38846f4ccc99591a82de321f15b0aa9a3e3c6a07fd29dd2ddc9c740f5fdcdf83

Sharing

Copy URL

Twitter E-mail

General

Target

38846f4ccc99591a82de321f15b0aa9a3e3c6a07fd29dd2ddc9c740f5fdcdf83
Size

829KB
MD5

0dada6590e80dd95f5b18fee9d200b40
SHA1

354e2e93e876463a24ddc65c708bcc2a74acef77
SHA256

38846f4ccc99591a82de321f15b0aa9a3e3c6a07fd29dd2ddc9c740f5fdcdf83
SHA512

48ea655efd86f579a2fe441ba3664c6a73f5b3820debdbe60be31b14964af1cab5779f8b96b978a1f4470af155a31cbbbf0d02afa13f5e33f5d44aad620ca586
SSDEEP

24576:WO+tejiEbH6K99Q5t77r2FQcMy7w0/T3k:9+ArH689Q5V7r2acMy7T/

Score

N/A

Malware Config

Signatures

Files

38846f4ccc99591a82de321f15b0aa9a3e3c6a07fd29dd2ddc9c740f5fdcdf83
.exe windows x86

c7b3565ff627359e8cafd8c918241488

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

TraceEvent
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
RegDeleteKeyW
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegEnumValueW
RegQueryValueExW

kernel32

LoadResource
FindResourceW
GetModuleFileNameW
GetModuleHandleW
GetCurrentThreadId
GetCurrentProcessId
GetSystemTime
SystemTimeToFileTime
lstrcmpiW
RaiseException
SetDllDirectoryW
FormatMessageW
GetCommandLineW
ExitProcess
LoadLibraryA
CreateThread
lstrlenW
EnterCriticalSection
HeapFree
GetProcessHeap
HeapAlloc
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
HeapDestroy
HeapReAlloc
HeapSize
CompareStringW
GetThreadUILanguage
DeleteCriticalSection
GetLastError
WaitForSingleObject
InterlockedIncrement
InterlockedDecrement
FreeLibrary
GetProcAddress
MultiByteToWideChar
LoadLibraryExW
LocalAlloc
CompareFileTime
GetFileAttributesExW
GetExitCodeThread
CreateEventW
SetEvent
CloseHandle
SetEnvironmentVariableW
GetEnvironmentVariableW
OutputDebugStringA
GetFileAttributesW
GetVersion
GetModuleHandleA
GetStartupInfoW
GetVersionExW
GetSystemPowerStatus
LoadLibraryW
LeaveCriticalSection
SizeofResource
InterlockedExchange
Sleep
InterlockedCompareExchange
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
LockResource
FindResourceExW
FlushInstructionCache
SetLastError
GetProcessWorkingSetSize
SetProcessWorkingSetSize
LocalFree
InitializeCriticalSection

msvcr90

wcstok_s
_wcsnicmp
towupper
__CxxFrameHandler3
_CxxThrowException
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_controlfp_s
_invoke_watson
?terminate@@YAXXZ
_except_handler4_common
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
__initenv
exit
_XcptFilter
_time64
srand
rand
wcsnlen
vswprintf_s
_vscwprintf
calloc
swprintf_s
iswspace
_wcsicmp
wcsrchr
_wtoi
wcsspn
wcscspn
_vsnwprintf
_beginthreadex
_exit
_cexit
__getmainargs
_amsg_exit
memset
memmove_s
_purecall
_recalloc
wcsstr
malloc
memmove
free
wcsncpy_s
memcpy_s
bsearch
memcpy

ole32

CoCreateInstance
CoInitializeEx
CoGetClassObject
CoGetInterfaceAndReleaseStream
CoUninitialize
CoMarshalInterThreadInterfaceInStream
CreateBindCtx
PropVariantClear
CoTaskMemRealloc
PropVariantCopy
CoInitialize
CoTaskMemFree
StringFromGUID2
CLSIDFromString
CoTaskMemAlloc

oleaut32

VarUI4FromStr
SysStringLen
SysAllocString
SysAllocStringLen
SysFreeString
SysAllocStringByteLen

shlwapi

StrCmpIW
PathAppendW
PathAddBackslashW
PathRemoveFileSpecW
StrRetToBufW
SHGetThreadRef
SHRegCloseUSKey
SHRegOpenUSKeyW
SHRegGetUSValueW
SHRegEnumUSValueW
PathFindExtensionW
AssocGetPerceivedType
StrStrIW
StrRetToBSTR
StrRChrW
StrRetToStrW

msi

ord90

gdi32

CreateRectRgn
CreateRectRgnIndirect
GetClipBox
SetTextColor
SetBkColor
GetStockObject
SelectObject
GetDeviceCaps

shell32

ShellExecuteW
ShellExecuteExW
ord645
SHCreateItemFromParsingName
SHGetFolderPathW
SHGetKnownFolderPath
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetDesktopFolder
SHAddToRecentDocs
SHBindToParent
ord23
ord18
SHParseDisplayName
ord4
ord17
ord2
SHCreateItemFromIDList
SHBindToObject
ord644

d3d9

Direct3DCreate9

comctl32

InitCommonControlsEx

version

VerQueryValueW

propsys

PropVariantChangeType

Sections

.text
Size: 165KB - Virtual size: 165KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vmp1
Size: 540KB - Virtual size: 1.6MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c7b3565ff627359e8cafd8c918241488

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcr90

ole32

oleaut32

shlwapi

msi

gdi32

shell32

d3d9

comctl32

version

propsys

Sections

.text Size: 165KB - Virtual size: 165KB

.data Size: 9KB - Virtual size: 12KB

.rsrc Size: 98KB - Virtual size: 97KB

.reloc Size: 16KB - Virtual size: 15KB

.vmp1 Size: 540KB - Virtual size: 1.6MB

.text
Size: 165KB - Virtual size: 165KB

.data
Size: 9KB - Virtual size: 12KB

.rsrc
Size: 98KB - Virtual size: 97KB

.reloc
Size: 16KB - Virtual size: 15KB

.vmp1
Size: 540KB - Virtual size: 1.6MB