45404530127a0d73df1e7d3bdf1d716c347441ef3114a4b95d490ab81dfbbb47

Sharing

Copy URL

Twitter E-mail

General

Target

45404530127a0d73df1e7d3bdf1d716c347441ef3114a4b95d490ab81dfbbb47
Size

826KB
MD5

121e3f9b8f06dea01f437f0137ed23b4
SHA1

42f54df86876984d1de5011da370001c2018130d
SHA256

45404530127a0d73df1e7d3bdf1d716c347441ef3114a4b95d490ab81dfbbb47
SHA512

3675ba22bdf123e5c65bdf58d126b3f99ed094a0e4f8a60aac107732a3d28baafd39a823ba9fbccbd2a05f7e995dca8e1dc8d79c48fc9b8d642ddd5bc0053eda
SSDEEP

12288:vzofBKFQCSFIkTiqyXkuC1Gmrf5yF3Ofa6imGF8Y7uOipk0psCGtscJ551r3Zcfw:MMeCGI5qyXfCtcLTF9uLkCGt15pJc2M

Score

N/A

Malware Config

Signatures

Files

45404530127a0d73df1e7d3bdf1d716c347441ef3114a4b95d490ab81dfbbb47
.exe windows x86

352abe6789af4e079b5b43b51543c571

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

glu32

gluQuadricCallback
gluTessBeginContour
gluQuadricOrientation
gluTessNormal
gluLookAt
gluEndSurface
gluTessCallback
gluProject
gluDeleteQuadric
gluNextContour
gluPartialDisk
gluDisk
gluQuadricTexture
gluBeginPolygon
gluCylinder
gluNewNurbsRenderer
gluLoadSamplingMatrices
gluBeginCurve
gluBuild2DMipmaps
gluEndTrim

user32

CallWindowProcA
CharToOemBuffW
SendIMEMessageExW
WCSToMBEx
UserHandleGrantAccess
CopyImage
GetDlgItemInt
GetQueueStatus
PostThreadMessageW
DefRawInputProc
SetWindowLongW
ChangeDisplaySettingsW
EnumPropsA
ShowWindowAsync
AdjustWindowRect
GetKeyState
EmptyClipboard
EndDeferWindowPos
LoadStringW
CallWindowProcW
DialogBoxParamA
EnumDisplaySettingsExW
DdeReconnect
SetDeskWallpaper
EnumPropsExW
DdePostAdvise
DdeConnectList
SetShellWindowEx
DdeSetQualityOfService
DestroyWindow

rtm

RtmCreateRouteListEnum
RtmDeleteRouteTable
RtmGetNextHopPointer
RtmDeleteEnumHandle
RtmDeleteRouteToDest
RtmMarkDestForChangeNotification
RtmGetNextRoute
RtmReadAddressFamilyConfig
BestMatchInTable
RtmDeregisterClient
RtmIsMarkedForChangeNotification
RtmFindNextHop
RtmInsertInRouteList
RtmGetInstanceInfo
RtmGetRegisteredEntities
RtmGetListEnumRoutes
RtmBlockConvertRoutesToStatic
RtmGetChangedDests
RtmGetExactMatchRoute
RtmEnumerateGetNextRoute
MgmDeInitialize
RtmLockNextHop
RtmBlockDeleteRoutes
MgmGetFirstMfeStats
RtmCloseEnumerationHandle
RtmCreateRouteEnum
RtmWriteAddressFamilyConfig

kernel32

QueryPerformanceCounter
GetUserDefaultUILanguage
GetWindowsDirectoryW
FoldStringA
GetCurrentThread
MapUserPhysicalPages
GetAtomNameW
GetMailslotInfo
GetProfileSectionA
CreateActCtxA
lstrcmp
GetModuleHandleW
VerLanguageNameW
TransmitCommChar
ConvertThreadToFiber
GetProcessHeaps
CreateProcessInternalW
LoadResource
HeapAlloc
GetLocaleInfoW
WriteProcessMemory
DeleteVolumeMountPointA
ReadFile
LeaveCriticalSection
GetSystemInfo
IsProcessInJob
CreateIoCompletionPort
GetGeoInfoW
SetComputerNameA
GetTimeFormatA
CreateWaitableTimerA
CommConfigDialogW
DuplicateHandle
LoadLibraryW
GetProcessAffinityMask
GetPrivateProfileSectionNamesA

crypt32

CertVerifyTimeValidity
CertEnumCTLContextProperties
CryptCreateAsyncHandle
CertAlgIdToOID
CryptVerifyCertificateSignatureEx
CryptSignMessage
CryptHashCertificate
CertCompareCertificate
CertEnumCRLContextProperties
CryptMsgOpenToEncode
CryptUnregisterOIDInfo
CryptDecodeObject
CryptEncodeObject
CryptEnumKeyIdentifierProperties
CryptFreeOIDFunctionAddress
CryptMsgSignCTL
CryptSIPVerifyIndirectData
CertRDNValueToStrW
RegSetValueExU
CryptInstallOIDFunctionAddress
CryptMsgVerifyCountersignatureEncodedEx
CryptDecodeObjectEx
CertAddCRLLinkToStore
CertGetSubjectCertificateFromStore

msvcrt

isgraph
__CxxLongjmpUnwind
_wtoi64
??8type_info@@QBEHABV0@@Z
labs
__getmainargs
_mbcjmstojis
__set_app_type
_wtoi
__p__commode
mbstowcs
_flsbuf
exit
wprintf
_aligned_offset_realloc
fsetpos
__fpecode

sqlunirl

_EnumFontFamilies_@16
_GetMenuString_@20
_CallMsgFilter_@8
_FindAtom_@4
_CreateColorSpace_@4
_GetDlgItemText@16
_RegisterEventSource_@8
_RegSetValueEx_@24
_EnumDisplaySettings_@12
_DialogBoxParam_@20
_SetICMProfile_@8
_DispatchMessage_@4
_ExtTextOut@32
_OpenEvent_@12
_SendMessage@16
_EnumDesktops_@12
_CompareString_@24
_SHBrowseForFolder_@4
_BeginUpdateResource_@8
_RegEnumValue_@32
_GetShortPathName_@12
_GetSaveFileName@4
_NDdeTrustedShareEnum_@24
_GetSystemDirectory_@8
_GetTempPath_@8
_NDdeSetShareSecurity_@16
_CreateFile@28
_LoadCursorFromFile_@4

Sections

.text
Size: 364KB - Virtual size: 363KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 131KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 197KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 820B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

352abe6789af4e079b5b43b51543c571

Headers

DLL Characteristics

File Characteristics

Imports

glu32

user32

rtm

kernel32

crypt32

msvcrt

sqlunirl

Sections

.text Size: 364KB - Virtual size: 363KB

.rdata Size: 131KB - Virtual size: 131KB

.data Size: 197KB - Virtual size: 1.5MB

.rsrc Size: 132KB - Virtual size: 131KB

.reloc Size: 1024B - Virtual size: 820B

.text
Size: 364KB - Virtual size: 363KB

.rdata
Size: 131KB - Virtual size: 131KB

.data
Size: 197KB - Virtual size: 1.5MB

.rsrc
Size: 132KB - Virtual size: 131KB

.reloc
Size: 1024B - Virtual size: 820B