ee36079dd5db557f388ce1e231573292e55c83c2e2c99c52a3597fb36b4aa3ef

Sharing

Copy URL Twitter E-mail

General

Target

ee36079dd5db557f388ce1e231573292e55c83c2e2c99c52a3597fb36b4aa3ef
Size

86KB
MD5

46a23a612d11b2bc30ddf0245716e1b5
SHA1

f786312bc9f0801e422412bbe43919b2bab57ba2
SHA256

ee36079dd5db557f388ce1e231573292e55c83c2e2c99c52a3597fb36b4aa3ef
SHA512

1161bff500e0eb9e9a07d014d4eaf3b61dcb00b95ea62078ffb42c5dc2c10beac6019c2209cbcce32e1c19692e1a1c55393e8f5431aa565f6a2322d72e576b01
SSDEEP

1536:GXHMDA6VJEXhpmnDmyRCY11KSmR/snmQZ+pNNeyekpA8IirH+fkB56y560LsrEC:GXHGATXXuDvR11wR9pNE8pA8X5P5LsY

Score

N/A

Malware Config

Signatures

Files

ee36079dd5db557f388ce1e231573292e55c83c2e2c99c52a3597fb36b4aa3ef
.exe windows x86

139530154de953c385d311cfcff49986

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

GetHookInterface
CoGetMalloc
CoGetTreatAsClass
OleLoadFromStream
OleInitialize
MonikerRelativePathTo
CoCreateInstance
OleSetMenuDescriptor
CoSetProxyBlanket
CoIsHandlerConnected
CoCreateFreeThreadedMarshaler
OleGetClipboard
CoSwitchCallContext
CoGetClassObject
CoGetCallerTID
OleConvertOLESTREAMToIStorageEx
CoGetInterfaceAndReleaseStream
CoUninitialize
CoFreeLibrary
WriteClassStm
CoRegisterSurrogate
CoQueryClientBlanket
OleSetContainedObject
StgSetTimes
OleRegEnumVerbs
ReadClassStm
OleQueryLinkFromData
CoIsOle1Class
CreateDataAdviseHolder
CoFileTimeToDosDateTime
IIDFromString
OleDestroyMenuDescriptor
CoQueryProxyBlanket
CoDisconnectObject
FreePropVariantArray
CreateStreamOnHGlobal
CoAddRefServerProcess
CoImpersonateClient
OleFlushClipboard
StgCreateStorageEx
OleIsRunning
OleLockRunning
CoRegisterClassObject
GetHGlobalFromStream
OleDuplicateData
OleCreateStaticFromData
CoGetCurrentProcess
CreateGenericComposite
StgOpenStorageOnILockBytes
CoRegisterPSClsid
ReadClassStg
OleCreateFromFile
OleCreateFromData
CoSuspendClassObjects
StgCreateDocfile
OleRegGetUserType
CoCreateGuid
CoFreeUnusedLibraries
OleCreateLink
CreateItemMoniker
CreateClassMoniker
OleCreateMenuDescriptor
UtGetDvtd16Info
CoGetCallContext
OleRegEnumFormatEtc
GetRunningObjectTable
CLSIDFromProgID
GetConvertStg
CoGetObject
OleConvertOLESTREAMToIStorage
CreateILockBytesOnHGlobal
SetDocumentBitStg
OleRun
OleSetAutoConvert
CreateBindCtx
CoResumeClassObjects
OleCreateLinkToFile
CreateAntiMoniker
CoFileTimeNow
OleDraw
OleSave
UpdateDCOMSettings
DoDragDrop
OleLoad
CreateOleAdviseHolder
MonikerCommonPrefixWith
CoCopyProxy
ReadStringStream
CoMarshalHresult
OleCreateLinkFromDataEx
CoUnmarshalHresult
ReadFmtUserTypeStg
OpenOrCreateStream
CoTreatAsClass
StringFromCLSID
PropVariantCopy
OleCreateLinkToFileEx
CoInitialize
UtConvertDvtd16toDvtd32
StringFromIID
OleGetIconOfClass
OleRegGetMiscStatus
CoDosDateTimeToFileTime

user32

GetSysColor
SetWindowContextHelpId
GetWindowModuleFileNameA
SetClassWord
GetMonitorInfoA
CreateDialogIndirectParamW
SubtractRect
SetDebugErrorLevel
DefDlgProcA
SetForegroundWindow
RemovePropW
SendIMEMessageExA
DrawFocusRect
ChangeMenuA
CopyIcon
DlgDirListComboBoxW
SetWindowsHookExW
CharNextExA
SetThreadDesktop
DrawStateA
MapVirtualKeyExW
TranslateMDISysAccel
GetGuiResources
DdeReconnect
MessageBoxExW
GetDlgCtrlID
GetKeyboardType
SetMenuItemInfoA
SetParent
GetSystemMetrics
GetTitleBarInfo
TabbedTextOutW
OpenInputDesktop
MapVirtualKeyA
EnumPropsExW
EndPaint
MessageBoxExA
GetDialogBaseUnits
EqualRect
DdeFreeStringHandle
PostQuitMessage
EnumDesktopWindows
SendIMEMessageExW
LoadImageW
GetMessageA
GetMenuCheckMarkDimensions
ShowWindowAsync
DdeCmpStringHandles
LoadAcceleratorsW
DdeFreeDataHandle
DefWindowProcW
DestroyIcon
SetWindowTextW
SetKeyboardState
BroadcastSystemMessageA
FindWindowA
OemToCharA
SwapMouseButton
CallNextHookEx
DlgDirListA
ClipCursor
InSendMessage
PeekMessageW
GetClassLongA
GetCursorPos
OpenDesktopA
PaintDesktop
EnumChildWindows
PostMessageW
RegisterDeviceNotificationA
IsWindowEnabled
GetWindowTextLengthW
DrawIcon
GetThreadDesktop
GetMenuStringA
EndTask
SetWindowPlacement
DdeQueryStringW
CharUpperBuffW
ToUnicode
ModifyMenuA
IsWindow
AnyPopup
ModifyMenuW
IsCharAlphaNumericW
RemovePropA
LoadKeyboardLayoutA
OpenWindowStationA
GetClassWord
GetMenuItemID
DdeQueryStringA
DestroyMenu
GetWindowDC
IsClipboardFormatAvailable
GetMenuInfo
SetMenuDefaultItem
GetCaretPos
GetSysColorBrush
GetProcessDefaultLayout
SetWindowRgn
ScrollDC
DdeDisconnectList
GetClassInfoW
GetClassInfoExW
DispatchMessageW
FindWindowExW
GetGUIThreadInfo
GetMenuBarInfo
GetDesktopWindow
DefMDIChildProcW
EditWndProc
DdeAbandonTransaction
GrayStringW
ScrollWindow
DrawAnimatedRects
GetClientRect
CheckMenuItem
GetWindowPlacement
ShowScrollBar
MessageBoxIndirectW
CreateAcceleratorTableA
CreateDialogParamW
GetWindowModuleFileNameW
GetWindowRect
RealGetWindowClass
EnumDisplaySettingsExW
SendDlgItemMessageW
SwitchDesktop

shlwapi

PathIsDirectoryA
SHRegCreateUSKeyW
StrIsIntlEqualW
SHRegDeleteUSValueA
PathStripPathW
PathCommonPrefixA
StrRStrIW
SHQueryValueExA
SHCreateStreamOnFileA
PathIsRootA
UrlIsNoHistoryW
SHCreateStreamOnFileW
PathIsDirectoryW
StrNCatA
PathRemoveBackslashA
SHOpenRegStreamA
PathFindSuffixArrayA
StrCmpNA
PathIsUNCServerShareW
PathRemoveBackslashW
StrCmpIW
StrSpnW
StrCSpnIA
PathSetDlgItemPathW
SHIsLowMemoryMachine
PathCompactPathW
UrlIsOpaqueW
StrRChrW
PathIsRootW
SHSetValueW
PathQuoteSpacesW
StrCatW
SHQueryInfoKeyA
PathMakePrettyA
SHEnumKeyExA
PathIsUNCServerW
StrCatBuffW
StrPBrkA
PathIsSystemFolderA
PathIsLFNFileSpecW
ColorRGBToHLS
PathRemoveBlanksW
SHRegDeleteEmptyUSKeyW
StrStrW
SHRegEnumUSKeyW
SHCreateShellPalette
StrTrimA
ColorAdjustLuma
StrCmpNW
UrlCreateFromPathW
PathRemoveFileSpecW
UrlCreateFromPathA
PathFindSuffixArrayW
UrlGetLocationW
PathAppendA
PathFindNextComponentW
SHOpenRegStream2W
PathParseIconLocationA
StrCSpnW
PathSearchAndQualifyA
UrlApplySchemeA
PathIsFileSpecW
PathIsUNCA
StrCmpW
PathSearchAndQualifyW
PathIsUNCServerA
PathCompactPathExW
PathGetDriveNumberW
SHGetInverseCMAP
StrStrIA
SHRegGetUSValueW
StrToIntW
StrRetToStrA
StrCmpNIW
PathRemoveBlanksA
ChrCmpIW
PathMakePrettyW
UrlIsNoHistoryA
UrlIsA
StrStrIW
PathIsContentTypeA
PathIsContentTypeW
PathCreateFromUrlW
StrStrA
StrFormatKBSizeA
SHRegSetUSValueW
PathCompactPathExA
StrToIntExW
wnsprintfW
PathGetArgsW
PathAddBackslashW
SHSetValueA
PathAddExtensionW
UrlGetPartW
SHDeleteKeyA
PathIsUNCServerShareA
IntlStrEqWorkerW
StrChrIW
SHDeleteValueA
PathFindExtensionW
PathIsPrefixA
PathFileExistsW
PathCreateFromUrlA
UrlCompareW
StrDupW
StrFormatKBSizeW
StrChrA
UrlCanonicalizeW

kernel32

LocalCompact
LocalLock
GetExitCodeThread
ReadProcessMemory
TransmitCommChar
CreateProcessW
GetProcessAffinityMask
FindFirstFileExA
GetNumberFormatA
SetCommConfig
GetThreadPriorityBoost
VirtualFree
GetCommandLineW
lstrcatA
GetPrivateProfileStructW
GlobalFindAtomW
GetEnvironmentVariableW
CreatePipe
GetLogicalDrives
lstrcmpi
PrepareTape
WritePrivateProfileSectionW
WriteFileEx
GetPrivateProfileIntW
SwitchToThread
HeapCompact
EnumResourceLanguagesA
OpenProcess
GetFileAttributesA
SetCalendarInfoW
GetOEMCP
GlobalFree
WriteFileGather
GetFileTime
Thread32First
FoldStringA
SetConsoleCtrlHandler
FlushViewOfFile
GetFileAttributesExA
EnumCalendarInfoExW
CreateWaitableTimerA
ReadConsoleOutputCharacterA
Process32First
RaiseException
EscapeCommFunction
GetShortPathNameW
GetTimeZoneInformation
SetCommMask
CopyFileA
ReadConsoleA
UpdateResourceW
CallNamedPipeW
GetDiskFreeSpaceW
OpenMutexA
GetProcessShutdownParameters
WaitForSingleObject
GetPriorityClass
GetProcessPriorityBoost
GetDriveTypeW
CompareFileTime
WriteProfileStringA
GetLocaleInfoW
WaitForMultipleObjects
GlobalFlags
BuildCommDCBA
VirtualAlloc
GetThreadContext
SetVolumeLabelA
PeekNamedPipe
VirtualProtect
CancelWaitableTimer
OpenEventA
OpenFileMappingW
GetCPInfoExW
DeleteFileA
ReadConsoleOutputCharacterW
FindAtomW
WriteConsoleInputA
LocalHandle
MultiByteToWideChar
IsDBCSLeadByte
ExpandEnvironmentStringsW
GetFileAttributesExW
GetLastError
VirtualUnlock
VerLanguageNameW
InitAtomTable
SetTimeZoneInformation
GetDevicePowerState
GetCommProperties
GetThreadLocale
IsBadHugeReadPtr
EnumSystemLocalesW
SetConsoleTitleA
SetConsoleScreenBufferSize
FreeEnvironmentStringsA
GetComputerNameA
HeapFree
WaitCommEvent
SetThreadPriorityBoost
EnumTimeFormatsW
BuildCommDCBAndTimeoutsW
QueryPerformanceFrequency
HeapUnlock
WriteConsoleA
WritePrivateProfileSectionA
EnumResourceTypesA
ReadDirectoryChangesW
SleepEx
WriteConsoleOutputCharacterW
UnmapViewOfFile
TerminateProcess
DeviceIoControl
EnumDateFormatsExW
lstrcpynA
GetTapePosition
BeginUpdateResourceA
BeginUpdateResourceW
GetCurrentThread
SearchPathA
Beep
MapViewOfFileEx
FindNextChangeNotification
VirtualFreeEx
Heap32First
HeapValidate
GetPrivateProfileSectionW
OutputDebugStringW
SetProcessWorkingSetSize
GetTimeFormatW
ScrollConsoleScreenBufferA
SetCurrentDirectoryA
SetLocalTime
GetCurrentThreadId
BackupWrite
GetOverlappedResult
OpenFile
Process32Next
DisableThreadLibraryCalls
GetUserDefaultLangID
lstrcat

advapi32

SetSecurityDescriptorDacl
GetAccessPermissionsForObjectA
ObjectCloseAuditAlarmW
ClearEventLogW
QueryServiceLockStatusA
CryptSetProviderW
RegQueryInfoKeyA
GetEffectiveRightsFromAclA
GetPrivateObjectSecurity
InitializeSid
GetOverlappedAccessResults
PrivilegedServiceAuditAlarmW
GetSidLengthRequired
RegLoadKeyA
DuplicateToken
ReadEventLogW
CryptAcquireContextA
SetEntriesInAccessListW
AbortSystemShutdownW
ObjectOpenAuditAlarmA
CryptCreateHash
DeregisterEventSource
CryptGetDefaultProviderA
TrusteeAccessToObjectW
CryptSetProvParam
RegOpenKeyExA
EnumServicesStatusW
CancelOverlappedAccess
GetServiceKeyNameW
GetSecurityInfoExA
ChangeServiceConfigW
CryptEnumProvidersW
GetSecurityDescriptorGroup
CryptSignHashW
GetExplicitEntriesFromAclA
GetNamedSecurityInfoExA
GetCurrentHwProfileW
RegCreateKeyExW
AreAllAccessesGranted
SetAclInformation
RegConnectRegistryW
GetCurrentHwProfileA
OpenServiceA
RegCreateKeyW
LogonUserW
BuildExplicitAccessWithNameW
LookupAccountNameW
CryptDeriveKey
RegCloseKey
CryptSetProviderExW
AddAccessDeniedAce
SetServiceBits
BuildTrusteeWithNameA
GetTokenInformation
ReportEventA
CryptSetHashParam
AreAnyAccessesGranted
FreeSid
LookupPrivilegeDisplayNameA
GetMultipleTrusteeOperationA
CryptDuplicateHash
RegOpenKeyA
RegLoadKeyW
SetSecurityDescriptorSacl
BackupEventLogA
SetServiceObjectSecurity
GetServiceKeyNameA
MakeSelfRelativeSD
StartServiceW
GetNamedSecurityInfoExW
GetServiceDisplayNameA
GetNumberOfEventLogRecords
GetSecurityDescriptorControl
QueryServiceStatus
CryptAcquireContextW
RegEnumKeyExA
CreateProcessAsUserW
RegQueryMultipleValuesA
LogonUserA
ObjectDeleteAuditAlarmW
SetEntriesInAclW
GetMultipleTrusteeW
SetNamedSecurityInfoExA
GetSecurityDescriptorSacl
RegNotifyChangeKeyValue
DestroyPrivateObjectSecurity
ObjectCloseAuditAlarmA
InitiateSystemShutdownA
BuildImpersonateExplicitAccessWithNameA
GetTrusteeNameA
CryptHashSessionKey
ConvertSecurityDescriptorToAccessNamedA
AllocateAndInitializeSid
RegisterServiceCtrlHandlerW
AddAce
NotifyChangeEventLog
OpenEventLogA
LookupPrivilegeNameA
OpenBackupEventLogA
GetSidSubAuthorityCount
SetKernelObjectSecurity
SetServiceStatus
ImpersonateNamedPipeClient
CryptDecrypt
RegFlushKey
RegCreateKeyA
RegisterEventSourceW
CopySid

Sections

.text
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 189B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

139530154de953c385d311cfcff49986

Headers

DLL Characteristics

File Characteristics

Imports

ole32

user32

shlwapi

kernel32

advapi32

Sections

.text Size: 68KB - Virtual size: 68KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 512B - Virtual size: 189B

.text
Size: 68KB - Virtual size: 68KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 512B - Virtual size: 189B