407489a9a64e45c0a63e3d469caeb20297d5c7e6188bcbb8045d50a8e8d6d4cc

Sharing

Copy URL Twitter E-mail

General

Target

407489a9a64e45c0a63e3d469caeb20297d5c7e6188bcbb8045d50a8e8d6d4cc
Size

81KB
MD5

ce7828ddff181e1d4298cec4f6230c6a
SHA1

331c7cf6379b327b94de18550c1a316d11bfff2e
SHA256

407489a9a64e45c0a63e3d469caeb20297d5c7e6188bcbb8045d50a8e8d6d4cc
SHA512

fd445b65ccf92433ab2390ae7ed8b671d6b0f3ee725bfad2270b2981cb8c35291b786649d83b398f6e404c7696c9602dc38df49362c568c94e74718a02161a74
SSDEEP

1536:tMppEAU/trPp4q//Bi+7ZiWY48jwZfDw4q4g:tTFTK2BiZFOu4g

Score

N/A

Malware Config

Signatures

Files

407489a9a64e45c0a63e3d469caeb20297d5c7e6188bcbb8045d50a8e8d6d4cc
.zip
Andrea Neumann Mediathek Abo-Rechnung.com
.exe windows x86

a66019bfbbf2280e1e85e5f91df9b119

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

samlib

SamGetAliasMembership
SamRemoveMemberFromAlias
SamiSetDSRMPassword
SamEnumerateDomainsInSamServer
SamOpenUser
SamCloseHandle
SamCreateAliasInDomain
SamConnect
SamiChangePasswordUser2
SamSetSecurityObject
SamRemoveMemberFromGroup
SamQueryInformationAlias
SamOpenGroup
SamTestPrivateFunctionsDomain
SamSetInformationUser
SamiEncryptPasswords
SamQueryDisplayInformation
SamLookupIdsInDomain
SamSetInformationGroup

crypt32

CryptFormatObject
PFXImportCertStore
CertGetPublicKeyLength
CertFindChainInStore
CryptGetKeyIdentifierProperty
CryptExportPublicKeyInfoEx
CryptSIPCreateIndirectData
CryptVerifyDetachedMessageHash
CertAddEncodedCertificateToStore
CertDuplicateCertificateChain
CertCreateCertificateChainEngine
CertGetStoreProperty
PFXIsPFXBlob
CertFreeCertificateChain
CertFreeCertificateContext
CertDeleteCertificateFromStore
CryptMsgVerifyCountersignatureEncoded
CryptExportPKCS8
CryptDecryptAndVerifyMessageSignature
CertOpenSystemStoreW
CryptSignAndEncodeCertificate
CryptEnumKeyIdentifierProperties
CertVerifyTimeValidity
CryptDecryptMessage
CertCreateCertificateContext
CryptImportPKCS8
CertStrToNameW
CryptMsgOpenToDecode
CryptGetMessageCertificates
CryptMsgCalculateEncodedLength

kernel32

GetThreadTimes
CreateWaitableTimerW
GetQueuedCompletionStatus
SetCurrentDirectoryW
IsValidCodePage
GetVersion
GetDateFormatA
GetPrivateProfileStructA
EndUpdateResourceW
CreateDirectoryA
FindNextFileW
GetProcAddress
HeapCompact
GetThreadContext
InitializeCriticalSection
Process32NextW
GetPrivateProfileSectionW
GlobalFindAtomW
DeleteAtom
RegisterWaitForSingleObject
FoldStringW
CreateFileW
GetPrivateProfileIntA
CommConfigDialogA
GetProcessShutdownParameters
LockFile
EnumCalendarInfoExA
SetProcessShutdownParameters
GetCurrentDirectoryA
ReadDirectoryChangesW
RequestDeviceWakeup
GetModuleHandleA
FileTimeToDosDateTime
DeleteFileW
SetProcessAffinityMask
HeapReAlloc
GetLastError
GetDefaultCommConfigW
GlobalReAlloc
_lread

advapi32

CryptHashSessionKey
RegQueryValueW
DuplicateEncryptionInfoFile
AddAccessDeniedObjectAce
LogonUserW
RegOpenKeyExW
BuildTrusteeWithSidW
ElfFlushEventLog
ElfChangeNotify
RegDisablePredefinedCache
CryptSignHashA
RegisterServiceCtrlHandlerA
LsaSetTrustedDomainInformation
ImpersonateAnonymousToken
LookupSecurityDescriptorPartsW
ElfClearEventLogFileW
LsaAddAccountRights
OpenEventLogA
SystemFunction001
LsaSetTrustedDomainInfoByName
CloseEncryptedFileRaw
CreateProcessAsUserA
LsaQueryDomainInformationPolicy
ConvertStringSidToSidW
RegQueryInfoKeyA
TrusteeAccessToObjectW
AccessCheckByTypeResultList
SystemFunction023
GetTrusteeTypeW
SetSecurityDescriptorOwner
MakeAbsoluteSD2
CryptVerifySignatureW
QueryUsersOnEncryptedFile
AddAccessAllowedAceEx
LsaQueryInfoTrustedDomain
LookupPrivilegeValueA
LsaRemovePrivilegesFromAccount
SystemFunction013
CryptEnumProviderTypesW
ReadEncryptedFileRaw
LsaOpenTrustedDomain
CancelOverlappedAccess
AddAuditAccessAceEx
LsaOpenSecret
LsaLookupNames
ObjectDeleteAuditAlarmA
AddAuditAccessAce
NotifyChangeEventLog
GetEventLogInformation
ObjectCloseAuditAlarmW
ConvertToAutoInheritPrivateObjectSecurity
SystemFunction003
LookupPrivilegeDisplayNameW
ElfClearEventLogFileA
OpenServiceW
GetAuditedPermissionsFromAclA
LsaQuerySecurityObject

mpr

WNetGetUniversalNameA
WNetAddConnection3W
WNetGetResourceInformationW
WNetGetProviderNameA
WNetOpenEnumA
WNetGetProviderNameW
WNetCancelConnectionW
WNetGetConnectionA
WNetEnumResourceA
WNetGetUserW
MultinetGetConnectionPerformanceW
WNetCloseEnum
WNetAddConnection3A
WNetSetLastErrorW
WNetGetResourceInformationA

resutils

ResUtilGetDwordValue
ResUtilSetPropertyParameterBlock
ResUtilVerifyPropertyTable
ResUtilSetUnknownProperties
ResUtilEnumProperties
ResUtilGetAllProperties
ResUtilGetBinaryProperty
ClusWorkerStart
ResUtilGetDwordProperty
ResUtilSetMultiSzValue
ResUtilGetPrivateProperties
ResUtilSetDwordValue
ResUtilFindExpandedSzProperty
ResUtilFindMultiSzProperty
ResUtilSetPropertyParameterBlockEx
ResUtilGetPropertiesToParameterBlock
ResUtilFindDwordProperty
ResUtilSetPropertyTable
ResUtilSetPropertyTableEx
ResUtilEnumResources
ResUtilGetSzValue
ResUtilGetBinaryValue
ResUtilGetResourceDependencyByName
ResUtilFindBinaryProperty

shlwapi

AssocQueryKeyA

mswsock

sethostname
rexec
GetServiceW
GetNameByTypeW
WSARecvEx
GetAddressByNameW
SetServiceW
dn_expand
SetServiceA
GetTypeByNameW
GetNameByTypeA
TransmitFile
rresvport
GetTypeByNameA
AcceptEx
NPLoadNameSpaces
EnumProtocolsA
GetAddressByNameA
EnumProtocolsW
MigrateWinsockConfiguration

iphlpapi

InternalGetIpNetTable
SetIfEntry
GetIfEntry
GetRTTAndHopCount
SetIpNetEntry
GetUdpTable
AllocateAndGetIpAddrTableFromStack
SetTcpEntry
SetIpTTL
InternalDeleteIpForwardEntry
IpReleaseAddress
InternalGetIpAddrTable
CreateProxyArpEntry
InternalCreateIpNetEntry
GetIpNetTable
NhGetInterfaceNameFromGuid
GetTcpStatistics
DeleteIPAddress
GetIpStatistics
GetIpForwardTable
FlushIpNetTable
NotifyAddrChange
NhpAllocateAndGetInterfaceInfoFromStack
InternalCreateIpForwardEntry
GetIcmpStatistics
SetIpForwardEntry
InternalGetUdpTable

user32

IsZoomed
GetDialogBaseUnits
DialogBoxParamW
CreateIconIndirect
CopyRect
DestroyCursor
WaitForInputIdle
ChangeMenuW
DdeQueryStringW
GetWindowTextW
GetTabbedTextExtentW
RegisterWindowMessageA
VkKeyScanExW
CharLowerA
FreeDDElParam
GetIconInfo
GetMenuStringW
CloseWindowStation
GetMenuDefaultItem
ToAscii
GetAncestor
GetDlgItemTextW
UnregisterDeviceNotification
SendMessageW
CopyIcon
WinHelpW
GetComboBoxInfo
EndDialog
GetMenuBarInfo
SetWindowContextHelpId
WaitMessage
UnhookWindowsHook
IsCharUpperW
DrawCaption
LockWindowUpdate
ArrangeIconicWindows
GetDesktopWindow
SetWindowTextA
CreateWindowStationW
SetDlgItemInt
CopyAcceleratorTableA
CountClipboardFormats
DdeAbandonTransaction
ModifyMenuW
wvsprintfW
MsgWaitForMultipleObjectsEx
LockSetForegroundWindow
SendMessageA

msvcrt

wcscat
_daylight
_get_osfhandle
_adj_fdiv_m32
_write
__winitenv
_wpopen
_ismbslead
_mbsspnp
_mbscspn
fputwc
_ismbcgraph
_fgetchar
getwchar
_strerror
_findfirst
_ui64toa
_seterrormode
isdigit
rand
_dup2
_memicmp
_mbccpy
islower
towlower
_wfindnexti64
_wspawnve
_cscanf
_aexit_rtn
__initenv
_ftime64

winmm

auxGetDevCapsW
mciFreeCommandResource
mciSetYieldProc
waveInGetErrorTextW
mixerSetControlDetails
mixerGetControlDetailsW
mciGetDriverData
midiOutSetVolume
midiOutUnprepareHeader
mciExecute
mmioFlush
timeGetTime
joySetThreshold
waveOutOpen
waveOutWrite
mmioRenameA
timeEndPeriod
midiOutGetDevCapsW
mciGetDeviceIDFromElementIDW
SendDriverMessage
waveInGetID
mmioWrite
CloseDriver
auxSetVolume
midiInGetNumDevs
mciGetYieldProc
midiOutShortMsg
waveOutGetNumDevs
mmioStringToFOURCCW
midiStreamOut
mmTaskCreate
midiInOpen
WOW32ResolveMultiMediaHandle
midiStreamPosition

Sections

.text
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.xdata
Size: 24KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a66019bfbbf2280e1e85e5f91df9b119

Headers

File Characteristics

Imports

samlib

crypt32

kernel32

advapi32

mpr

resutils

shlwapi

mswsock

iphlpapi

user32

msvcrt

winmm

Sections

.text Size: 42KB - Virtual size: 41KB

.xdata Size: 24KB - Virtual size: 27KB

.rdata Size: 10KB - Virtual size: 10KB

.rsrc Size: 3KB - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 7KB

.text
Size: 42KB - Virtual size: 41KB

.xdata
Size: 24KB - Virtual size: 27KB

.rdata
Size: 10KB - Virtual size: 10KB

.rsrc
Size: 3KB - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 7KB