b8463bb3acbe64345e9b50c3b9f0dc366769e4cee77e83a4d594a081de44e739

Sharing

Copy URL

Twitter E-mail

General

Target

b8463bb3acbe64345e9b50c3b9f0dc366769e4cee77e83a4d594a081de44e739
Size

600KB
MD5

0e38f6d834e7b1b46e5846af55b91ddd
SHA1

6565c7cd9f12ee1eab2847deddf9b971bcc38a35
SHA256

b8463bb3acbe64345e9b50c3b9f0dc366769e4cee77e83a4d594a081de44e739
SHA512

cb03eb4ded61681d9c9bfa4f5bbcbfcbf26d884d66892445d9a2d95e227a7f7d4d0faa58c387dde552f9d0e2fb1acad8a2e35b0e153803da1c5a4ef672bf0203
SSDEEP

12288:/x774BKwqunpYhR0I7XHgZQKhJgeCmKH7Um:/97nSpYhRLLHgZpJEZH7

Score

N/A

Malware Config

Signatures

Files

b8463bb3acbe64345e9b50c3b9f0dc366769e4cee77e83a4d594a081de44e739
.exe windows x86

9e0d538eb26e67330d92ae1be1e54d96

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegDeleteKeyA
RegQueryInfoKeyA
RegDeleteValueA
RegEnumValueA
RegEnumKeyExA
RegOpenKeyExW
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyW
GetLengthSid
AddAccessAllowedAce
AddAccessDeniedAce
InitializeAcl
AllocateAndInitializeSid
CopySid
GetTokenInformation
OpenProcessToken
FreeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidA
CheckTokenMembership
IsValidSid
OpenThreadToken
RegSetValueExA

kernel32

UnhandledExceptionFilter
GetStartupInfoA
InterlockedCompareExchange
InterlockedExchange
QueryPerformanceCounter
VirtualProtect
GetUserDefaultUILanguage
GetCalendarInfoW
EnumSystemLocalesW
EnumUILanguagesW
IsProcessorFeaturePresent
ReleaseSemaphore
GlobalMemoryStatus
GetCurrentThread
InitializeCriticalSection
CreateFileA
CreateDirectoryW
GetTempPathW
CompareStringW
IsValidCodePage
GetStringTypeExW
IsDBCSLeadByte
GetUserDefaultLCID
GetSystemInfo
GetDiskFreeSpaceExW
GetTimeZoneInformation
GetVersionExW
GetSystemDirectoryW
IsValidLocale
LocalAlloc
LocalFree
LoadLibraryExW
GetShortPathNameA
SetUnhandledExceptionFilter
OpenMutexA
GetProcessTimes
ExpandEnvironmentStringsW
GetLocaleInfoW
CreateFileW
GetFileType
MulDiv
GetACP
FlushFileBuffers
SetFileAttributesW
LeaveCriticalSection
EnterCriticalSection
GetSystemTimeAsFileTime
DeleteCriticalSection
TlsFree
TlsGetValue
VirtualFree
GetSystemDefaultLCID
TlsAlloc
InitializeCriticalSectionAndSpinCount
GlobalFree
CreateEventA
CreateMutexA
CreateFileMappingA
MapViewOfFile
ReleaseMutex
GlobalAlloc
UnmapViewOfFile
GetModuleFileNameA
CreateProcessA
FreeLibrary
GetCurrentThreadId
GetTickCount
TlsSetValue
RaiseException
VirtualAlloc
HeapReAlloc
HeapAlloc
HeapValidate
HeapSize
HeapFree
GetProcessHeap
IsDebuggerPresent
SetEvent
CreateThread
GetCurrentProcess
DuplicateHandle
MultiByteToWideChar
GetVersionExA
OutputDebugStringA
GetModuleFileNameW
SetLastError
GetVersion
GetProcAddress
GetModuleHandleW
LoadLibraryW
GetModuleHandleA
LoadLibraryA
ResetEvent
WaitForMultipleObjects
OpenProcess
TerminateProcess
WaitForSingleObject
DeleteFileW
OpenThread
QueueUserAPC
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetCurrentProcessId
GetLocalTime
GetTempPathA
WideCharToMultiByte
GetLastError
Sleep
SetFilePointer
WriteFile
CloseHandle
GetFileAttributesW
GetSystemTime
SystemTimeToFileTime
CreateSemaphoreA

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

secur32

GetUserNameExW

lbghost

FIsOnlyLBInstance
FCopyOfficeHang
FRemoveOfficeHang
GetLBOSVersion
FStillHaveHangs
FSetLbOverrideWatsonUI
ResetLBInstance
HwndLBUISet
LoadLBIntl
FGetLbOverrideWatsonUI

msvcr80

__CxxFrameHandler3
_CxxThrowException
_wcsicmp
_wtoi
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
_CIsqrt
exit
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
_except_handler4_common
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_crt_debugger_hook
_invoke_watson
_controlfp_s
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
memmove
memcpy
memset
_vsnprintf
_ismbblead

user32

RegisterClassExW
IsDialogMessageW
DestroyWindow
GetWindowLongW
LoadStringW
SendMessageW
PostMessageW
IsHungAppWindow
IsWindowVisible
CreateWindowExW
GetWindowInfo
ShowWindow
FlashWindowEx
GetFocus
DefWindowProcW
SetTimer
PostQuitMessage
KillTimer
DispatchMessageW
TranslateMessage
GetWindowThreadProcessId
CreateDialogParamW
GetMessageW
SystemParametersInfoW
GetSystemMetrics
GetWindowRect
GetWindowPlacement
IsIconic
SystemParametersInfoA
SetForegroundWindow
SetWindowPos
SetWindowLongW
DrawIconEx
FillRect
GetSysColorBrush
ReleaseDC
GetDC
SetWindowTextW
GetDlgItem
SendMessageA
DestroyIcon
InvalidateRect
GetSysColor
SendDlgItemMessageW
DialogBoxParamW
LoadIconW
EndDialog
GetClassNameA
IsWindowUnicode
GetWindowLongA
GetParent
MapWindowPoints
MoveWindow
GetWindow
GetDlgCtrlID
GetClientRect
IsWindow
CreateWindowExA
CreateDialogIndirectParamA
DrawTextA
DrawTextW
MapDialogRect
SetFocus
EnumDisplayMonitors
GetMonitorInfoA
LoadBitmapA
GetKeyboardLayout
GetMenuCheckMarkDimensions
EnumWindows
SetRectEmpty

Sections

.text
Size: 296KB - Virtual size: 295KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 197KB - Virtual size: 217KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.bdata
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9e0d538eb26e67330d92ae1be1e54d96

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

version

secur32

lbghost

msvcr80

user32

Sections

.text Size: 296KB - Virtual size: 295KB

.data Size: 197KB - Virtual size: 217KB

.rsrc Size: 27KB - Virtual size: 27KB

.reloc Size: 12KB - Virtual size: 11KB

.bdata Size: 60KB - Virtual size: 60KB

.text
Size: 296KB - Virtual size: 295KB

.data
Size: 197KB - Virtual size: 217KB

.rsrc
Size: 27KB - Virtual size: 27KB

.reloc
Size: 12KB - Virtual size: 11KB

.bdata
Size: 60KB - Virtual size: 60KB