cc6d5df12d941363044792193cbf41e5de95f3178f360cc3d127c8ee1b0a1678

Sharing

Copy URL Twitter E-mail

General

Target

cc6d5df12d941363044792193cbf41e5de95f3178f360cc3d127c8ee1b0a1678
Size

367KB
MD5

808495edec88fbcf93388ca166b93f8c
SHA1

72944e5687dde24a798195c93982186ec10a2e2c
SHA256

cc6d5df12d941363044792193cbf41e5de95f3178f360cc3d127c8ee1b0a1678
SHA512

58ac2dbae68a9d26bf24bfd4b51732d6c608d742c9fd57fb5335106e4f33b6f6774dca4a78b8bb3e9b2a0893882209ecae217d536935bb82c7cafa7fe91efabe
SSDEEP

6144:cyaQWeJ5K2dAMRAhy+AVYJL9JwGS3wUnLpSpYkL72H6tuY5:0QWeHFY

Score

N/A

Malware Config

Signatures

Files

cc6d5df12d941363044792193cbf41e5de95f3178f360cc3d127c8ee1b0a1678
.exe windows x86

e9d568acd1490b6ce1817e4e813fbbc2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrToIntW
StrCmpNIW
PathFindFileNameW
ChrCmpIW
StrCmpIW
PathGetArgsW
SHDeleteValueW
SHGetValueW
StrCpyNW
PathAppendW
PathRemoveFileSpecW

advapi32

RegOpenKeyExA
RegQueryValueExA
ReportEventW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
RegCreateKeyW
DeregisterEventSource
RegisterEventSourceW
RegQueryValueExW
LsaQueryInformationPolicy
LsaOpenPolicy
FreeSid
SetFileSecurityW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CloseServiceHandle
OpenServiceW
OpenSCManagerW
QueryServiceConfigW
QueryServiceStatus
LsaClose

kernel32

GetSystemDirectoryW
GetCommandLineW
GetTimeFormatW
GetDateFormatW
GetLocalTime
GetLocaleInfoW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDiskFreeSpaceExW
GetVersionExW
FormatMessageW
CreateEventW
ResetEvent
SetEvent
WaitForSingleObject
lstrcmpiA
WriteFile
CreateProcessW
CreateFileW
GetFileSize
CreateFileMappingW
MapViewOfFile
ExpandEnvironmentStringsW
GetFileAttributesW
UnmapViewOfFile
CloseHandle
ReadFile
GetCurrentProcess
FlushInstructionCache
GetCurrentThreadId
GlobalAlloc
GlobalLock
GlobalUnlock
EnterCriticalSection
LeaveCriticalSection
GetShortPathNameW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
lstrlenA
GetWindowsDirectoryW
GetLastError
LoadLibraryW
GetProcAddress
FreeLibrary
HeapCreate
GetSystemInfo
GetModuleFileNameW
lstrcatW
HeapDestroy
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
HeapFree
lstrcpyW
LocalAlloc
lstrlenW
MultiByteToWideChar
GetSystemTimeAsFileTime
GetProcessHeap
HeapAlloc
HeapReAlloc
lstrcpynW
RemoveDirectoryW
SetFileAttributesW
DeleteFileW
MoveFileW
lstrcmpW
SetLastError
FindClose
FindNextFileW
FindFirstFileW
GetVolumeNameForVolumeMountPointW
GetComputerNameW
RaiseException
LoadLibraryA
InterlockedExchange
GetStartupInfoW
GetModuleHandleA

gdi32

CreateRectRgnIndirect
CreateMetaFileW
SetWindowExtEx
CloseMetaFile
DeleteMetaFile
CreateDCW
GetDeviceCaps
LPtoDP
SaveDC
SetMapMode
SetWindowOrgEx
SetViewportOrgEx
DeleteDC
RestoreDC

user32

wvsprintfW
IntersectRect
EqualRect
OffsetRect
SetWindowRgn
SetCursor
FindWindowW
SetForegroundWindow
ExitWindowsEx
MessageBoxW
LoadImageW
GetSystemMetrics
AdjustWindowRectEx
GetDesktopWindow
LoadStringW
GetWindow
GetWindowRect
SystemParametersInfoW
MapWindowPoints
SendMessageW
CreateWindowExW
GetClassInfoExW
LoadCursorW
wsprintfW
RegisterClassExW
GetParent
ShowWindow
SetFocus
GetFocus
IsChild
BeginPaint
GetClientRect
EndPaint
InvalidateRect
DestroyAcceleratorTable
GetKeyState
IsWindow
CallWindowProcW
GetWindowLongW
SetWindowLongW
UnionRect
PtInRect
GetDC
ReleaseDC
DefWindowProcW
DestroyWindow
CharNextW
SetWindowPos

srrstr

ord3
ord2
ord5
ord6
ord10

ole32

OleSaveToStream
WriteClassStm
OleLoadFromStream
CreateDataAdviseHolder
OleRegGetMiscStatus
CreateOleAdviseHolder
OleRegGetUserType
OleRegEnumVerbs
CoUninitialize
CoInitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
CoRegisterClassObject
CoRevokeClassObject
CoTaskMemRealloc

oleaut32

DispCallFunc
VariantInit
SysAllocString
SysFreeString
VarUI4FromStr
LoadTypeLi
RegisterTypeLi
LoadRegTypeLi
SysStringLen
VariantClear
VariantChangeType
SysAllocStringByteLen
SysStringByteLen
OleCreatePropertyFrame
SystemTimeToVariantTime
VariantTimeToSystemTime

msvcrt

__CxxFrameHandler
??3@YAXPAX@Z
_controlfp
_except_handler3
_onexit
__dllonexit
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
_wtol
wcsncmp
_wcsnicmp
strtol
_wtoi
wcschr
wcsstr
wcscmp
_ftol
realloc
free
malloc
??2@YAPAXI@Z
_purecall

winsta

WinStationOpenServerW
WinStationEnumerateW
WinStationIsHelpAssistantSession
WinStationFreeMemory
WinStationCloseServer

Exports

Exports

??0CCounter@@QAE@XZ
??1CCounter@@QAE@XZ
??4CCounter@@QAEAAV0@ABV0@@Z
?Down@CCounter@@QAEKXZ
?GetCount@CCounter@@QAEJXZ
?Init@CCounter@@QAEKXZ
?Up@CCounter@@QAEXXZ
?WaitForZero@CCounter@@QAEKXZ

Sections

.text
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 259KB - Virtual size: 280KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e9d568acd1490b6ce1817e4e813fbbc2

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

advapi32

kernel32

gdi32

user32

srrstr

ole32

oleaut32

msvcrt

winsta

Exports

Exports

Sections

.text Size: 98KB - Virtual size: 98KB

.data Size: 8KB - Virtual size: 14KB

.rsrc Size: 259KB - Virtual size: 280KB

.text
Size: 98KB - Virtual size: 98KB

.data
Size: 8KB - Virtual size: 14KB

.rsrc
Size: 259KB - Virtual size: 280KB