9900960087c8ae6658c4ea187c0fe7eb5126afdc7f1d692fbc0a60651167fd29

Sharing

Copy URL

Twitter E-mail

General

Target

9900960087c8ae6658c4ea187c0fe7eb5126afdc7f1d692fbc0a60651167fd29
Size

832KB
MD5

0f84358ee3d8c8d0a1712d27b7b278aa
SHA1

8ee971019910c49e14a9e7163e5ea7e4bba04219
SHA256

9900960087c8ae6658c4ea187c0fe7eb5126afdc7f1d692fbc0a60651167fd29
SHA512

7ec59b3cad4f58a1a46271f9b349f81e9a078af6ead11d142d9a61aae683348af453916f59638b60ce5626a72c99852052af234f9d479418b33a8ab7adf002ca
SSDEEP

24576:zyFCiBJUZuvv3bWnwXQbgXhzLifqV7jg3a4l:zyxyQv3CwXWesl

Score

N/A

Malware Config

Signatures

Files

9900960087c8ae6658c4ea187c0fe7eb5126afdc7f1d692fbc0a60651167fd29
.exe windows x86

f2defdcf635b9ccfdd05653d671653c3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

duser

SetGadgetFillI
PeekMessageExW
BuildInterpolation
LookupGadgetTicket
GetStdColorBrushF
DrawGadgetTree
GetDebug
MapGadgetPoints
GetStdColorI
GetGadgetProperty
SetGadgetOrder
GetGadgetScale
UtilGetColor
DUserInstanceOf
UtilBuildFont
SetGadgetRootInfo
SetGadgetBufferInfo
GetStdColorName
RegisterGadgetMessage
DeleteHandle
DUserPostEvent
ForwardGadgetMessage
GetStdColorF
InvalidateGadget
GetGadgetStyle
RemoveGadgetProperty
IsStartDelete
DUserSendMethod

kernel32

MapViewOfFileEx
lstrcpynA
GetProcessPriorityBoost
EnterCriticalSection
DeleteVolumeMountPointW
WaitCommEvent
InterlockedPopEntrySList
QueryPerformanceCounter
ResetWriteWatch
CreateMailslotA
MapUserPhysicalPagesScatter
GetStringTypeExW
FlushConsoleInputBuffer
GetCurrentThread
GlobalMemoryStatusEx
QueryInformationJobObject
WriteProfileSectionA
GetProcessHeaps
GetNamedPipeHandleStateW
LoadLibraryW
ExpungeConsoleCommandHistoryW
FindResourceExA
GetTempFileNameW
GetModuleHandleW
CreateRemoteThread
BaseUpdateAppcompatCache
RemoveDirectoryW
GlobalFindAtomW
GetLogicalDriveStringsW
GetConsoleAliasExesA
SetProcessWorkingSetSize
GetVersionExW
GetFileSizeEx
WriteConsoleOutputAttribute
SetConsoleFont
GetLocaleInfoW
LCMapStringA
FindCloseChangeNotification
RtlZeroMemory

sqlunirl

_GetVolumeInformation_@32
_FindAtom_@4
_SHBrowseForFolder_@4
_CreateProcess_@40
_GetPrivateProfileSectionNames_@12
_SHGetPathFromIDList_@8
_LookupPrivilegeDisplayName_@20
_PolyTextOut_@12
_CreateSemaphore_@16
_SetWindowsHook_@8
_GetDriveType_@4
newWideCharFromMultiByte
_MoveFile@8
_FindFirstChangeNotification_@12
_wvsprintf_@12
_EnumFontFamiliesEx_@20
_EnumDesktops_@12
_CreateWindowStation_@16
_GetWindowsDirectory_@8
_DrawText@20
_RemoveDirectory_@4
_GetObject@12
_DefMDIChildProc_@16
wsprintf_
_RegDeleteKey_@8
_GetEnvironmentVariable_@12

vssapi

?OnAbortBegin@CVssJetWriter@@UAGXXZ
?AreComponentsSelected@CVssWriter@@IBG_NXZ
?OnPrepareBackupBegin@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@@Z
?OnPrepareSnapshotBegin@CVssJetWriter@@UAG_NXZ
?OnFreezeBegin@CVssJetWriter@@UAG_NXZ
?CreateVssExamineWriterMetadata@@YGJPAGPAPAVIVssExamineWriterMetadata@@@Z
?OnIdentify@CVssJetWriter@@UAG_NPAVIVssCreateWriterMetadata@@@Z
?GetCurrentVolumeCount@CVssWriter@@IBGIXZ
?OnVSSApplicationStartup@CVssWriter@@UAG_NXZ

dnsapi

DnsApiFree
DnsWriteQuestionToBuffer_UTF8
DnsUpdateTest_UTF8
DnsQuery_A
DnsModifyRecordsInSet_A
DnsUnicodeToUtf8
DnsQuery_W
Dns_ParseMessage
Dns_ReadPacketName
Query_Main
Dns_WriteDottedNameToPacket
DnsApiRealloc
DnsNameCompareEx_A
DnsRecordListFree
DnsRecordSetCompare
DnsNameCompareEx_UTF8
Dns_SkipToRecord
DnsDhcpSrvRegisterTerm
DnsGetPrimaryDomainName_A
DnsIpv6StringToAddress
DnsGetBufferLengthForStringCopy
DnsCopyStringEx
DnsFree
DnsReplaceRecordSetW

oleaut32

VarR8FromUI1
SafeArrayPtrOfIndex
VarUI4FromDec
VarRound
VarFormatPercent
LPSAFEARRAY_Marshal
VarBstrFromUI1
VarDecFromCy

mfcsubs

??P@YG_NPBGABVCString@@@Z
??4CString@@QAEABV0@PBE@Z
??O@YG_NABVCString@@PBG@Z
?GetBufferSetLength@CString@@QAEPAGH@Z
?data@CPlex@@QAEPAXXZ
??YCString@@QAEABV0@D@Z
?RemoveAll@CMapStringToPtr@@QAEXXZ
?FreeAssoc@CMapStringToPtr@@IAEXPAUCAssoc@1@@Z
?Mid@CString@@QBE?AV1@H@Z

Sections

.text
Size: 376KB - Virtual size: 375KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 189KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 142KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 844B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f2defdcf635b9ccfdd05653d671653c3

Headers

DLL Characteristics

File Characteristics

Imports

duser

kernel32

sqlunirl

vssapi

dnsapi

oleaut32

mfcsubs

Sections

.text Size: 376KB - Virtual size: 375KB

.rdata Size: 123KB - Virtual size: 122KB

.data Size: 189KB - Virtual size: 1.6MB

.rsrc Size: 142KB - Virtual size: 141KB

.reloc Size: 1024B - Virtual size: 844B

.text
Size: 376KB - Virtual size: 375KB

.rdata
Size: 123KB - Virtual size: 122KB

.data
Size: 189KB - Virtual size: 1.6MB

.rsrc
Size: 142KB - Virtual size: 141KB

.reloc
Size: 1024B - Virtual size: 844B