411599ea321afbd5705b432ea4a9a88b3aade452cd72a75b1ee83d3cb1c37f2a

Sharing

Copy URL

Twitter E-mail

General

Target

411599ea321afbd5705b432ea4a9a88b3aade452cd72a75b1ee83d3cb1c37f2a
Size

264KB
MD5

a3230404867873c4e0bf50f2b862bc10
SHA1

eb83fecba6909ee21066530a8bf8d380060d0061
SHA256

411599ea321afbd5705b432ea4a9a88b3aade452cd72a75b1ee83d3cb1c37f2a
SHA512

e8c67c24ae1512d4a6a9b5304598bba1df7525e876d5bc81d3c59b6a20831e1beada4e0b66cfcc631afa85c57a5429cdac3b41ac152faca0ad7c3349b418f0cd
SSDEEP

6144:sZTs1E3Jt4pzvS6o+h7knyD+LJWW9v/JjTtGHwwM4FE:s1swUpzvSj+GG+9vtBfoHNM4

Score

N/A

Malware Config

Signatures

Files

411599ea321afbd5705b432ea4a9a88b3aade452cd72a75b1ee83d3cb1c37f2a
.exe windows x86

1475de8417a223ebab9fd3aa45457146

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

ole32

CoUninitialize

user32

GetClientRect
GetDesktopWindow
wsprintfW
EndDialog
LoadStringA
SetWindowsHookExW
SendMessageW
IsWindowEnabled
TranslateMessage
MessageBoxW
ShowWindow
PostMessageW
GetFocus
KillTimer
EnableWindow
SetDlgItemTextW
SetWindowTextW
SetDlgItemInt
GetDlgItemTextW
SetFocus
CheckDlgButton
SetForegroundWindow
wsprintfA
GetWindowLongW
SetTimer

rtm

RtmGetDestInfo
RtmGetMostSpecificDestination
RtmDereferenceHandles
NextMatchInTable
RtmWriteAddressFamilyConfig
RtmReleaseRouteInfo
RtmInsertInRouteList
MgmDeRegisterMProtocol
RtmAddRoute
RtmReadInstanceConfig
RtmLockNextHop
DumpTable
RtmGetExactMatchRoute
RtmGetInstanceInfo
RtmDeleteRouteList
MgmReleaseInterfaceOwnership
RtmInvokeMethod
RtmRegisterForChangeNotification
RtmReadAddressFamilyConfig
RtmDeleteRouteToDest
RtmGetEnumNextHops
RtmAddRouteToDest
RtmIsBestRoute
RtmDeregisterEntity
RtmDeleteRoute
RtmDeregisterFromChangeNotification
MgmInitialize
DeleteFromTable
RtmGetRoutePointer
RtmGetChangeStatus
RtmDequeueRouteChangeMessage
RtmAddNextHop
RtmGetOpaqueInformationPointer
RtmGetChangedDests
RtmGetNextHopPointer
RtmReferenceHandles
RtmGetAddressFamilyInfo
RtmGetFirstRoute
RtmReleaseDests
RtmMarkDestForChangeNotification
RtmLookupIPDestination
RtmReleaseEntities
RtmReleaseNextHops
RtmReleaseChangedDests
RtmIsRoute
RtmDeleteRouteTable
RtmLockDestination
RtmDeleteEnumHandle
RtmCreateRouteListEnum
RtmCreateDestEnum
RtmRegisterClient
RtmCloseEnumerationHandle
MgmGetNextMfeStats
RtmGetRegisteredEntities
MgmGetProtocolOnInterface
RtmGetEnumDests
RtmWriteInstanceConfig

pdh

PdhVbAddCounter
PdhIsRealTimeQuery
PdhSetLogSetRunID
PdhGetDllVersion
PdhUpdateLogFileCatalog
PdhConnectMachineW
PdhTranslateLocaleCounterA
PdhGetCounterTimeBase
PdhGetDefaultPerfCounterW
PdhGetDefaultPerfCounterA
PdhRemoveCounter
PdhCalculateCounterFromRawValue
PdhGetDefaultPerfCounterHW
PdhCreateSQLTablesW
PdhGetFormattedCounterValue
PdhSelectDataSourceW
PdhGetDefaultPerfObjectA
PdhLookupPerfNameByIndexA
PdhTranslateLocaleCounterW
PdhEnumObjectsHA
PdhLookupPerfIndexByNameW
PdhBrowseCountersHW
PdhOpenQueryW
PdhGetCounterInfoA
PdhConnectMachineA
PdhOpenQueryA
PdhMakeCounterPathA
PdhVbUpdateLog
PdhExpandCounterPathA
PdhVerifySQLDBA
PdhGetLogFileSize
PdhAdd009CounterW
PdhGetRawCounterValue
PdhValidatePathW
PdhGetDataSourceTimeRangeA
PdhOpenQueryH
PdhVerifySQLDBW
PdhVbGetLogFileSize
PdhTranslate009CounterA
PdhParseCounterPathA
PdhGetCounterInfoW
PdhCollectQueryDataEx
PdhBrowseCountersW
PdhParseInstanceNameA
PdhParseInstanceNameW
PdhBrowseCountersHA
PdhVbIsGoodStatus
PdhRelogA
PdhVbGetOneCounterPath
PdhEnumObjectsA
PdhSelectDataSourceA
PdhOpenLogA
PdhListLogFileHeaderA
PdhCreateSQLTablesA

advapi32

RegOpenKeyExW
RegSetValueExW
RegNotifyChangeKeyValue
RegFlushKey
RegCreateKeyExW
RegEnumValueW

comctl32

ImageList_Destroy

kernel32

VirtualAlloc
GetVersionExA
VirtualFree
IsBadCodePtr
lstrcmpW
GetStartupInfoW
WriteFile
DeleteCriticalSection
ExitThread
VirtualAlloc
GlobalAlloc
GetOEMCP
SetHandleCount
GetTickCount
TlsAlloc
QueryPerformanceCounter
GetACP
HeapAlloc
FreeEnvironmentStringsA
FlushFileBuffers
TlsGetValue
GetSystemTimeAsFileTime
TlsFree
GetLastError
GetLocaleInfoA
ExitProcess
InterlockedDecrement
WaitForSingleObject
ReadFile
GetFileAttributesW
GetCurrentThreadId
LocalFree
CreateFileW
GetFileType
InterlockedIncrement
CloseHandle
UnhandledExceptionFilter
GetCurrentDirectoryW
HeapCreate
LeaveCriticalSection
GetModuleHandleA
SetUnhandledExceptionFilter
EnterCriticalSection
VirtualFree
CreateEventW
RtlUnwind

Sections

.text
Size: 178KB - Virtual size: 178KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 564KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1475de8417a223ebab9fd3aa45457146

Headers

DLL Characteristics

File Characteristics

Imports

ole32

user32

rtm

pdh

advapi32

comctl32

kernel32

Sections

.text Size: 178KB - Virtual size: 178KB

.data Size: 52KB - Virtual size: 51KB

.rsrc Size: 33KB - Virtual size: 564KB

.text
Size: 178KB - Virtual size: 178KB

.data
Size: 52KB - Virtual size: 51KB

.rsrc
Size: 33KB - Virtual size: 564KB