924625fcb61afbebce3a2d34c19afc26aef01ca733a01c3ee89063234cef2e3a

Sharing

Copy URL Twitter E-mail

General

Target

924625fcb61afbebce3a2d34c19afc26aef01ca733a01c3ee89063234cef2e3a
Size

72KB
MD5

f964c22b180f82382f2c838be10d0de2
SHA1

e4a24ef0949fabfa568c58af42b87d44e53e397e
SHA256

924625fcb61afbebce3a2d34c19afc26aef01ca733a01c3ee89063234cef2e3a
SHA512

f46deb88137e18bdda407e5b7fa1e239895beb7881686bb2e30c3e9e348047ae724f0f24b66df624043a8a6086e01cd340054ac7622ec35c10443f8158cfd235
SSDEEP

1536:MbtaM2OZFBCtSxEIDOnqftQVqeiP3434GDWD7K4EVNye:ktSBtSxEvnqVwqv3434GDWDeE

Score

N/A

Malware Config

Signatures

Files

924625fcb61afbebce3a2d34c19afc26aef01ca733a01c3ee89063234cef2e3a
.exe windows x86

2d7fd054a0794bbcc8b9e81b0769d298

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

Escape
ScaleViewportExtEx
CreatePolygonRgn
SetICMMode
GdiPlayJournal
GetEnhMetaFileDescriptionW
GetCharWidth32W
GetMetaFileBitsEx
GetFontUnicodeRanges
GetICMProfileW
GdiArtificialDecrementDriver
ExcludeClipRect
DrawEscape
GetKerningPairsW
CreateFontW
SetColorSpace
OffsetWindowOrgEx
GetNearestColor
GetBkMode
CreateDCA

ws2_32

recv
getservbyport
WSARecvDisconnect
recvfrom
inet_addr
htons
WSAAsyncSelect
WPUCompleteOverlappedRequest
__WSAFDIsSet
gethostname
WSALookupServiceNextA
WSAStartup
inet_ntoa
WSCEnableNSProvider
WSCWriteProviderOrder
WSASocketA
WSAEnumProtocolsW
WSAGetServiceClassNameByClassIdW
gethostbyaddr
WSAHtonl
WSAEventSelect
select
getpeername
WSACancelBlockingCall
WSAUnhookBlockingHook
WSAIsBlocking
WSAAccept
WSASendDisconnect
WSAStringToAddressW
ioctlsocket
getservbyname

comctl32

ImageList_Replace
CreateStatusWindowA
ImageList_Destroy
ImageList_Create
FlatSB_EnableScrollBar
FlatSB_SetScrollInfo
ImageList_GetDragImage
ImageList_GetImageInfo
ImageList_Draw
FlatSB_GetScrollInfo
LBItemFromPt
ImageList_Add
ImageList_SetImageCount
DrawStatusTextA
ImageList_DragLeave
ImageList_DrawEx
ImageList_DragEnter
ImageList_GetImageRect
PropertySheetW
ImageList_Merge
ImageList_GetIcon
ImageList_Read
ShowHideMenuCtl

user32

LoadMenuW
SetThreadDesktop
GetScrollBarInfo
LoadKeyboardLayoutA
GetTabbedTextExtentA
RegisterDeviceNotificationA
LoadCursorW
LoadMenuIndirectA
EnumClipboardFormats
GetUserObjectSecurity
AppendMenuA
MenuItemFromPoint
SetWindowPos
SetMenuItemInfoW
EnumPropsExW
SystemParametersInfoW
DdeQueryConvInfo
EndDialog
CallWindowProcW
EnumPropsW
EnumDisplaySettingsExA
DestroyIcon
CopyAcceleratorTableW
SetDlgItemTextA
EnumDisplayDevicesA
DrawEdge
wvsprintfA
SendMessageA
ScreenToClient
DdeEnableCallback
WindowFromDC
LoadStringW
CascadeWindows
DialogBoxParamW
LoadCursorFromFileA
RegisterShellHookWindow
MessageBoxA
AttachThreadInput
BeginPaint
TileChildWindows
GetListBoxInfo
OemToCharW
UnregisterHotKey
CreateWindowStationW
IsZoomed
OpenDesktopA
SetMessageExtraInfo
OpenWindowStationW
SetWindowWord
GetAncestor
SetPropA
IsWindow
OemToCharBuffW
CharToOemA
DrawStateW
LookupIconIdFromDirectoryEx
CheckDlgButton
ScrollWindowEx
ModifyMenuW

version

GetFileVersionInfoSizeW
VerFindFileA
GetFileVersionInfoW
VerQueryValueW
VerInstallFileA
VerInstallFileW
VerFindFileW
GetFileVersionInfoA
GetFileVersionInfoSizeA

advapi32

LsaQueryInfoTrustedDomain
SystemFunction005
CryptDuplicateHash
EnumServicesStatusExW
ConvertSecurityDescriptorToAccessNamedA
RegReplaceKeyW
GetSecurityDescriptorGroup
SystemFunction022
LookupSecurityDescriptorPartsW
ConvertStringSidToSidW
SystemFunction010
GetNamedSecurityInfoW
SetAclInformation
CryptEncrypt
LsaCreateAccount
GetAuditedPermissionsFromAclW
InitiateSystemShutdownA
ConvertAccessToSecurityDescriptorA
OpenTraceA
RegOpenUserClassesRoot
AreAllAccessesGranted
ElfChangeNotify
LsaEnumerateTrustedDomains
ConvertStringSecurityDescriptorToSecurityDescriptorA
CryptGenRandom
GetTrusteeTypeW
ConvertSecurityDescriptorToAccessA
BuildTrusteeWithNameW
EnumDependentServicesW
AddAccessAllowedAce
CryptSetProviderW
ControlTraceA
SystemFunction025
RegisterServiceCtrlHandlerExA
PrivilegeCheck
ElfDeregisterEventSource
BuildSecurityDescriptorW
CreateTraceInstanceId
InitializeSid
BackupEventLogW
GetMultipleTrusteeW
GetTraceEnableFlags
CryptVerifySignatureA
StartServiceCtrlDispatcherA
ReportEventW
SystemFunction026
LookupAccountNameW
EnumServicesStatusW
CryptDestroyHash
BuildExplicitAccessWithNameW
SetEntriesInAccessListW
BackupEventLogA
RegSaveKeyW
RegDisablePredefinedCache
RegQueryMultipleValuesA
ObjectPrivilegeAuditAlarmA
CryptHashSessionKey
ConvertToAutoInheritPrivateObjectSecurity
RegisterServiceCtrlHandlerA
RegQueryValueW
SystemFunction024
DeleteAce
GetTrusteeNameA
GetManagedApplications
QueryServiceConfigA
SetServiceBits
LsaRemoveAccountRights
SystemFunction029
ConvertSidToStringSidW
BuildImpersonateTrusteeA
LsaSetSystemAccessAccount
AccessCheckByTypeResultList
AddAccessAllowedObjectAce
EnumServicesStatusExA
LsaSetTrustedDomainInformation
CloseServiceHandle
GetUserNameW
SystemFunction041
GetSecurityDescriptorLength
LsaDeleteTrustedDomain
NotifyChangeEventLog
DestroyPrivateObjectSecurity
LsaQueryTrustedDomainInfo
SystemFunction019
RegLoadKeyA
LsaSetInformationPolicy
SetSecurityInfoExW
CryptEnumProviderTypesA
CryptSetProviderExA
RegSetValueW
RegisterServiceCtrlHandlerW
LsaSetDomainInformationPolicy
SetTraceCallback
GetUserNameA
PrivilegedServiceAuditAlarmW
OpenServiceA
SetSecurityDescriptorGroup
SetEntriesInAclW
RegGetKeySecurity
GetServiceKeyNameW
LogonUserA
GetMultipleTrusteeOperationA
SetNamedSecurityInfoExA
LsaQueryTrustedDomainInfoByName
AddAccessDeniedAceEx
LsaEnumeratePrivilegesOfAccount
ElfCloseEventLog
OpenEncryptedFileRawW
IsTextUnicode
LsaEnumeratePrivileges
ConvertSDToStringSDRootDomainW
ReadEncryptedFileRaw
GetEventLogInformation

winmm

midiOutUnprepareHeader
midiOutGetVolume
waveOutReset
waveInGetPosition
mciGetDeviceIDA
joy32Message
midiStreamPause
midiOutGetErrorTextW
CloseDriver
waveInGetID
midiInGetErrorTextW
midiStreamRestart
wod32Message
waveInStop
mciSendCommandA
mmioInstallIOProcA
mciDriverNotify
joyReleaseCapture
midiOutMessage
midiInStart
mmioAscend
mixerGetID
midiOutPrepareHeader
mixerGetLineInfoA
midiDisconnect
mixerGetDevCapsA
auxGetDevCapsA

kernel32

GetModuleHandleA
CallNamedPipeW
CreateEventA
GetProcAddress
InitializeCriticalSection
FileTimeToDosDateTime

rasapi32

RasValidateEntryNameW
RasIsSharedConnection
RasGetConnectStatusW
RasGetEapUserIdentityA
RasValidateEntryNameA
RasSetEntryDialParamsW
RasEditPhonebookEntryA
RasSetEntryPropertiesA
RasSetCustomAuthDataW
RasEditPhonebookEntryW
RasSetAutodialParamA
RasSetCredentialsW
RasGetCredentialsA
RasEnumEntriesA
RasFreeEapUserIdentityA
RasDeleteEntryW
RasGetConnectStatusA
RasGetAutodialParamA
RasSetSubEntryPropertiesA
DwCloneEntry
RasSetCredentialsA
RasGetEapUserDataW
RasGetCountryInfoW
RasSetAutodialEnableW
RasSetEapUserDataA
RasQuerySharedConnection
RasGetEntryDialParamsA
RasSetSharedAutoDial
RasSetAutodialParamW
RasSetEntryPropertiesW
RasGetCountryInfoA
RasHangUpA

ntdll

NtExtendSection
NtGetPlugPlayEvent
ZwAdjustPrivilegesToken
ZwSetThreadExecutionState
LdrUnloadAlternateResourceModule
DbgUiConnectToDbg
NtListenPort
ZwGetDevicePowerState
RtlInitUnicodeString
NtTestAlert
RtlLargeIntegerSubtract
RtlFreeHeap
RtlRemoteCall
RtlpWaitForCriticalSection
ZwReplyWaitReplyPort
ZwAccessCheckByTypeResultList
ZwSetTimer
NtSaveMergedKeys
RtlSetEnvironmentVariable
RtlInitNlsTables
RtlLookupElementGenericTable
KiUserCallbackDispatcher
NtQueryInformationAtom
RtlpNtEnumerateSubKey
ZwDuplicateToken
RtlFreeUnicodeString
ZwOpenProcessToken
NtOpenTimer
RtlUpdateTimer
ZwQueryKey
ZwSetInformationKey
KiUserExceptionDispatcher
RtlAddCompoundAce
NtResetWriteWatch
NtTerminateJobObject
RtlMoveMemory
RtlIsDosDeviceName_U
RtlImageNtHeader
NtOpenProcessToken
NtSetTimer
NtOpenEventPair
RtlAnsiCharToUnicodeChar
NtAssignProcessToJobObject
ZwWaitForMultipleObjects
RtlCreateAcl
NtMapUserPhysicalPages
RtlCopyLuid
NtCreateIoCompletion
ZwOpenEventPair
RtlReleaseResource
RtlLargeIntegerNegate
RtlGetAce
RtlFindSetBitsAndClear
RtlpNtSetValueKey
ZwCreatePagingFile
RtlLargeIntegerDivide
ZwRestoreKey
ZwCreateTimer
ZwFlushKey
RtlStringFromGUID
RtlConvertSharedToExclusive
NtSetSystemPowerState
NtCreateSection
NtQueryMultipleValueKey
NtInitiatePowerAction
RtlGetFullPathName_U

imm32

ImmRegisterWordW
ImmRequestMessageA
ImmInstallIMEA
ImmGetGuideLineA
ImmDestroyContext
ImmGetCompositionFontA
ImmGetHotKey
ImmGetDefaultIMEWnd
ImmGetRegisterWordStyleW
ImmGetOpenStatus
ImmIsUIMessageA
ImmDestroySoftKeyboard
ImmSetStatusWindowPos
ImmGetIMCCLockCount
ImmSetOpenStatus
ImmSetCompositionWindow
ImmReleaseContext
ImmGetCandidateListW
ImmGetConversionListA
ImmAssociateContextEx
ImmUnregisterWordA
ImmSetCompositionStringA
ImmAssociateContext
ImmGetContext
ImmShowSoftKeyboard
ImmIsUIMessageW
ImmEscapeA
ImmLockIMC

msvcrt

_osplatform
_safe_fdivr
_aexit_rtn
wcschr
_winmajor
_ctype
wcsncmp
_futime64
_mbbtombc
_getcwd
_wexecve
_wtempnam
_wexecvp
_CIasin
asctime
_i64tow
rewind
_toupper
_chdir
_strcmpi
tan
_mbsninc
wcstoul
sqrt
_commit
_fgetchar
_snprintf
isgraph
ctime

shlwapi

AssocQueryKeyA

mswsock

GetAcceptExSockaddrs
rcmd
SetServiceA
GetTypeByNameA
inet_network
GetTypeByNameW
dn_expand
GetServiceA
getnetbyname
AcceptEx
EnumProtocolsW
EnumProtocolsA
GetServiceW

Sections

.text
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.xdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2d7fd054a0794bbcc8b9e81b0769d298

Headers

File Characteristics

Imports

gdi32

ws2_32

comctl32

user32

version

advapi32

winmm

kernel32

rasapi32

ntdll

imm32

msvcrt

shlwapi

mswsock

Sections

.text Size: 37KB - Virtual size: 37KB

.xdata Size: 12KB - Virtual size: 11KB

.rdata Size: 13KB - Virtual size: 13KB

.rsrc Size: 7KB - Virtual size: 8KB

.bss Size: 512B - Virtual size: 1KB

.text
Size: 37KB - Virtual size: 37KB

.xdata
Size: 12KB - Virtual size: 11KB

.rdata
Size: 13KB - Virtual size: 13KB

.rsrc
Size: 7KB - Virtual size: 8KB

.bss
Size: 512B - Virtual size: 1KB