44aefa7e76b395c9bc40384505740bf0c38ea39b8952547d178092a738612749

Sharing

Copy URL Twitter E-mail

General

Target

44aefa7e76b395c9bc40384505740bf0c38ea39b8952547d178092a738612749
Size

98KB
MD5

80d597f7f538add8935007fa41b27c67
SHA1

cf3f47c0ec944b9a35744587a1c52e8ee077b9d6
SHA256

44aefa7e76b395c9bc40384505740bf0c38ea39b8952547d178092a738612749
SHA512

5a303ccc3fb7aaa8d988706404522aa14a82cd4797a5e33bb7c5edc27ad79889ce9714842d788c013a21f6607a0831f35ae2d6e5feeff54b7647ff1f07d43c06
SSDEEP

1536:n/xW87wZBHfmTMdY00l3uU1HIED1fCbWpygzU6zkTMakuIEi0Wv79cdlXs:n/xW8unSJj16bEZoY5hEi0S9+1

Score

N/A

Malware Config

Signatures

Files

44aefa7e76b395c9bc40384505740bf0c38ea39b8952547d178092a738612749
.exe windows x86

b7d1e7c5b919291dd787705261b81bad

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

GetSidIdentifierAuthority
OpenProcessToken
GetSidSubAuthority
OpenThreadToken
GetSidSubAuthorityCount
GetTokenInformation
CopySid
ConvertStringSidToSidW
RegDeleteTreeW
RegEnumValueW
IsValidSid
RegOpenKeyExW
GetLengthSid
RegEnumKeyExW
ConvertSidToStringSidW
RegCloseKey

kernel32

GetCommandLineW
GetCurrentThread
Sleep
GetStartupInfoA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetModuleHandleA
CompareStringOrdinal
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
LocalFree
CloseHandle
LocalAlloc
GetLastError
GetCurrentProcess

user32

MessageBoxW
LoadStringW
LoadIconW
PostMessageW

msvcrt

_except_handler4_common
_controlfp
?terminate@@YAXXZ
_acmdln
__setusermatherr
_ismbblead
__p__fmode
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
__p__commode
_XcptFilter
??2@YAPAXI@Z
wcsncmp
??3@YAXPAX@Z
_initterm
memset

crypt32

CryptUpdateProtectedState

ole32

CoInitialize
CoUninitialize

comctl32

ord345
PropertySheetW

shell32

CommandLineToArgvW

netapi32

NetApiBufferFree
NetUserModalsGet

dui70

?FindDescendent@Element@DirectUI@@QAEPAV12@G@Z
?GetEncodedContentString@Element@DirectUI@@QAEJPAGI@Z
UnInitThread
??0TaskPage@DirectUI@@QAE@XZ
??1TaskPage@DirectUI@@UAE@XZ
?DUICreatePropertySheetPage@TaskPage@DirectUI@@QAEJPAUHINSTANCE__@@@Z
?PropSheet_SendMessage@TaskPage@DirectUI@@IAEJIIJ@Z
?LoadParser@TaskPage@DirectUI@@MAEJPAPAVDUIXmlParser@2@@Z
?CreateDUICP@TaskPage@DirectUI@@EAEJPAVHWNDElement@2@PAUHWND__@@1PAPAVElement@2@PAPAVDUIXmlParser@2@@Z
?DestroyCP@TaskPage@DirectUI@@EAEXXZ
InitThread
?Click@Button@DirectUI@@SG?AVUID@@XZ
StrToID
?OnListenedInput@TaskPage@DirectUI@@MAEXPAVElement@2@PAUInputEvent@2@@Z
?OnListenedPropertyChanged@TaskPage@DirectUI@@MAEXPAVElement@2@PBUPropertyInfo@2@HPAVValue@2@2@Z
UnInitProcessPriv
?SetVisible@Element@DirectUI@@QAEJ_N@Z
?SetLayoutPos@Element@DirectUI@@QAEJH@Z
?SetContentString@Element@DirectUI@@QAEJPBG@Z
?SetEnabled@Element@DirectUI@@QAEJ_N@Z
?SetMaxLength@Edit@DirectUI@@QAEJH@Z
?LoadPage@TaskPage@DirectUI@@MAEJPAVHWNDElement@2@PAUHINSTANCE__@@PAPAVElement@2@PAPAVDUIXmlParser@2@@Z
?InitPropSheetPage@TaskPage@DirectUI@@MAEXPAU_PROPSHEETPAGEW@@@Z
?OnQueryCancel@TaskPage@DirectUI@@MAEJXZ
?OnReset@TaskPage@DirectUI@@MAEJXZ
?OnWizBack@TaskPage@DirectUI@@MAEJXZ
?OnWizFinish@TaskPage@DirectUI@@MAEJXZ
?OnWizNext@TaskPage@DirectUI@@MAEJXZ
?OnQueryInitialFocus@TaskPage@DirectUI@@MAEPAVElement@2@XZ
?CreateParserCP@TaskPage@DirectUI@@EAEJPAPAVDUIXmlParser@2@@Z
?OnMessage@TaskPage@DirectUI@@MAE_NIIJPAJ@Z
?OnListenerAttach@TaskPage@DirectUI@@MAEXPAVElement@2@@Z
?OnListenerDetach@TaskPage@DirectUI@@MAEXPAVElement@2@@Z
?OnListenedPropertyChanging@TaskPage@DirectUI@@MAE_NPAVElement@2@PBUPropertyInfo@2@HPAVValue@2@2@Z
InitProcessPriv

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

rgmzosi
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b7d1e7c5b919291dd787705261b81bad

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

msvcrt

crypt32

ole32

comctl32

shell32

netapi32

dui70

Sections

.text Size: 8KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 888B

.idata Size: 4KB - Virtual size: 4KB

.rsrc Size: 55KB - Virtual size: 55KB

.reloc Size: 29KB - Virtual size: 30KB

rgmzosi Size: - Virtual size: 4KB

.text
Size: 8KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 888B

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 55KB - Virtual size: 55KB

.reloc
Size: 29KB - Virtual size: 30KB

rgmzosi
Size: - Virtual size: 4KB