2a7746fc90eaa21f911b15e4975a0a27535ff004e7d2ccc7d1b7ee370234e67b

Sharing

Copy URL Twitter E-mail

General

Target

2a7746fc90eaa21f911b15e4975a0a27535ff004e7d2ccc7d1b7ee370234e67b
Size

799KB
MD5

e61315d5f383478a41bc602e8cd99992
SHA1

5ece5fc55271d68a92f383f99aa608d92cedbe66
SHA256

2a7746fc90eaa21f911b15e4975a0a27535ff004e7d2ccc7d1b7ee370234e67b
SHA512

30b6d92772f9341bcda575b94a6c89565e589909523e06fc016f41aea9f4e021a79b7004c482b307c2ac1cd87405f91bd820c1eefee8545469a4d79b8652cd3e
SSDEEP

12288:btXfvngGrFMDIswO0HtJqfkEgKMm6jBfHn5S1zfPSTopkuZEjcr:hXHgGr0zGLqfbgKMF5S1jhkuZB

Score

N/A

Malware Config

Signatures

Files

2a7746fc90eaa21f911b15e4975a0a27535ff004e7d2ccc7d1b7ee370234e67b
.exe windows x86

606961a685dc784cbb4eeb275a861013

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

SetFileTime
RtlMoveMemory
IsDebuggerPresent
CreateMutexA
ReadConsoleW
ReleaseMutex
ProcessIdToSessionId
SetStdHandle
CreateProcessA
FindAtomW
EndUpdateResourceA
GetTempFileNameA
VirtualAlloc
SetConsoleCtrlHandler
SetFilePointerEx
SetEnvironmentVariableA
SetErrorMode
OpenFileMappingA
GetPrivateProfileStringA
FindResourceW

cfgmgr32

CM_Get_Res_Des_Data_Size_Ex
CM_Set_HW_Prof_Flags_ExW
CM_Get_Device_Interface_List_ExW
CM_Get_DevNode_Status
CM_Reenumerate_DevNode
CM_Get_Device_ID_List_ExW
CM_Open_Class_Key_ExW
CM_Get_Res_Des_Data_Ex
CM_Get_Class_Name_ExW
CM_Get_Device_ID_Size
CM_Open_DevNode_Key_Ex
CM_Locate_DevNode_ExW
CM_Get_Device_IDW
CM_Get_Device_ID_List_Size_ExW
CM_Free_Log_Conf_Handle
CMP_WaitNoPendingInstallEvents
CM_Enumerate_Classes_Ex
CM_Get_HW_Prof_Flags_ExW
CM_Connect_MachineW
CM_Get_DevNode_Registry_PropertyW

user32

GetMessageW
GetFocus
GetSysColor
AdjustWindowRect
GetRawInputData
SetScrollRange
SendMessageW
InsertMenuItemA
GetClientRect
SetShellWindowEx
CreateAcceleratorTableW
DdeNameService
LoadKeyboardLayoutA
GetWindowRgn
WinHelpW
CharUpperW
CharToOemBuffW
DispatchMessageW
RegisterWindowMessageW
TranslateAcceleratorW
UnhookWinEvent
DlgDirSelectExA
WindowFromPoint
EnumPropsW
InsertMenuW
IntersectRect
MessageBoxExA
GetWindowThreadProcessId
FrameRect
RegisterClipboardFormatA
LoadAcceleratorsA
DestroyCaret
GetCursorInfo

msvcrt

_CIasin
exit
_spawnl
_endthread
fgetws
srand
__lc_codepage
__setusermatherr
_strncoll
toupper
vswprintf
_wcsicmp
_endthreadex
_strtime
sqrt
??3@YAXPAX@Z
fread
_waccess
??8type_info@@QBEHABV0@@Z
wcsncat
__toascii
_eof
localtime
_setjmp3
_finite
wctomb
__initenv

crypt32

I_CertSrvProtectFunction

dnsapi

DnsQuery_W
DnsReplaceRecordSetUTF8
DnsModifyRecordsInSet_UTF8
DnsQuery_UTF8
DnsQueryConfig
DnsRecordListFree
DnsValidateName_W
DnsNameCompareEx_W
DnsValidateName_UTF8
DnsDhcpSrvRegisterInit
DnsNameCompare_W
DnsStatusString
DnsNotifyResolver
DnsDhcpSrvRegisterTerm

advapi32

RegNotifyChangeKeyValue
CryptGenKey
GetServiceDisplayNameW
RegQueryMultipleValuesW
AccessCheckAndAuditAlarmA
RegSaveKeyW
RegOpenCurrentUser
ReportEventA
RegLoadKeyA
SetSecurityDescriptorDacl
SystemFunction040
CryptAcquireContextA
AddAce
GetSecurityDescriptorGroup
ControlTraceW
AbortSystemShutdownW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetEventLogInformation
IsValidSid
I_ScSetServiceBitsW
GetCurrentHwProfileA
IsTokenRestricted
GetSidLengthRequired
CryptContextAddRef
GetWindowsAccountDomainSid
LogonUserA
SystemFunction029
GetSidIdentifierAuthority
RegDisablePredefinedCache
MakeSelfRelativeSD
CommandLineFromMsiDescriptor
SetSecurityDescriptorOwner

gdi32

AbortPath
CreateFontW
PlgBlt
RemoveFontResourceW
IntersectClipRect
CreateHatchBrush
GdiEntry1
GetROP2
CloseEnhMetaFile
SetDIBits
ResizePalette
SetViewportOrgEx
Ellipse
PolylineTo
DeleteDC
CreateFontIndirectW
EndDoc
EngDeleteSurface
EnumFontFamiliesW
GetWindowOrgEx
SetROP2
GetWorldTransform
EnumFontsW
DeleteMetaFile
XLATEOBJ_cGetPalette
EngUnlockSurface

ole32

HWND_UserSize
MkParseDisplayName
CoGetObjectContext
CreateILockBytesOnHGlobal
PropVariantClear
GetClassFile
HMENU_UserMarshal
CoInitializeSecurity
HBITMAP_UserFree
CoImpersonateClient
HBITMAP_UserUnmarshal
OleSetMenuDescriptor
OleGetIconOfClass
HBITMAP_UserMarshal
StgCreateDocfile
CreateClassMoniker
IIDFromString
CoSwitchCallContext
CoTaskMemAlloc
HBITMAP_UserSize
HGLOBAL_UserSize

Sections

.text
Size: 73KB - Virtual size: 504KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 137KB - Virtual size: 375KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 205KB - Virtual size: 266KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 221KB - Virtual size: 351KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

606961a685dc784cbb4eeb275a861013

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

cfgmgr32

user32

msvcrt

crypt32

dnsapi

advapi32

gdi32

ole32

Sections

.text Size: 73KB - Virtual size: 504KB

.idata Size: 137KB - Virtual size: 375KB

.bss Size: 205KB - Virtual size: 266KB

.edata Size: 221KB - Virtual size: 351KB

.rsrc Size: 160KB - Virtual size: 159KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 73KB - Virtual size: 504KB

.idata
Size: 137KB - Virtual size: 375KB

.bss
Size: 205KB - Virtual size: 266KB

.edata
Size: 221KB - Virtual size: 351KB

.rsrc
Size: 160KB - Virtual size: 159KB

.reloc
Size: 2KB - Virtual size: 1KB