0de65a4efd4098e7b5bc03850c9d99578bce5454cf79710005ab7a99480720a0

Sharing

Copy URL Twitter E-mail

General

Target

0de65a4efd4098e7b5bc03850c9d99578bce5454cf79710005ab7a99480720a0
Size

834KB
MD5

02a060ea443a574ae375df58e2f6c94d
SHA1

66adcefb6baeca5ed5bc06269e1808ee8b5dc891
SHA256

0de65a4efd4098e7b5bc03850c9d99578bce5454cf79710005ab7a99480720a0
SHA512

a4c43dfd30baa64058176d08137ec16ea41c9b04bf878a6439aa5c69f8915f457b01896d8f9d748b606dd3b43fcb8a11ebf7aa1a8d79f187e3db75726b5810ae
SSDEEP

12288:vGt8kmheFlqLPHYw1XVsJbxSILFWENfOo924US94v1tHOaTet7HyZ6G068:vGtIheFoPHYxNxhFWq92IAOaiHj6

Score

N/A

Malware Config

Signatures

Files

0de65a4efd4098e7b5bc03850c9d99578bce5454cf79710005ab7a99480720a0
.exe windows x86

f374b4d9cbefac880e3422033d1c9f96

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

olecli32

BmChangeData
OleQueryReleaseError
OleCreateInvisible
LeSetData
GenSaveToStream
OleRename
DibEqual
LeSetTargetDevice
DefLoadFromStream
MfDraw
BmCopy
SrvrWndProc
OleSaveToStream
GenSetData
OleRenameClientDoc
DefCreateFromFile
ObjQueryType
PbEnumFormats
LeClose
OleReconnect
OleQueryProtocol
DefCreateLinkFromFile
OleSetData
MfClone
MfRelease
ErrQueryProtocol
OleQueryType
OleEnumFormats
MfQueryBounds
PbCreateLinkFromClip

kernel32

CancelTimerQueueTimer
SetPriorityClass
RtlZeroMemory
GetComputerNameW
CreateWaitableTimerW
RtlFillMemory
FindNextFileA
DebugBreak
ReadConsoleW
LoadLibraryW
CreateTapePartition
LZCopy
GetFullPathNameA
FreeLibraryAndExitThread
SetConsoleCP
GetCommConfig
SetTermsrvAppInstallMode
LeaveCriticalSection
EnumResourceNamesW
GetUserDefaultLCID
SetConsoleInputExeNameW
GetWindowsDirectoryA
FindActCtxSectionStringW
EraseTape
SetConsoleNlsMode
WaitCommEvent
_hread
ScrollConsoleScreenBufferA
BuildCommDCBAndTimeoutsW
SetThreadPriority
LockFileEx
MoveFileExA
DuplicateHandle
SetMailslotInfo
SetLastError
VirtualProtectEx
LockFile
OpenFileMappingW
GetTickCount
GetExitCodeProcess
HeapCreate
GlobalAlloc
WritePrivateProfileStructA
ReleaseActCtx
SetComputerNameW
ExpungeConsoleCommandHistoryW
GetHandleContext
VDMConsoleOperation
GetStringTypeA
DeleteTimerQueueEx
lstrcmp
MapUserPhysicalPagesScatter
GetConsoleWindow
GetCurrentDirectoryA
InterlockedExchange
CreateHardLinkA
AllocateUserPhysicalPages
RegisterWowBaseHandlers
CompareFileTime
HeapDestroy
SetConsoleNumberOfCommandsA
IsBadStringPtrW
HeapAlloc
CreateJobObjectW
AddVectoredExceptionHandler
IsValidCodePage

wtsapi32

WTSQueryUserConfigW
WTSVirtualChannelOpen
WTSEnumerateServersW
WTSQuerySessionInformationW
WTSEnumerateSessionsW
WTSDisconnectSession
WTSEnumerateServersA
WTSEnumerateSessionsA
WTSUnRegisterSessionNotification
WTSQueryUserConfigA
WTSFreeMemory
WTSSetSessionInformationW

mfcsubs

?Lookup@CMapStringToPtr@@QBEHPBGAAPAX@Z
?GetAt@CStringArray@@QBE?AVCString@@H@Z
??O@YG_NABVCString@@PBG@Z
??ACStringArray@@QAEAAVCString@@H@Z
?TrimLeft@CString@@QAEXXZ
?GetData@CStringArray@@QAEPAVCString@@XZ
?GetHashTableSize@CMapStringToPtr@@QBEIXZ
?Release@CString@@KGXPAUCStringData@@@Z
??0CString@@QAE@ABV0@@Z
?Unlock@CSyncObject@@UAEHJPAJ@Z
?Lock@CCriticalSection@@UAEHK@Z
??0CMapStringToPtr@@QAE@H@Z
??H@YG?AVCString@@ABV0@PBG@Z
??8@YG_NPBGABVCString@@@Z
??H@YG?AVCString@@ABV0@0@Z
?SafeStrlen@CString@@KGHPBG@Z
??ACStringArray@@QBE?AVCString@@H@Z
??9@YG_NPBGABVCString@@@Z
??H@YG?AVCString@@ABV0@G@Z
?Lock@CCriticalSection@@QAEHXZ
?GetLength@CString@@QBEHXZ
??_7CStringArray@@6B@
??N@YG_NABVCString@@0@Z
?Create@CPlex@@SGPAU1@AAPAU1@II@Z
?GetUpperBound@CStringArray@@QBEHXZ
?data@CPlex@@QAEPAXXZ
??1CString@@QAE@XZ
??O@YG_NABVCString@@0@Z

ddraw

DirectDrawEnumerateExW
DirectDrawEnumerateExA
DDGetAttachedSurfaceLcl
DllGetClassObject
GetOLEThunkData
RegisterSpecialCase
DDInternalLock
DirectDrawEnumerateA
D3DParseUnknownCommand
DirectDrawCreate
GetSurfaceFromDC
AcquireDDThreadLock
DllCanUnloadNow
ReleaseDDThreadLock
DirectDrawEnumerateW

msrating

RatingInit
ClickedOnPRF
RatingCustomInit
RatingEnable
RatingEnabledQuery
RatingCustomDeleteCrackedData
RatingCustomRemoveRatingHelper
RatingCheckUserAccess
RatingCustomSetDefaultBureau
RatingAccessDeniedDialog
RatingSetupUI
ClickedOnRAT
ChangeSupervisorPassword
RatingAccessDeniedDialog2

Sections

.text
Size: 409KB - Virtual size: 408KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 153KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 165KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f374b4d9cbefac880e3422033d1c9f96

Headers

DLL Characteristics

File Characteristics

Imports

olecli32

kernel32

wtsapi32

mfcsubs

ddraw

msrating

Sections

.text Size: 409KB - Virtual size: 408KB

.rdata Size: 153KB - Virtual size: 152KB

.data Size: 165KB - Virtual size: 1.5MB

.rsrc Size: 105KB - Virtual size: 104KB

.reloc Size: 1024B - Virtual size: 1012B

.text
Size: 409KB - Virtual size: 408KB

.rdata
Size: 153KB - Virtual size: 152KB

.data
Size: 165KB - Virtual size: 1.5MB

.rsrc
Size: 105KB - Virtual size: 104KB

.reloc
Size: 1024B - Virtual size: 1012B