8eef20e16049ff115158a0b5c6ec5bd45c8fdee1e980bdf07b39d5ff5775898f

Sharing

Copy URL Twitter E-mail

General

Target

8eef20e16049ff115158a0b5c6ec5bd45c8fdee1e980bdf07b39d5ff5775898f
Size

163KB
MD5

7edea7b0fcd39718aa8388bc4be6c663
SHA1

dd2cdfea1c4eeac37f317eeb433c68cfc89dd666
SHA256

8eef20e16049ff115158a0b5c6ec5bd45c8fdee1e980bdf07b39d5ff5775898f
SHA512

967730a737eae5a5861ab1d2bee3639eb490422c3e902ce28e59c38469fcc49629bd38cab78b598b51641bda4084005096ebedaf63beb320ab4b8afa8c7a2500
SSDEEP

3072:mXV9WN3L2XYt4P+I7VXMtdq65jCwuthe0iyflugwkrcYpzxT4iFZV:ml9K6WCs9jx0iyDDrcYMS

Score

N/A

Malware Config

Signatures

Files

8eef20e16049ff115158a0b5c6ec5bd45c8fdee1e980bdf07b39d5ff5775898f
.dll windows x86

9f96f48cdc8a15862fb9e9d756e19e90

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey
QueryServiceStatus
OpenSCManagerW
OpenServiceW
CloseServiceHandle
ControlService
RegCreateKeyExW
RegSetValueExW
RegDeleteKeyW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
LsaQueryInformationPolicy
LsaFreeMemory
LsaClose
LsaOpenPolicy
QueryServiceConfigW
RegOpenKeyW

kernel32

WritePrivateProfileSectionW
GetCurrentDirectoryW
GetFileAttributesW
FormatMessageW
lstrcmpiW
ReadFile
GetOverlappedResult
UnmapViewOfFile
CreateEventW
SetEvent
WaitForSingleObject
CreateThread
WaitForMultipleObjects
CancelIo
ResetEvent
DisconnectNamedPipe
CreateNamedPipeW
ConnectNamedPipe
WaitNamedPipeW
DeleteCriticalSection
GetComputerNameW
GetExitCodeProcess
CreateProcessW
LoadLibraryExW
InterlockedDecrement
InterlockedIncrement
InitializeCriticalSectionAndSpinCount
DisableThreadLibraryCalls
GetSystemTime
GetTimeZoneInformation
PeekNamedPipe
GetFileInformationByHandle
GetLocalTime
ResumeThread
ExitThread
FindFirstFileExW
FileTimeToSystemTime
LoadLibraryA
GetSystemDirectoryW
GetModuleFileNameW
CompareFileTime
SystemTimeToFileTime
GetFileTime
CopyFileW
GetCurrentProcessId
RaiseException
GetSystemWindowsDirectoryW
Sleep
GetTickCount
FreeLibrary
ExpandEnvironmentStringsW
LoadLibraryW
IsWow64Process
EnumUILanguagesW
SetEndOfFile
lstrcmpW
lstrlenA
GetSystemInfo
CreateMutexW
DuplicateHandle
OutputDebugStringW
GetCommandLineW
MulDiv
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
OpenProcess
Module32FirstW
GetPrivateProfileStringW
OpenMutexW
ReleaseMutex
GetShortPathNameW
GetWindowsDirectoryW
CreateDirectoryW
DeleteFileW
FindFirstFileW
RemoveDirectoryW
FindNextFileW
FindClose
GetFileSize
GetFileSizeEx
GetFileAttributesExW
lstrcmpA
LocalAlloc
FileTimeToLocalFileTime
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
InterlockedPushEntrySList
GetProcessHeap
InitializeCriticalSection
InterlockedCompareExchange
FlushFileBuffers
WriteConsoleW
SetStdHandle
GetDriveTypeW
GetConsoleMode
GetConsoleCP
SetFilePointer
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
RtlUnwind
GetLocaleInfoW
HeapReAlloc
LCMapStringW
GetStringTypeW
IsProcessorFeaturePresent
HeapSize
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
HeapDestroy
HeapCreate
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetModuleFileNameA
GetStartupInfoW
GetFileType
GetStdHandle
SetHandleCount
ExitProcess
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetEnvironmentVariableA
HeapAlloc
InterlockedExchange
GetFullPathNameW
HeapFree
GetSystemTimeAsFileTime
GetCommandLineA
MapViewOfFile
GetVersionExW
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
FlushInstructionCache
GetCurrentProcess
CreateFileMappingW
GetTempFileNameW
GetTempPathW
GetModuleHandleW
GetProcAddress
CreateFileW
CloseHandle
SetLastError
lstrlenW
CompareStringW
MultiByteToWideChar
LocalFree
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
WriteFile
GetLastError

ole32

StringFromGUID2
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
StringFromCLSID
CLSIDFromString
CoInitializeEx
OleRun
CLSIDFromProgID
CoUninitialize
CoInitialize
CoTaskMemRealloc

oleaut32

SetErrorInfo
VarBstrCmp
VarUI4FromStr
VariantCopy
CreateErrorInfo
DispGetParam
LoadTypeLi
LoadRegTypeLi
SysStringByteLen
SysAllocStringByteLen
VariantClear
GetErrorInfo
SysFreeString
SysAllocStringLen
SysAllocString
SysStringLen
VariantInit

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

msi

ord125
ord8
ord171
ord115
ord113
ord70
ord169
ord88
ord190
ord116
ord121
ord141
ord137
ord211
ord118
ord120
ord160
ord159
ord32
ord92
ord111
ord45
ord204
ord205
ord17

wintrust

WinVerifyTrust

setupapi

SetupIterateCabinetW

shlwapi

PathCombineW
PathFileExistsW
PathCanonicalizeW
PathRemoveFileSpecW

cabinet

ord22
ord21
ord23
ord20

ws2_32

gethostbyname
WSACleanup
socket
inet_ntoa
inet_addr
htons
bind
closesocket
getsockname
ntohs
WSAStartup

gdi32

CreateFontIndirectW
GetDeviceCaps
DeleteObject

Exports

Exports

DllCanUnloadNow
DllGetClassObject
GetClassID

Sections

.text
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 120KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 127B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9f96f48cdc8a15862fb9e9d756e19e90

Headers

File Characteristics

Imports

advapi32

kernel32

ole32

oleaut32

version

msi

wintrust

setupapi

shlwapi

cabinet

ws2_32

gdi32

Exports

Exports

Sections

.text Size: 123KB - Virtual size: 123KB

.bss Size: - Virtual size: 120KB

.pdata Size: 4KB - Virtual size: 4KB

.edata Size: 512B - Virtual size: 127B

.idata Size: 6KB - Virtual size: 6KB

.rsrc Size: 24KB - Virtual size: 23KB

.reloc Size: 4KB - Virtual size: 220B

.text
Size: 123KB - Virtual size: 123KB

.bss
Size: - Virtual size: 120KB

.pdata
Size: 4KB - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 127B

.idata
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 24KB - Virtual size: 23KB

.reloc
Size: 4KB - Virtual size: 220B