95a63e80596a7405080a927c96533edd99e8c7cd9f99ab38bd7f6baa26bf35fc

Sharing

Copy URL Twitter E-mail

General

Target

95a63e80596a7405080a927c96533edd99e8c7cd9f99ab38bd7f6baa26bf35fc
Size

871KB
MD5

a391aa1fb90685f3596c6b4ed0da1400
SHA1

0de3eebfd49ab01c7495b584957e0fff2093a3a1
SHA256

95a63e80596a7405080a927c96533edd99e8c7cd9f99ab38bd7f6baa26bf35fc
SHA512

a3cb604ea925b088370073ccb2a1999f8610378f4c633f061d3aa16f7b7e0bb928815bc4d02dd3867943fb3c88045c359a2c600950b58cbeb9ccc94cd86a26d2
SSDEEP

24576:aHlU68rI52LlDnCJedxSA5c0UQZ0BduRPgv43DZgUqdGVkko/DC:aW68s0LlDnCIXNc0L03wPgv43DZgUqdW

Score

N/A

Malware Config

Signatures

Files

95a63e80596a7405080a927c96533edd99e8c7cd9f99ab38bd7f6baa26bf35fc
.exe windows x86

67e997d17853a9a347c8bc52512f8892

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

rpcrt4

NDRCContextBinding
NdrCStdStubBuffer_Release
RpcAsyncInitializeHandle
RpcServerUseProtseqW
RpcBindingSetObject
CStdStubBuffer_AddRef
RpcBindingFree
MesEncodeIncrementalHandleCreate
NdrDllGetClassObject
IUnknown_QueryInterface_Proxy
RpcSsDestroyClientContext
RpcBindingServerFromClient

ulib

??0LIST@@QAE@XZ
?Initialize@WSTRING@@QAEEPBDK@Z
??8WSTRING@@QBEEABV0@@Z
?Strupr@WSTRING@@QAEPAV1@XZ
?GetLexeme@ARGUMENT@@QAEPAVWSTRING@@XZ
?DisableBreakHandling@KEYBOARD@@SGEXZ
?QueryFile@SYSTEM@@SGPAVFSN_FILE@@PBVPATH@@EPAE@Z
??1MESSAGE@@UAE@XZ
?Initialize@BITVECTOR@@QAEEKW4BIT@@PAK@Z
?Initialize@TIMEINFO@@QAEEPAU_FILETIME@@@Z
?HasWildCard@PATH@@QBEEXZ
?Initialize@PATH_ARGUMENT@@QAEEPADE@Z
?IsValueSet@ARGUMENT@@QAEEXZ
?EnableLineMode@KEYBOARD@@QAEEXZ
?Fatal@PROGRAM@@UBAXKKPADZZ
??1HMEM@@UAE@XZ

user32

SetCaretBlinkTime
LoadLocalFonts
DrawMenuBarTemp
ShowOwnedPopups
MapVirtualKeyExW
RegisterDeviceNotificationW
IsDialogMessageA
GetParent
CreateWindowStationW
DdeQueryConvInfo
RemovePropW
MonitorFromWindow
SendMessageW
SetCursor
InvertRect
TrackMouseEvent
MoveWindow
EnumThreadWindows
SetWindowsHookExA
CreateDialogParamW
BuildReasonArray
LoadStringA
CascadeWindows
SetWindowLongW
wsprintfA
DialogBoxParamA
DefWindowProcA
SendDlgItemMessageW
DialogBoxIndirectParamW

mscms

IsColorProfileValid
CreateColorTransformA
OpenColorProfileA
CheckBitmapBits
TranslateColors
InternalGetPS2ColorSpaceArray
CloseColorProfile
CreateColorTransformW
GetColorProfileElement
InternalGetPS2PreviewCRD
GetColorDirectoryA
EnumColorProfilesA
DeleteColorTransform
TranslateBitmapBits
InstallColorProfileW
GetStandardColorSpaceProfileW
GetColorDirectoryW
UninstallColorProfileW

odbc32

CursorLibLockStmt
CursorLibLockDesc
VRetrieveDriverErrorsRowCol
SQLTablesA
CursorLibTransact
PostODBCComponentError
SearchStatusCode
ValidateErrorQueue
CursorLibLockDbc
VFreeErrors
PostODBCError
LockHandle

imm32

ImmGetIMEFileNameW
ImmSetConversionStatus
ImmNotifyIME
ImmRequestMessageW
ImmGetContext
ImmLockIMCC
ImmGetImeMenuItemsW
ImmGetCompositionStringW
ImmEscapeW
ImmGetGuideLineW
ImmGetConversionStatus
ImmSetCompositionWindow
ImmIsIME
ImmGetIMCCSize
ImmGetHotKey
ImmSetCompositionStringW
ImmDestroyContext

kernel32

CompareFileTime
GetLocalTime
CreateFileW
SetConsoleOS2OemFormat
SetLastError
ReadDirectoryChangesW
CommConfigDialogW
GetSystemDirectoryW
SetConsoleCursorInfo
Module32NextW
ReadConsoleInputW
WriteFileEx
SetThreadLocale
SetLocaleInfoA
VirtualAlloc
GetFullPathNameW
SetConsoleTitleW
CreateIoCompletionPort
RemoveDirectoryW
CreateWaitableTimerW
OpenFileMappingA
WritePrivateProfileSectionW
VerifyVersionInfoW
MoveFileWithProgressW

advapi32

QueryServiceLockStatusW
AreAllAccessesGranted
GetSidIdentifierAuthority
CryptGetDefaultProviderW
EnumServicesStatusExW
ElfReportEventW
StartServiceCtrlDispatcherA
GetEventLogInformation
CloseServiceHandle
AccessCheckAndAuditAlarmA
PrivilegeCheck
GetSecurityDescriptorLength
SystemFunction005
BuildExplicitAccessWithNameW

Sections

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ldata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.code
Size: 85KB - Virtual size: 360KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 130KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 297KB - Virtual size: 322KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 125KB - Virtual size: 235KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 134KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 922B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

67e997d17853a9a347c8bc52512f8892

Headers

DLL Characteristics

File Characteristics

Imports

rpcrt4

ulib

user32

mscms

odbc32

imm32

kernel32

advapi32

Sections

.pdata Size: 5KB - Virtual size: 4KB

.ldata Size: 2KB - Virtual size: 1KB

.code Size: 85KB - Virtual size: 360KB

.idata Size: 130KB - Virtual size: 224KB

.edata Size: 297KB - Virtual size: 322KB

.rdata Size: 125KB - Virtual size: 235KB

.data Size: 134KB - Virtual size: 177KB

.rsrc Size: 91KB - Virtual size: 90KB

.reloc Size: 1024B - Virtual size: 922B

.pdata
Size: 5KB - Virtual size: 4KB

.ldata
Size: 2KB - Virtual size: 1KB

.code
Size: 85KB - Virtual size: 360KB

.idata
Size: 130KB - Virtual size: 224KB

.edata
Size: 297KB - Virtual size: 322KB

.rdata
Size: 125KB - Virtual size: 235KB

.data
Size: 134KB - Virtual size: 177KB

.rsrc
Size: 91KB - Virtual size: 90KB

.reloc
Size: 1024B - Virtual size: 922B