df8d7a8726dd5118621e4ddf3b8447c7329f9a26697dad39b8c229b806b62f3d

Sharing

Copy URL Twitter E-mail

General

Target

df8d7a8726dd5118621e4ddf3b8447c7329f9a26697dad39b8c229b806b62f3d
Size

83KB
MD5

0a7e4c0f61f9fd8b00e9da7a72f1dab0
SHA1

1557bf23b9883d696b8032d8502aac265065dfbc
SHA256

df8d7a8726dd5118621e4ddf3b8447c7329f9a26697dad39b8c229b806b62f3d
SHA512

7912989a802ca31114633938ba2d85f83ef433244992b9c99a6c4a778618a7770923ea5eaafd3e2f1a54e36ed34c1bc5b13e78b66d03c2bcc14a8fc86dec8582
SSDEEP

1536:nbETf8a4U//txOOnYn9XgwwB3m8AxqTJ+F:nbETfr7/tQOne9GB3m8AxqTJA

Score

N/A

Malware Config

Signatures

Files

df8d7a8726dd5118621e4ddf3b8447c7329f9a26697dad39b8c229b806b62f3d
.exe windows x86

de134fb0c3170d73d31ae9920cf65de2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscms

GetStandardColorSpaceProfileW

user32

BroadcastSystemMessageW
ShowWindow
CharNextW
CharUpperW
DestroyWindow
LoadStringW
DefWindowProcW
SendMessageTimeoutW
wsprintfW
AllowSetForegroundWindow
IsWindow
UnregisterDeviceNotification
wvsprintfA
GetSystemMetrics
RegisterDeviceNotificationW
PostQuitMessage
CreateWindowExW
SetWindowTextA
GetDlgItemTextA
SetActiveWindow
SendDlgItemMessageA
SetWindowLongW
InsertMenuItemA
GetClassInfoA
SetTimer
GetMenuItemID
EndMenu
CreateDesktopA
ShowCaret
GetMenuInfo
MonitorFromPoint
LoadMenuW
GetActiveWindow
SetWindowTextW
RegisterClassW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

ReadFile
GetSystemTimeAsFileTime
GetSystemTime
CreateMutexA
LocalFree
IsBadStringPtrW
GetFileType
WaitForMultipleObjects
CreateMutexW
InitializeCriticalSectionAndSpinCount
SetLastError
OpenProcess
SystemTimeToFileTime
WaitForSingleObjectEx
LocalAlloc
WideCharToMultiByte
lstrcmpiW
OutputDebugStringW
DeleteFileW
LeaveCriticalSection
WriteFile
GetLocalTime
GetModuleHandleW
lstrcpyA
lstrcmpW
CreateThread
WaitForSingleObject
lstrlenA
HeapDestroy
UnmapViewOfFile
HeapAlloc
GetDriveTypeW
CloseHandle
CreateFileMappingW
FreeLibrary
GetDateFormatW
IsBadCodePtr
CreateFileA
GetFileInformationByHandle
lstrcpynW
GetVolumeInformationW
EnterCriticalSection
SetCommTimeouts
CreateEventW
HeapFree
ExpandEnvironmentStringsA
UnhandledExceptionFilter
DuplicateHandle
lstrcmpiA
SetFilePointerEx
DeleteCriticalSection
CreateFileW
lstrcpynA
PurgeComm
FlushFileBuffers
GetProcessHeap
GetCurrentThreadId
ResetEvent
SetCommMask
SetUnhandledExceptionFilter
ExpandEnvironmentStringsW
SetupComm
GetWindowsDirectoryW
GetTimeFormatW
lstrlenW
EscapeCommFunction
lstrcpyW
GetModuleHandleA
MapViewOfFileEx
FormatMessageW
SetEndOfFile
ClearCommError
SetFilePointer
MulDiv
ReleaseMutex
GetCurrentDirectoryW
VirtualAlloc
GetStartupInfoA
GetTempPathA
CreateSemaphoreW
GetUserDefaultLangID
GetUserDefaultLCID
GetSystemDirectoryA
OpenSemaphoreW
SetLocaleInfoA
FileTimeToSystemTime
EnumDateFormatsA
QueryPerformanceFrequency
GetExpandedNameA
CreatePipe
EnumCalendarInfoW
SetCurrentDirectoryW
GlobalGetAtomNameA
MoveFileA

msvcrt

towupper
sprintf
strrchr
wcscpy
_wcsicmp
_onexit
wcscat
_snwprintf
_vsnprintf
malloc
_snprintf
wcsncpy
wcscmp
realloc
wcschr
__dllonexit
_initterm
free
swprintf
_wsplitpath
wcslen
wcsrchr
wcsstr
memmove
_vsnwprintf

advapi32

RegEnumKeyW
ConvertStringSecurityDescriptorToSecurityDescriptorW
AccessCheck
DeleteService
RegQueryInfoKeyW
GetSecurityDescriptorDacl
InitializeAcl
OpenSCManagerW
OpenThreadToken
RegisterServiceCtrlHandlerExW
QueryServiceStatus
FreeSid
RegDeleteKeyW
SetSecurityDescriptorDacl
RegisterEventSourceW
RegQueryValueExW
RegQueryValueA
RegDeleteValueW
RegSetValueExA
AllocateAndInitializeSid
RegSetValueExW
SetKernelObjectSecurity
DeregisterEventSource
DestroyPrivateObjectSecurity
InitializeSid
GetLengthSid
GetSidSubAuthorityCount
RegOpenKeyW
RegQueryValueW
CloseServiceHandle
RegCreateKeyExW
GetKernelObjectSecurity
OpenProcessToken
InitializeSecurityDescriptor
CopySid
GetAclInformation
RegCreateKeyExA
RegEnumKeyExW
AddAce
ControlService
SetServiceStatus
CreatePrivateObjectSecurity
GetSidLengthRequired
RegCloseKey
RegOpenKeyExA
AddAccessAllowedAce
SetSecurityDescriptorGroup
QueryServiceConfigW
RegQueryValueExA
RegOpenKeyExW
RegEnumValueW
SetSecurityDescriptorSacl
GetAce
RegCreateKeyW
DuplicateTokenEx
SetSecurityDescriptorOwner
GetSidSubAuthority
OpenServiceW
CreateProcessAsUserW

oleaut32

SysStringLen
SysAllocStringByteLen
SysFreeString
SysAllocString

rpcrt4

RpcStringFreeA
UuidToStringA
RpcServerListen
RpcServerRegisterIfEx
NdrServerCall2
UuidCreate
RpcRevertToSelf
RpcBindingInqAuthClientW
RpcMgmtStopServerListening
RpcServerUnregisterIf
RpcImpersonateClient
RpcBindingToStringBindingW
RpcMgmtWaitServerListen
RpcServerUseProtseqEpW
UuidCreateNil
UuidToStringW
RpcStringBindingParseW
RpcStringFreeW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

setupapi

SetupDiGetClassDevsExW
SetupDiOpenDeviceInterfaceRegKey
SetupDiDeleteDeviceInterfaceData
SetupDiCreateDeviceInfoList
SetupDiDestroyDeviceInfoList
SetupDiOpenDevRegKey
SetupDiEnumDeviceInterfaces
SetupDiOpenDeviceInterfaceW
SetupDiGetDeviceInterfaceDetailW
SetupDiGetClassDevsW
SetupDiEnumDeviceInfo

winsta

WinStationQueryInformationW

shlwapi

SHDeleteKeyW

ole32

CoAddRefServerProcess
CreateBindCtx
CoCreateInstanceEx
CoRevokeClassObject
CoInitializeSecurity
StgOpenPropStg
PropVariantClear
CoRevertToSelf
CoRegisterClassObject
CoSuspendClassObjects
CoTaskMemAlloc
FreePropVariantArray
StringFromCLSID
CLSIDFromString
CoCreateInstance
MkParseDisplayName
CoUninitialize
CreateStreamOnHGlobal
StringFromGUID2
CoImpersonateClient
StgCreatePropStg
CoInitializeEx
CoTaskMemFree

ntdll

NtDuplicateToken
NtClose

cfgmgr32

CM_Open_DevNode_Key_Ex
CM_Get_DevNode_Registry_PropertyA
CM_Get_Device_ID_Size_Ex
CM_Get_DevNode_Registry_PropertyW
CM_Reenumerate_DevNode
CM_Get_Device_IDW
CM_Get_DevNode_Status
CM_Open_DevNode_Key
CM_Locate_DevNodeW
CM_Set_DevNode_Registry_PropertyW

Sections

CODE
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 28KB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

de134fb0c3170d73d31ae9920cf65de2

Headers

File Characteristics

Imports

mscms

user32

version

kernel32

msvcrt

advapi32

oleaut32

rpcrt4

userenv

setupapi

winsta

shlwapi

ole32

ntdll

cfgmgr32

Sections

CODE Size: 25KB - Virtual size: 25KB

DATA Size: 28KB - Virtual size: 2.1MB

.idata Size: 8KB - Virtual size: 8KB

.tls Size: 512B - Virtual size: 1KB

.rsrc Size: 19KB - Virtual size: 19KB

CODE
Size: 25KB - Virtual size: 25KB

DATA
Size: 28KB - Virtual size: 2.1MB

.idata
Size: 8KB - Virtual size: 8KB

.tls
Size: 512B - Virtual size: 1KB

.rsrc
Size: 19KB - Virtual size: 19KB