3fb23bc63c3e0971ec2e0d24644481ee36530dbd019253144b9ba948223fde6c

Sharing

Copy URL Twitter E-mail

General

Target

3fb23bc63c3e0971ec2e0d24644481ee36530dbd019253144b9ba948223fde6c
Size

143KB
MD5

92e0a83226bda076c4596e57febb5230
SHA1

47efb43828ebc58887f49b8de6110d09ff560172
SHA256

3fb23bc63c3e0971ec2e0d24644481ee36530dbd019253144b9ba948223fde6c
SHA512

3ceb0c9cd69071d2129a866afb52755772b982ffc801aa228ad869821827e68448df0e1f781f64115cb1e7dc49ea567a5e1f014038c9f2a262140cea4474237b
SSDEEP

3072:TmAJrE+1FCoQARe8y17PVXiKfUwFMJZOniWGX7HwI7vq2EfQVMYsYI/efzo:TmGPC1AG7NyKsXTNEwvq2DVc/o8

Score

N/A

Malware Config

Signatures

Files

3fb23bc63c3e0971ec2e0d24644481ee36530dbd019253144b9ba948223fde6c
.exe windows x86

77136de03162e5ffe50553ed1a312830

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MoveFileExA
EnumDateFormatsA
AttachConsole
GetExitCodeThread
SetLocalTime
EnumLanguageGroupLocalesW
LoadLibraryA
WaitForSingleObjectEx
GetLastError
GetSystemWow64DirectoryW
HeapCreate
GetMailslotInfo
ExpungeConsoleCommandHistoryW
SetConsoleCursorMode
GetStartupInfoW

atl

AtlModuleExtractCreateWndData
AtlModuleRegisterWndClassInfoW
AtlAxCreateDialogA
DllUnregisterServer
AtlAxCreateDialogW
DllRegisterServer
AtlModuleUnregisterServer
AtlCreateTargetDC
AtlModuleGetClassObject
AtlIPersistPropertyBag_Load
AtlIPersistPropertyBag_Save
AtlModuleInit
DllGetClassObject
AtlAdvise
AtlFreeMarshalStream
AtlModuleAddTermFunc
AtlGetObjectSourceInterface
AtlAxDialogBoxW
AtlModuleRevokeClassObjects
AtlAxWinInit
AtlGetVersion
AtlAxDialogBoxA
AtlWaitWithMessageLoop
AtlModuleLoadTypeLib
AtlAxGetControl
AtlModuleRegisterTypeLib
AtlModuleTerm
AtlUnadvise

msdart

?Apply@CLKRLinearHashTable@@QAEKP6G?AW4LK_ACTION@@PBXPAX@Z1W4LK_LOCKTYPE@@@Z
?_LockSpin@CReaderWriterLock@@AAEX_N@Z
?IsWriteLocked@CSpinLock@@QBE_NXZ
?RemoveEntry@CLockedDoubleList@@QAEXQAVCListEntry@@@Z
??4CReaderWriterLock2@@QAEAAV0@ABV0@@Z
??0CReaderWriterLock@@QAE@XZ
?_LockSpin@CReaderWriterLock2@@AAEX_N@Z
?ConvertSharedToExclusive@CSmallSpinLock@@QAEXXZ
?SetDefaultSpinAdjustmentFactor@CReaderWriterLock2@@SGXN@Z
?Clear@CLKRLinearHashTable@@QAEXXZ
?IsWin98orLater@CMdVersionInfo@@SAHXZ
?sm_dblDfltSpinAdjFctr@CReaderWriterLock3@@1NA
?WriteLock@CReaderWriterLock3@@QAEXXZ
?Push@CLockedSingleList@@QAEXQAVCSingleListEntry@@@Z
?ConvertExclusiveToShared@CReaderWriterLock3@@QAEXXZ
?GetSpinCount@CSmallSpinLock@@QBEGXZ
?IsEmpty@CDoubleList@@QBE_NXZ
?_Contract@CLKRLinearHashTable@@AAE?AW4LK_RETCODE@@XZ
?ReadLock@CFakeLock@@QAEXXZ
mpMalloc
?IsWin9x@CMdVersionInfo@@SAHXZ
?IsReadUnlocked@CReaderWriterLock@@QBE_NXZ
?DeleteKey@CLKRLinearHashTable@@QAE?AW4LK_RETCODE@@K@Z
?WriteUnlock@CLKRLinearHashTable@@QBEXXZ
?Clear@CLKRHashTable@@QAEXXZ

msasn1

ASN1BERDecSkip
ASN1BERDecCharString
ASN1BERDotVal2Eoid
ASN1BERDecU16Val
ASN1BERDecOpenType2
ASN1BEREncLength
ASN1BERDecEoid
ASN1CEREncEndBlk
ASN1BEREncRemoveZeroBits
ASN1utctime_cmp
ASN1BEREncObjectIdentifier2
ASN1BERDecCheck
ASN1BEREncChar32String

oleaut32

VarUI4FromCy
VarR4FromUI2
VarBoolFromR4
VarR4FromStr
VarDecFromI1
VarI2FromUI4
SafeArrayCreateVectorEx
LoadTypeLibEx
VarUI8FromR8
SysStringLen
CreateTypeLib
SafeArrayUnlock
VarBstrFromUI8
VarUI8FromCy
VarBstrFromUI1
VarUI1FromUI4
VarCyRound
OleLoadPictureEx

msvcrt

_CIasin
__RTtypeid
_hypot
perror
_cabs
exit
_wstat64
_CItan
_mbslen
__dllonexit
??_Ebad_cast@@UAEPAXI@Z
_pwctype
_spawnve
_popen
__getmainargs
__p__commode
isspace
fopen
_aexit_rtn
__initenv
?raw_name@type_info@@QBEPBDXZ
__set_app_type
?_query_new_handler@@YAP6AHI@ZXZ
_findnext

clusapi

ClusterRegCreateKey
RegisterClusterNotify
GetClusterNodeState
ClusterRegEnumKey
DeleteClusterResourceType
ClusterGetEnumCount
ClusterNodeEnum
GetClusterNodeId
ClusterRegSetKeySecurity
ClusterGroupOpenEnum
SetClusterNetworkName
CloseClusterNode
CreateClusterResourceType
OfflineClusterGroup
GetNodeClusterState
ClusterRegQueryInfoKey
ClusterRegGetKeySecurity
ClusterNetInterfaceControl
ClusterRegSetValue
PauseClusterNode
GetClusterNetInterface
CloseClusterNetInterface
GetClusterNetInterfaceKey
GetClusterResourceKey
CreateClusterResource
ClusterResourceTypeOpenEnum
GetClusterFromGroup

mapistub

FBadRow@4
CloseIMsgSession@4
PpropFindProp@12
SzFindCh@8
UNKOBJ_ScSzFromIdsAlloc@20
cmc_look_up
MAPIAdminProfiles@8
MAPILogonEx@20

user32

EndDialog

Sections

.text
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

77136de03162e5ffe50553ed1a312830

Headers

File Characteristics

Imports

kernel32

atl

msdart

msasn1

oleaut32

msvcrt

clusapi

mapistub

user32

Sections

.text Size: 127KB - Virtual size: 127KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 5KB - Virtual size: 5KB

.rsrc Size: 3KB - Virtual size: 2KB

.text
Size: 127KB - Virtual size: 127KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 3KB - Virtual size: 2KB