e41a6b82d4b6d36062e265f9a673f67038e3d67c33e89e32d1d1596d808271e2

Sharing

Copy URL Twitter E-mail

General

Target

e41a6b82d4b6d36062e265f9a673f67038e3d67c33e89e32d1d1596d808271e2
Size

116KB
MD5

122d01c87a53bdf73146f4bb000998a7
SHA1

7b6bfd7acda42979a05030e0075bac6535080485
SHA256

e41a6b82d4b6d36062e265f9a673f67038e3d67c33e89e32d1d1596d808271e2
SHA512

9ad7a1aebbb1aac1dcfbf51ca09d163b35c09ed4ab01e54fbbec165f6165a7bbea69d00b85dd0770a3a787e68c3ca0f81274217ec1a393796a4984b4c29af83f
SSDEEP

3072:6NDGYUXeg2q3PlMXa+kXJCIVbSLDt9DHklOxkbYPm:aGdXd3PlIa+PLqvEPm

Score

N/A

Malware Config

Signatures

Files

e41a6b82d4b6d36062e265f9a673f67038e3d67c33e89e32d1d1596d808271e2
.dll windows x86

ea3365171e739e8d7a3c471956db350a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

BuildImpersonateTrusteeW
LsaEnumerateTrustedDomainsEx
SystemFunction020
SetSecurityInfoExW
ElfReadEventLogA
AccessCheckByTypeResultListAndAuditAlarmW
LookupPrivilegeNameW
AccessCheckByTypeAndAuditAlarmW
SetThreadToken
SetSecurityDescriptorOwner
OpenServiceW
LsaLookupNames
SystemFunction005
StartServiceA
AddAccessDeniedObjectAce
RegSetValueExW
GetOldestEventLogRecord
GetMultipleTrusteeOperationA
SetNamedSecurityInfoA
RegSetValueW
RemoveUsersFromEncryptedFile
CloseEventLog
ElfDeregisterEventSource
EnumDependentServicesW
StartServiceCtrlDispatcherW
QueryServiceLockStatusW
EnumServiceGroupW
ConvertSecurityDescriptorToAccessNamedW
LsaSetTrustedDomainInformation
GetServiceKeyNameW
AccessCheck
ControlService
GetAclInformation
LsaSetDomainInformationPolicy
SetUserFileEncryptionKey
LsaQueryTrustedDomainInfoByName
RegisterEventSourceW
CryptGetHashParam
QueryUsersOnEncryptedFile
GetNamedSecurityInfoW
ObjectDeleteAuditAlarmW
LsaRemoveAccountRights
SystemFunction011
BuildTrusteeWithNameW
SetServiceStatus
I_ScSetServiceBitsW
ElfOpenBackupEventLogA
I_ScSetServiceBitsA
CancelOverlappedAccess
CryptVerifySignatureA
UnlockServiceDatabase
OpenProcessToken
CryptEnumProvidersW
SetEntriesInAuditListA
CryptAcquireContextW
LsaEnumerateTrustedDomains
LsaGetRemoteUserName
SystemFunction010
LsaQueryInfoTrustedDomain
RegEnumValueW
BackupEventLogW
OpenBackupEventLogA
GetSecurityInfo
ChangeServiceConfig2W
OpenEventLogA
RegGetKeySecurity
PrivilegeCheck
CryptGenKey
RegOpenKeyA
LookupAccountNameA
RegEnumKeyExA
SystemFunction015
LsaLookupSids
CryptDestroyKey
SetNamedSecurityInfoExA
RegSaveKeyA
CreateProcessAsUserW
BuildExplicitAccessWithNameA
GetMultipleTrusteeW
AddAuditAccessAceEx
LsaFreeMemory

comctl32

ImageList_Destroy
ImageList_AddIcon
ord7
ord2
PropertySheetW
ImageList_Merge
ImageList_Copy
InitializeFlatSB
ImageList_Remove
ImageList_SetImageCount
CreatePropertySheetPageW
ImageList_DrawIndirect
FlatSB_SetScrollInfo
ImageList_BeginDrag
ImageList_SetDragCursorImage
ImageList_Add
UninitializeFlatSB
ord17
ImageList_Write
ImageList_Draw
ImageList_GetImageCount
ImageList_GetImageInfo
ImageList_DragMove
ord6
FlatSB_GetScrollInfo
ImageList_LoadImageW
ImageList_SetOverlayImage
ImageList_Create
PropertySheetA
CreatePropertySheetPageA
_TrackMouseEvent
ImageList_ReplaceIcon
CreateToolbarEx
ImageList_GetBkColor
ImageList_GetIcon
ImageList_Duplicate
ImageList_GetImageRect
ImageList_SetBkColor
ImageList_SetFilter
InitCommonControlsEx
ImageList_AddMasked
ord14
ImageList_Read
ImageList_DragLeave
DrawStatusTextW
FlatSB_SetScrollRange
FlatSB_GetScrollRange
FlatSB_SetScrollPos
ord3
ImageList_GetIconSize
ord16
ord4
ImageList_Replace

gdi32

GdiArtificialDecrementDriver
GetMetaFileW
TranslateCharsetInfo
SetDeviceGammaRamp
DeviceCapabilitiesExW
GetWorldTransform
CreateRectRgnIndirect
GdiPlayJournal
GetCurrentObject
GetTextAlign
EnumICMProfilesA
EndPath
ScaleViewportExtEx
DeleteDC
SelectBrushLocal
DeleteColorSpace
GetGraphicsMode
GetGlyphIndicesA
SetRelAbs
EnableEUDC
RemoveFontMemResourceEx
RemoveFontResourceW
CloseFigure
GetICMProfileA
GetFontResourceInfoW
PlayMetaFileRecord
EudcUnloadLinkW
ExcludeClipRect
SetViewportExtEx
GetPaletteEntries
DeleteEnhMetaFile
CreatePen
DescribePixelFormat
GetCharWidthI
SetColorAdjustment
LPtoDP
Arc
TextOutW
GetICMProfileW
CreateICA
SetMapperFlags
GetRasterizerCaps
SetPaletteEntries
CreateHatchBrush
CreateDCA
SetMetaFileBitsEx
GetTextMetricsA
StartPage
StrokePath
RestoreDC
SetSystemPaletteUse
GetBitmapBits
GetSystemPaletteEntries
EnumFontFamiliesExA
StrokeAndFillPath
AbortPath
GetCharWidthFloatA
GdiEndDocEMF
GetNearestColor
GetTextCharsetInfo
PlgBlt
GdiSetBatchLimit

kernel32

GetProcAddress
VirtualAlloc
GetConsoleAliasExesW
SetProcessShutdownParameters
IsValidLocale
GetModuleHandleA
OpenFileMappingW
GetSystemDirectoryW
SetConsoleNumberOfCommandsA
GetStartupInfoW
VerLanguageNameA
Process32NextW
GetHandleInformation
DefineDosDeviceA
GetVolumePathNameA
GetFullPathNameA
EndUpdateResourceA
ExpungeConsoleCommandHistoryW
PostQueuedCompletionStatus
GlobalGetAtomNameA
ContinueDebugEvent
GetFileAttributesW
GetCurrentProcess
GetVersion
TerminateJobObject
DeleteCriticalSection
BackupSeek
ExpungeConsoleCommandHistoryA
GetTickCount
CreateDirectoryW
MoveFileExA
ConvertDefaultLocale
GetTapePosition
LoadLibraryA
GetConsoleAliasW
LocalHandle
GetConsoleWindow
GetDevicePowerState
SearchPathW
VirtualLock
SetCommState
GetCommModemStatus
EnumCalendarInfoExW
GetDiskFreeSpaceA
SetConsoleNumberOfCommandsW
GetComputerNameA
GetNamedPipeHandleStateA
GetLargestConsoleWindowSize
SetConsoleWindowInfo
GetProcessHeaps
SetThreadLocale
SetConsoleFont
GlobalSize
WriteConsoleW
TlsSetValue
SetTapePosition
_lwrite
SearchPathA
GetSystemTime
FindResourceW
GetThreadTimes
TransmitCommChar
RemoveDirectoryW
ReadConsoleOutputCharacterA
GetProcessTimes
RequestWakeupLatency
PeekNamedPipe
CancelTimerQueueTimer
VerLanguageNameW
GetConsoleCursorInfo
GetCurrentProcessId
WritePrivateProfileStructW
SetCurrentDirectoryA
BeginUpdateResourceW

shell32

StrChrIW
StrRChrA
DragQueryFileW
StrRChrW
ShellAboutW
SHLoadInProc
DragQueryFileAorW
StrChrW
StrCmpNIW
SheChangeDirA
StrCmpNIA

shlwapi

SHRegQueryInfoUSKeyW
PathIsPrefixA
SHGetValueA
StrToIntExW
PathFindNextComponentA
PathAddExtensionW
SHDeleteKeyW
SHDeleteValueA
UrlGetLocationW
UrlApplySchemeA
PathStripPathA
PathSkipRootW
StrCSpnA
PathGetDriveNumberA
StrFromTimeIntervalA
PathRemoveBlanksW
UrlCombineA
IntlStrEqWorkerW
PathMakePrettyA
PathIsContentTypeW
StrCSpnW
UrlEscapeA
StrSpnA
StrFromTimeIntervalW
PathMakeSystemFolderW
StrNCatW
SHRegCloseUSKey
PathIsUNCServerShareW
SHRegEnumUSKeyW
SHRegOpenUSKeyA
SHRegEnumUSValueA
PathIsDirectoryA
PathCombineW
PathIsUNCW
UrlCanonicalizeW
HashData
PathSetDlgItemPathW
StrPBrkW
StrToIntA
SHIsLowMemoryMachine
SHRegOpenUSKeyW
PathSetDlgItemPathA
PathCanonicalizeA
SHEnumValueA
UrlApplySchemeW
SHRegEnumUSValueW
SHSetValueW
PathCompactPathExA
SHDeleteKeyA
PathMakePrettyW
SHDeleteValueW
PathCompactPathA
PathIsUNCServerW
PathFindOnPathW
SHRegCreateUSKeyW

user32

TranslateAcceleratorW
IsWindowUnicode
GetPropW
GetWindowContextHelpId
OffsetRect
SetWindowPos
ToUnicodeEx
GetQueueStatus
DestroyCursor
DefWindowProcW
IsCharAlphaNumericA
RegisterClassW
MapWindowPoints
ToAscii
GetUserObjectInformationA
SendNotifyMessageA
MenuItemFromPoint
MapVirtualKeyA
CopyIcon
SetDlgItemTextA
DrawIcon
LoadMenuA
SetClassLongW
SetProcessDefaultLayout
GetDlgCtrlID
GetMenuStringA
wvsprintfA
LookupIconIdFromDirectoryEx
SetWinEventHook
FlashWindowEx
DialogBoxIndirectParamA
SetSystemMenu
ShowCursor
RedrawWindow
CheckDlgButton
GetDlgItemInt
DdeImpersonateClient
IsDlgButtonChecked
SetWindowWord
GetScrollBarInfo
GetMessageExtraInfo
SetDebugErrorLevel
DefMDIChildProcW
DefMDIChildProcA
DefDlgProcW
CreateMDIWindowW
DdeGetQualityOfService
GetClipboardOwner
OpenClipboard
UnloadKeyboardLayout
IsZoomed
SetWindowsHookW
ModifyMenuA
OemToCharW
ChangeClipboardChain
GetProcessWindowStation
IsCharLowerA
DdeAddData
GetClassNameA
TranslateMessage
GetDlgItem
IMPSetIMEA
SwitchDesktop

version

GetFileVersionInfoA
VerQueryValueW
GetFileVersionInfoSizeA
VerInstallFileW
VerFindFileA
VerQueryValueA
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerInstallFileA
VerFindFileW

winmm

joyGetDevCapsW
midiDisconnect
midiStreamPosition
DefDriverProc
mixerGetControlDetailsA
waveOutSetPitch
midiInAddBuffer
mixerGetLineControlsA
waveOutSetPlaybackRate
waveOutSetVolume
midiStreamOut
mciDriverYield
timeBeginPeriod
auxGetDevCapsW
mciDriverNotify
joySetThreshold
tid32Message
midiInPrepareHeader
midiOutGetErrorTextA
midiOutClose
PlaySoundW
mciGetDeviceIDW
mciGetYieldProc
midiInGetErrorTextA
mmTaskYield
mmioRenameA
CloseDriver
midiStreamProperty
mixerGetLineInfoA
mixerMessage
mmTaskBlock
timeGetSystemTime
mciGetCreatorTask
mmioInstallIOProcA
WOWAppExit
waveOutGetErrorTextW
mixerGetNumDevs
waveOutClose
auxSetVolume
mmioDescend
mmDrvInstall
midiInMessage
midiOutGetDevCapsA
mmTaskCreate
waveOutGetPosition
midiOutMessage
midiOutSetVolume
midiOutUnprepareHeader
midiOutOpen
mmioSeek
midiOutGetID
midiInGetNumDevs
mmioClose
joyGetPos
wod32Message
waveInUnprepareHeader
midiStreamClose
mci32Message
mciSendCommandW
mmioStringToFOURCCA
mmioAdvance
midiOutGetErrorTextW
midiInGetDevCapsA
joyGetDevCapsA
joyConfigChanged
waveInGetErrorTextA
waveOutGetPitch
midiOutCachePatches
mid32Message
mixerOpen
waveInMessage
mmioGetInfo
auxOutMessage
midiInGetDevCapsW
waveInGetDevCapsA
mmioInstallIOProcW
timeEndPeriod
mciFreeCommandResource
mciSetDriverData
midiOutGetDevCapsW
waveOutReset
mmioSetBuffer

winspool.drv

AddMonitorA
EnumPortsW
DeletePrinterConnectionW
ord211
DeletePrintProcessorW
AddPrintProcessorA
DEVICECAPABILITIES
DeletePrinterDataExA
GetPrinterDataA
SetPortW
AddPrinterDriverW
EnumPrintersW
ord256
SplDriverUnloadComplete
AddPrintProvidorA
ord215
SetFormA
GetJobW
EnumPortsA
ord203
PlayGdiScriptOnPrinterIC
EnumPrinterDriversW
SetFormW
EnumFormsW
DeletePrinterDriverW
EnumMonitorsW
DeletePrinterDriverExA
AddPrinterConnectionW
DeletePrinter
DeletePrintProvidorW
DeviceCapabilitiesW
DeleteFormA
OpenPrinterW
GetPrinterDriverA
AbortPrinter
StartDocPrinterA
DevicePropertySheets
DeletePrinterDriverExW
PrinterMessageBoxW
EnumPrinterKeyA
GetJobA
ConvertUnicodeDevModeToAnsiDevmode
GetPrintProcessorDirectoryA
ord103
DocumentPropertySheets
EndDocPrinter
WaitForPrinterChange
FreePrinterNotifyInfo
DeviceMode
SpoolerPrinterEvent
GetPrinterA
DocumentEvent
SetJobW
DeleteMonitorW
AddPortExA
ExtDeviceMode
AddPortExW
PrinterMessageBoxA
DeviceCapabilitiesA
GetPrinterDriverDirectoryW
ConfigurePortA
DeletePrinterKeyA

msvcrt

_mbclen
_mbsnextc
_mbsrchr
_mbsninc
__RTDynamicCast
_wpgmptr
_adj_fdiv_m16i
_snwprintf
__p__iob
fread
strspn
_CItan
iswctype
_wsearchenv
fputs
_tzname
_mbscat
_spawnlpe
_ltow
pow
_strnicmp
_winminor
_filbuf
_getsystime
_ui64tow
_fputwchar
_wsetlocale
_timezone
_mbsnbicmp
fputc
feof
_adj_fptan
wcsftime
wprintf
toupper
wcsspn
_longjmpex
_heapmin
_CIacos
_adj_fprem1
fwrite
_aexit_rtn
ftell
_spawnvpe
strcoll
iswxdigit
wcsxfrm
raise
fopen
_CIpow
_wfindfirsti64
_HUGE
_wfsopen
fseek
ferror
swprintf
_mbsrev
_ismbcalnum
fsetpos
vwprintf
_wfopen
strcpy
_write
_getcwd
_outp
_fileinfo
_atodbl
_vsnwprintf
_wremove
_getws
_wsplitpath
wcslen
_getmaxstdio
towupper
_itow
_setsystime
sprintf
_fmode
fprintf
_safe_fprem
_stati64
_abnormal_termination
fwprintf
memset
__initenv
_access
iswprint
_ismbbpunct
_wspawnve
__lc_handle
sqrt
fclose
printf
_unlink
_execle

Exports

Exports

Uaqft

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ea3365171e739e8d7a3c471956db350a

Headers

File Characteristics

Imports

advapi32

comctl32

gdi32

kernel32

shell32

shlwapi

user32

version

winmm

winspool.drv

msvcrt

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 26KB

.rdata Size: 20KB - Virtual size: 18KB

.data Size: 56KB - Virtual size: 53KB

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 28KB - Virtual size: 26KB

.rdata
Size: 20KB - Virtual size: 18KB

.data
Size: 56KB - Virtual size: 53KB

.reloc
Size: 8KB - Virtual size: 4KB