aed6163e3aca71742733048cf46b6e61ff326657e2d0450a5139474550c25dd0

Sharing

Copy URL Twitter E-mail

General

Target

aed6163e3aca71742733048cf46b6e61ff326657e2d0450a5139474550c25dd0
Size

277KB
MD5

4dd4c2be6afbc59061f9905aeecc31f0
SHA1

7cba55b58314ce21738f85aded9d8f7658dbf185
SHA256

aed6163e3aca71742733048cf46b6e61ff326657e2d0450a5139474550c25dd0
SHA512

ced4ecfc0c5290f11f2c3341542c36953773550f8805feb53c84892215093c759c2f3b414b4c42b847ee5843f8724cd61ac4500893eab50d720ce96a364ecc66
SSDEEP

6144:34mkxX3LGQbkM55xnNnfTDLFsyqrO2i9xvsZzq0AfWswFzKQuR:34xLG1g5/bDLFalqJWzFzKQU

Score

N/A

Malware Config

Signatures

Files

aed6163e3aca71742733048cf46b6e61ff326657e2d0450a5139474550c25dd0
.exe windows x86

e0b210eba705ffc1c0e7af6545866c8c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

UnregisterTraceGuids
RegSetValueExW
RegCreateKeyExW
TraceMessage
GetTraceEnableFlags
RegDeleteKeyW
GetTraceLoggerHandle
RegOpenKeyExW
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegisterTraceGuidsW
RegDeleteValueW
RegCloseKey
GetTraceEnableLevel

user32

CopyRect
GetWindowLongW
SetWindowLongW
DestroyWindow
SetFocus
DialogBoxParamW
SetWindowTextW
MessageBoxW
LoadStringW
GetClientRect
GetDialogBaseUnits
GetSystemMetrics
SystemParametersInfoW
GetParent
EndDialog
GetDlgItemTextW
CharNextW
EnableWindow
CreateDialogParamW
SetDlgItemTextW
GetWindow
DrawTextW
MapWindowPoints
GetDlgItem
SendMessageW
SendDlgItemMessageW
LoadImageW
SetWindowPos
GetWindowRect
ShowWindow

kernel32

GetProcAddress
lstrcpyW
GetStartupInfoA
LeaveCriticalSection
FindResourceW
lstrlenA
GetLastError
HeapDestroy
LoadResource
lstrlenW
SetLastError
GetEnvironmentStringsA
GetUserDefaultLCID
VirtualFree
LocalFree
RemoveDirectoryA
OutputDebugStringA
FlushInstructionCache
DeleteCriticalSection
GetCurrentProcess
GetTickCount
GetProcessHeap
MultiByteToWideChar
GetSystemInfo
InterlockedDecrement
HeapAlloc
LoadLibraryW
GetCurrentProcessId
QueryPerformanceCounter
GetModuleFileNameW
FormatMessageW
LoadLibraryExW
InterlockedIncrement
HeapFree
FreeLibrary
lstrcpynW
SetUnhandledExceptionFilter
lstrcatW
lstrcmpiW
SizeofResource
EnterCriticalSection
LoadLibraryA
GetSystemTimeAsFileTime

rpcrt4

CStdStubBuffer_AddRef
CStdStubBuffer_Connect
NdrDllUnregisterProxy
NdrCStdStubBuffer_Release
NdrOleFree
NdrDllCanUnloadNow
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_CountRefs
CStdStubBuffer_Disconnect
CStdStubBuffer_QueryInterface
CStdStubBuffer_Invoke
NdrDllGetClassObject
NdrDllRegisterProxy
NdrOleAllocate

msvcrt

wcslen
??3@YAXPAX@Z
wcscmp
free
wcsncpy
_except_handler3
malloc
wcscat
swprintf
__CxxFrameHandler
?terminate@@YAXXZ
??1type_info@@UAE@XZ
??2@YAPAXI@Z
_adjust_fdiv
realloc
_initterm

wldap32

ldap_controls_freeW
ldap_count_references
ldap_count_entries
ldap_count_values

url

OpenURLA
TelnetProtocolHandlerA
TelnetProtocolHandler
OpenURL

shell32

ShellExecuteW
SHGetFolderPathW

Sections

text
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 152KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 916B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e0b210eba705ffc1c0e7af6545866c8c

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

user32

kernel32

rpcrt4

msvcrt

wldap32

url

shell32

Sections

text Size: 122KB - Virtual size: 121KB

.rdata Size: 152KB - Virtual size: 155KB

.rsrc Size: 1024B - Virtual size: 916B

text
Size: 122KB - Virtual size: 121KB

.rdata
Size: 152KB - Virtual size: 155KB

.rsrc
Size: 1024B - Virtual size: 916B