13968ffa5154d610b6b863997f284b2d5d4813d84efbe26dcf78eebb13090870

Sharing

Copy URL Twitter E-mail

General

Target

13968ffa5154d610b6b863997f284b2d5d4813d84efbe26dcf78eebb13090870
Size

223KB
MD5

0a35b83130303d7db0470f81744d0010
SHA1

adc6234987fa5f85b4038b75cded29b6382eef97
SHA256

13968ffa5154d610b6b863997f284b2d5d4813d84efbe26dcf78eebb13090870
SHA512

868f209d727cbbafe16ea302fd00fa48e56cf38aafa3028232f93e731e1dc15e8848131d5ae0a32993221451c96d39d7bbe1e23265dab43e4b708b7193c59969
SSDEEP

6144:anQJg8Cp46h8p5oU6Kx/YiiOIFXgKs4HEX/IDOBt:+wXCm6h8p5oU6KxAiGs4Hkp7

Score

N/A

Malware Config

Signatures

Files

13968ffa5154d610b6b863997f284b2d5d4813d84efbe26dcf78eebb13090870
.exe windows x86

a654e112a12642393b7a1aaa7e6916b4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW
TraceMessage
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
GetTokenInformation
OpenProcessToken
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenThreadToken
RegQueryInfoKeyW
RegEnumKeyExW
RegSetValueExW

kernel32

MultiByteToWideChar
lstrlenA
GetCurrentProcess
CreateMutexW
GetLocaleInfoW
CloseHandle
GetModuleFileNameW
GetModuleHandleW
HeapSetInformation
GetProcessHeap
GetVersionExW
FindResourceExW
CreateDirectoryW
CreateProcessW
FormatMessageW
GetTempPathW
GetTempFileNameW
DeleteFileW
FindFirstFileW
FindNextFileW
FindClose
GetLocalTime
SetLastError
FlushFileBuffers
WriteFile
ReadFile
FileTimeToLocalFileTime
SystemTimeToFileTime
FindResourceW
lstrcmpA
WaitForSingleObject
ReleaseMutex
GetSystemDirectoryW
LoadLibraryW
SetEvent
QueryPerformanceFrequency
LoadLibraryExW
FreeLibrary
CopyFileW
lstrcmpiW
lstrlenW
CreateFileW
TlsGetValue
FindAtomW
GetCurrentThread
CompareStringW
GetCommandLineW
LocalFree
GetProcAddress
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetStartupInfoW
InterlockedCompareExchange
Sleep
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
LoadResource
LockResource
SizeofResource
GetLastError
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
FileTimeToSystemTime

user32

SetWindowPlacement
IsWindowVisible
OffsetRect
GetWindowPlacement
MessageBoxW
FlashWindowEx
GetForegroundWindow
EnableWindow
SetForegroundWindow
ShowWindow
SendMessageW
SetWindowPos
RemoveMenu
AdjustWindowRectEx
SetWindowLongW
GetWindowLongW
SetTimer
KillTimer
DefWindowProcW
CreateWindowExW
RegisterClassExW
IsRectEmpty
SystemParametersInfoW
MonitorFromRect
GetMonitorInfoW
UnregisterClassA
SetWindowTextW
PostMessageW
PostThreadMessageW
SetRect
ExitWindowsEx
CharNextW
GetSystemMenu
GetSystemMetrics
DispatchMessageW
TranslateMessage

msvcr80

wcsncpy_s
wcschr
_purecall
_wcsrev
_wtol
??3@YAXPAX@Z
??_V@YAXPAX@Z
__CxxFrameHandler3
??2@YAPAXI@Z
memcpy_s
_CxxThrowException
_vscwprintf
wcsrchr
wcsnlen
_time64
_vsnprintf
_mktime64
vswprintf_s
_vsnwprintf
free
memmove_s
calloc
_errno
iswdigit
_wtoi
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_controlfp_s
_invoke_watson
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
_except_handler4_common
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
memset
wcscpy_s
swprintf_s
malloc
_recalloc
wcsstr

ole32

CoInitializeEx
CoCreateInstance
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoQueryProxyBlanket
CoCopyProxy
CoSetProxyBlanket
CoUninitialize

oleaut32

VariantInit
VariantClear
DispCallFunc
SysAllocStringLen
VariantChangeType
VarBstrCmp
VarUI4FromStr
SysFreeString
SysStringLen
SysAllocString

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

uxcore

GetMessageEx
?LoadAndCreateElement@CRMDUIParser@@QAEJIPB_WPAPAVElement@DirectUI@@PAV23@K0@Z
UXCoreInitThread
UXCoreInitProcess
?Initialize@NativeHWNDHost@DirectUI@@QAEJPB_W0PAUHWND__@@PAUHICON__@@HHHHHHHPAUHINSTANCE__@@I@Z
?RMLoadIcon@@YGPAUHICON__@@PB_WK0@Z
?Create@HWNDElement@DirectUI@@SGJPAUHWND__@@_NI1PAPAVElement@2@@Z
?Host@NativeHWNDHost@DirectUI@@QAEXPAVElement@2@@Z
?AddListener@Element@DirectUI@@QAEJPAUIElementListener@2@@Z
?Attach@CRMDUIParser@@QAEJPAVElement@DirectUI@@@Z
BuildDropTarget
?RMUpdateResourceSet@@YG_NPB_WK00@Z
?RMInitialize@@YGXXZ
?Destroy@NativeHWNDHost@DirectUI@@UAEXXZ
?SetDefaultFocus@NativeHWNDHost@DirectUI@@MAEXXZ
??0NativeHWNDHost@DirectUI@@QAE@XZ
?Create@FillLayout@DirectUI@@SGJPAPAVLayout@2@@Z
?CreateUnknown@Value@DirectUI@@SGPAV12@PAUIUnknown@@@Z
?CmdContextProp@Element@DirectUI@@2PAUPropertyInfo@2@A
?AccRoleProp@Element@DirectUI@@2PAUPropertyInfo@2@A
?AccessibleProp@Element@DirectUI@@2PAUPropertyInfo@2@A
?CreateLayout@Value@DirectUI@@SGPAV12@PAVLayout@2@@Z
?LayoutProp@Element@DirectUI@@2PAUPropertyInfo@2@A
?g_hHeap@DirectUI@@3PAXA
?Destroy@Element@DirectUI@@QAEJ_N@Z
UXCoreUnInitThread
UXCoreUnInitProcess
?RMTerminate@@YGXXZ
?OnMessage@NativeHWNDHost@DirectUI@@UAEJIIJAAJ@Z
??1NativeHWNDHost@DirectUI@@UAE@XZ
?Click@Button@DirectUI@@2PAEA
?Navigate@Hyperlink@DirectUI@@2PAEA
?UpdateAndGetDesiredSize@Element@DirectUI@@QAE?AUtagSIZE@@HH@Z
?Class@Checkbox@DirectUI@@2PAUIClassInfo@2@A
?Add@Element@DirectUI@@QAEJPAV12@@Z
?RMLoadString@@YGIIPA_WIKPB_W@Z
?StrToID@DirectUI@@YGGPB_W@Z
?RMLoadInt@@YGHIHKPB_W@Z
?GetHWND@NativeHWNDHost@DirectUI@@QAEPAUHWND__@@XZ
?Class@Animator@DirectUI@@2PAUIClassInfo@2@A
?FindDescendent@Element@DirectUI@@QAEPAV12@G@Z
?Class@Element@DirectUI@@2PAUIClassInfo@2@A
?Class@Progress@DirectUI@@2PAUIClassInfo@2@A
?Class@Hyperlink@DirectUI@@2PAUIClassInfo@2@A
?_ZeroRelease@Value@DirectUI@@AAEXXZ
?ChildrenProp@Element@DirectUI@@2PAUPropertyInfo@2@A
?ParentProp@Element@DirectUI@@2PAUPropertyInfo@2@A
?GetValue@Element@DirectUI@@QBEPAVValue@2@PBUPropertyInfo@2@H@Z
?ContentProp@Element@DirectUI@@2PAUPropertyInfo@2@A
?ClassProp@Element@DirectUI@@2PAUPropertyInfo@2@A
?IDProp@Element@DirectUI@@2PAUPropertyInfo@2@A
?SetValue@Element@DirectUI@@QAEJPBUPropertyInfo@2@HPAVValue@2@@Z
?VisibleProp@Element@DirectUI@@2PAUPropertyInfo@2@A
?CreateBool@Value@DirectUI@@SGPAV12@_N@Z
?CreateString@Value@DirectUI@@SGPAV12@PB_WPAUHINSTANCE__@@I@Z
?CreateAtom@Value@DirectUI@@SGPAV12@PB_W@Z
?AccNameProp@Element@DirectUI@@2PAUPropertyInfo@2@A
?AccDescProp@Element@DirectUI@@2PAUPropertyInfo@2@A
?EnabledProp@Element@DirectUI@@2PAUPropertyInfo@2@A
?g_dwElSlot@DirectUI@@3KA
?StartDefer@Element@DirectUI@@SGXXZ
?EndDefer@Element@DirectUI@@SGXXZ
?DestroyAll@Element@DirectUI@@QAEJXZ
?CheckedProp@Checkbox@DirectUI@@2PAUPropertyInfo@2@A
?UpdateStateProp@Checkbox@DirectUI@@IAEJH@Z
?UrlProp@Hyperlink@DirectUI@@2PAUPropertyInfo@2@A
?PositionProp@Progress@DirectUI@@2PAUPropertyInfo@2@A
?CreateInt@Value@DirectUI@@SGPAV12@H@Z
?GetElement@NativeHWNDHost@DirectUI@@QAEPAVElement@2@XZ
?RMLoadCompoundString@@YGIIPA_WIKPB_W@Z
?Remove@Element@DirectUI@@QAEJPAV12@@Z
??0CRMDUIParser@@QAE@XZ

sqmapi

SqmWaitForUploadComplete
SqmStartUpload
SqmSetEnabled
SqmEndSession
SqmSetAppId
SqmSet
SqmGetEnabled
SqmStartSession
SqmGetSession
SqmSetString
SqmSetIfMax
SqmIncrement
SqmAddToStreamDWord
SqmAddToStreamString
SqmSetUserId
SqmGetUserId
SqmWriteSharedUserId
SqmReadSharedUserId
SqmSetMachineId
SqmGetMachineId
SqmWriteSharedMachineId
SqmCreateNewId
SqmReadSharedMachineId
SqmSetAppVersion

shell32

SHGetFolderPathW
ShellExecuteW
CommandLineToArgvW
SHAppBarMessage
SHGetSpecialFolderPathW

wintrust

CryptCATAdminEnumCatalogFromHash
CryptCATAdminReleaseContext
CryptCATAdminCalcHashFromFileHandle
CryptCATCatalogInfoFromContext
CryptCATAdminAcquireContext
WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WinVerifyTrustEx

crypt32

CertVerifyCertificateChainPolicy

shlwapi

PathAppendW
PathCombineW
PathRenameExtensionW
PathIsDirectoryW
PathRemoveFileSpecW
PathRemoveBackslashW
PathStripPathW

Sections

.text
Size: 157KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.ddata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a654e112a12642393b7a1aaa7e6916b4

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

msvcr80

ole32

oleaut32

version

uxcore

sqmapi

shell32

wintrust

crypt32

shlwapi

Sections

.text Size: 157KB - Virtual size: 156KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 32KB - Virtual size: 32KB

.reloc Size: 10KB - Virtual size: 10KB

.ddata Size: 20KB - Virtual size: 20KB

.text
Size: 157KB - Virtual size: 156KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 32KB - Virtual size: 32KB

.reloc
Size: 10KB - Virtual size: 10KB

.ddata
Size: 20KB - Virtual size: 20KB