6ddf153d932155a06128f3d134d11251b459a8623388c6b90d53cab3425502cb

Sharing

Copy URL Twitter E-mail

General

Target

6ddf153d932155a06128f3d134d11251b459a8623388c6b90d53cab3425502cb
Size

445KB
MD5

0452ef6cd37a56244c1f1d7c427070e0
SHA1

600dbbbe93ae4e0198280230afdb53f3c2a67846
SHA256

6ddf153d932155a06128f3d134d11251b459a8623388c6b90d53cab3425502cb
SHA512

e64f1d4d42bfb05bd1f85d969ea735890ccc8ec0b8691b455cd11a8c19663e4c032639c17b7f99a06a55807dda037c03e69f62fd755236e2b9a6f654eadee19a
SSDEEP

6144:4bhf0QL4TFvRujR9CDUdmr6XCYZWehKuuSM2Tq0LD1EqQ93T+8VvU0atFq:iYTFvR0CDjWyr2W0LD1C+MLa

Score

N/A

Malware Config

Signatures

Files

6ddf153d932155a06128f3d134d11251b459a8623388c6b90d53cab3425502cb
.exe windows x86

bcce0d2b7ed723cd121dc97cc8a48b0c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegSetValueExW
RegCreateKeyExW
EventWrite
RegOpenKeyExW
RegSetKeyValueW
RegGetValueW
RegEnumKeyExW
RegDeleteValueW
OpenProcessToken
RegQueryValueExW
EventRegister
EventUnregister
EventEnabled
RegQueryInfoKeyW
InitializeAcl
InitializeSecurityDescriptor
CopySid
GetLengthSid
IsValidSid
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
GetTokenInformation
AddAce
GetAce
GetAclInformation
AddAccessAllowedAce
StartServiceCtrlDispatcherW
SetSecurityDescriptorDacl
OpenThreadToken
LookupAccountNameW
SetServiceStatus
RegisterServiceCtrlHandlerExW
SetFileSecurityW
ImpersonateLoggedOnUser
GetSecurityDescriptorLength
MakeSelfRelativeSD
GetSidSubAuthority
RevertToSelf
MakeAbsoluteSD
InitializeSid
GetSidLengthRequired
AddAccessDeniedAce
LookupAccountSidW
CreateWellKnownSid
SetTokenInformation
IsValidAcl
DeregisterEventSource
RegisterEventSourceW
ReportEventW
ConvertStringSecurityDescriptorToSecurityDescriptorA
RegDeleteKeyTransactedW
GetSecurityDescriptorControl
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
RegCreateKeyTransactedW
RegOpenKeyTransactedW
CheckTokenMembership

kernel32

InterlockedCompareExchange
DelayLoadFailureHook
HeapSetInformation
GetCurrentProcessId
SetPriorityClass
SetEnvironmentVariableW
CreateMutexW
Sleep
MultiByteToWideChar
LoadLibraryW
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
HeapFree
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetCurrentProcess
GetNLSVersion
OutputDebugStringW
GetModuleFileNameW
LoadLibraryExW
InterlockedDecrement
InterlockedIncrement
GetSystemDirectoryW
GetModuleHandleW
GetModuleHandleExW
GetProcAddress
WideCharToMultiByte
GetSystemDefaultLCID
CompareStringW
lstrcmpiW
FreeLibrary
lstrlenW
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
GetDriveTypeW
GetVolumeInformationW
SetLastError
GetVolumePathNamesForVolumeNameW
SetErrorMode
GetLastError
CloseHandle
LoadLibraryExA
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
GetSystemPreferredUILanguages
ResolveLocaleName
LocaleNameToLCID
CreateFileMappingW
ReleaseMutex
MapViewOfFile
CopyFileA
DeleteFileA
FlushViewOfFile
GetLocalTime
CreateFileA
FormatMessageW
UnmapViewOfFile
LCMapStringW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetTimeFormatW
LocalFree
CreateFileW
lstrcmpW
CompareFileTime
RemoveDirectoryW
FindFirstFileW
GetCommandLineW
DeleteFileW
SearchPathW
MoveFileW
CopyFileW
GetFileAttributesW
SetFileAttributesW
GetVersionExA
HeapDestroy
HeapAlloc
HeapReAlloc
HeapSize
InterlockedExchange
lstrlenA
GetEnvironmentVariableW
GetStartupInfoA
SetUnhandledExceptionFilter
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
OutputDebugStringA
VerifyVersionInfoW
VerSetConditionMask
GetVersionExW
ExpandEnvironmentStringsW
CreateThread
WaitForSingleObject
FindClose
FindNextFileW
FindFirstFileExW
CreateDirectoryW
OpenEventW
GetCurrentThread
SetEvent
GetTickCount64
RegNotifyChangeKeyValue
DuplicateHandle
CreateEventW
RegEnumValueW
RegDeleteKeyExW

user32

MsgWaitForMultipleObjects
PeekMessageW
UnregisterClassA
UnregisterDeviceNotification
RegisterDeviceNotificationW
LoadStringW
CharNextW
DispatchMessageW

msvcrt

_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
_acmdln
exit
_ismbblead
realloc
_exit
_cexit
__getmainargs
calloc
wcsncpy_s
malloc
memmove_s
memcpy
wcsrchr
swscanf_s
_wcsicmp
free
_wcsnicmp
wcsncmp
memcpy_s
_vsnwprintf
memset
__CxxFrameHandler3
_CxxThrowException
_errno
_controlfp
fprintf
wcsstr
wcspbrk
_vscwprintf
vswprintf_s
qsort
towupper
bsearch
_XcptFilter
wcschr
iswspace
_wtol
swscanf
_vsnprintf
strncmp
_iob

ntdll

NtOpenFile
RtlInitUnicodeString
RtlNtStatusToDosError
WinSqmAddToStream
WinSqmIncrementDWORD
WinSqmSetDWORD
WinSqmIsOptedIn

ole32

CoUninitialize
CoInitializeEx
CoTaskMemFree
CoCreateInstance
CoRevertToSelf
CoTaskMemAlloc
CoTaskMemRealloc
CoRevokeClassObject
CoRegisterClassObject
CoInitializeSecurity
CoImpersonateClient

oleaut32

SysFreeString
SysAllocString
SysStringLen
VarBstrCat
SysAllocStringLen
SysAllocStringByteLen
SysStringByteLen
VariantInit
VariantClear
VarUI4FromStr
LoadRegTypeLi
LoadTypeLi

tquery

?ciDelete@@YGXPAX@Z
?ciNewNoThrow@@YGPAXI@Z
?ciNew@@YGPAXI@Z

shlwapi

PathIsUNCServerShareW
SHGetValueW
SHSetValueW
PathAddBackslashW
SHCopyKeyW
PathRemoveBackslashW
SHDeleteKeyW
ord154
PathIsDirectoryW
PathStripToRootW
PathCanonicalizeW
PathFindNextComponentW
PathSkipRootW
PathFileExistsW
SHRegGetValueW
SHStrDupW
PathAppendW
PathIsUNCW
PathIsUNCServerW
PathIsRootW

mssrch

??0CSearchServiceObj@@QAE@XZ
?Cleanup@CSearchServiceObj@@SGHXZ
??1CSearchServiceObj@@QAE@XZ

imm32

ImmDisableIME

Sections

.text
Size: 292KB - Virtual size: 292KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 45KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

huchtot
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

bcce0d2b7ed723cd121dc97cc8a48b0c

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

msvcrt

ntdll

ole32

oleaut32

tquery

shlwapi

mssrch

imm32

Sections

.text Size: 292KB - Virtual size: 292KB

.data Size: 7KB - Virtual size: 7KB

.rsrc Size: 100KB - Virtual size: 99KB

.reloc Size: 45KB - Virtual size: 46KB

huchtot Size: - Virtual size: 4KB

.text
Size: 292KB - Virtual size: 292KB

.data
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 100KB - Virtual size: 99KB

.reloc
Size: 45KB - Virtual size: 46KB

huchtot
Size: - Virtual size: 4KB