheckDlgButton
GrayStringW
SetClipboardViewer
GetMessageExtraInfo
CreateMDIWindowW
OpenDesktopW
GetMenuStringW
SetCaretPos
PostQuitMessage
DisableProcessWindowsGhosting
SetDlgItemTextA
RegisterWindowMessageW
DeviceEventWorker
LoadRemoteFonts
DrawMenuBarTemp
CharNextA
SetUserObjectInformationW
SetRectEmpty
BlockInput
GetScrollInfo
SetWindowsHookA
CallMsgFilter
SetMenuInfo
GetCursorInfo
GetClassNameW
SetWindowRgn
GetWindowModuleFileNameW
AllowSetForegroundWindow
CreateIcon
GetRawInputData
IsWindowInDestroy
PrintWindow
GetAltTabInfoW
GetUpdateRgn
DdeClientTransaction
GetClipboardData
MonitorFromPoint
IsHungAppWindow
DrawTextExA
DefMDIChildProcA
RegisterDeviceNotificationW
GetClipboardFormatNameA
PrivateExtractIconsA
CharNextExA
GetInputDesktop
SetWindowsHookExA
InternalGetWindowText
DeferWindowPos
CharPrevA
GetActiveWindow
IsCharUpperW
OemKeyScan
SetCursorContents
MessageBoxExA
MapVirtualKeyW
SetWindowContextHelpId
OemToCharBuffA
WinHelpA
AppendMenuW
DdePostAdvise
GetScrollBarInfo

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 66KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1024B - Virtual size: 544B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

70a4a8a108d409e41bb3e575d8ca7ba5

Headers

File Characteristics

Imports

mprapi

winspool.drv

rpcrt4

setupapi

odbc32

crypt32

kernel32

gdi32

winmm

user32

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 15KB - Virtual size: 15KB

Size: 66KB - Virtual size: 104KB

Size: 1024B - Virtual size: 544B

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 15KB - Virtual size: 15KB