dd96f70183fd6f9482243e04b02a75c66040bafa64f612aebc99b4302709f1d7

Sharing

Copy URL

Twitter E-mail

General

Target

dd96f70183fd6f9482243e04b02a75c66040bafa64f612aebc99b4302709f1d7
Size

341KB
MD5

13d33a9ff6c77a3b7d08a4557d0a5e67
SHA1

78adf14b76c5f6ed6f94172ae1ea9ff756d65776
SHA256

dd96f70183fd6f9482243e04b02a75c66040bafa64f612aebc99b4302709f1d7
SHA512

00dcb19ac270b06914c35e38f467bd49d4f3829f74f4d98e1c2af7e6c73e43eff7613127b483653b6d35d2d4aa3ed64a8c0e562a1542786db6493df0faf016b8
SSDEEP

6144:bLwrTiWBUMLRr4ruCg4b4m+HSyD3YxHQnkcJFo9FR0YxlHA/7:bLwrTiqBLR0uFkrW3sHdcJFGFRPHs7

Score

N/A

Malware Config

Signatures

Files

dd96f70183fd6f9482243e04b02a75c66040bafa64f612aebc99b4302709f1d7
.exe windows x86

8247adfe8b445e100c186c37fc5c6736

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_exit
__dllonexit
_controlfp
_except_handler3
_onexit
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv

resutils

ResUtilAddUnknownProperties
ResUtilDupString
ResUtilGetEnvironmentWithNetName
ResUtilVerifyService
ResUtilGetPropertySize
ResUtilGetMultiSzProperty

gdi32

EndPage
GetEnhMetaFileDescriptionA
EnumFontFamiliesExA
DPtoLP
SetDIBColorTable
ExtFloodFill
Polygon
DeleteColorSpace
PolyTextOutA
GetDeviceGammaRamp
PlgBlt
ExtCreateRegion
Chord
EnumICMProfilesA
CreateBrushIndirect
GetObjectA
OffsetClipRgn
GetROP2
CreatePalette
GetCharWidthFloatA
Polyline
MoveToEx
GetWindowExtEx
FloodFill
GetCharABCWidthsA
GetDIBits
CreateRectRgnIndirect
StrokePath
RealizePalette
SetPixel
GetICMProfileA
AddFontResourceW
CloseFigure
CreateBitmap
GetObjectW
GetStretchBltMode
UpdateICMRegKeyW
CreateEnhMetaFileW
OffsetWindowOrgEx
CreateDIBPatternBrush
GetRgnBox
GetTextMetricsA
AbortPath
ExtCreatePen

mpr

WNetCancelConnection2A
WNetGetUserW
MultinetGetConnectionPerformanceA

comctl32

ImageList_GetIcon
FlatSB_SetScrollPos
ord6
CreatePropertySheetPageA
ord13
ord14
ImageList_LoadImageA
InitCommonControlsEx
FlatSB_GetScrollPos
FlatSB_SetScrollProp
ImageList_DrawEx
ImageList_Duplicate
ImageList_Write
ImageList_GetImageCount
ImageList_SetImageCount
PropertySheetA

netapi32

NetServerComputerNameDel
NetShareSetInfo
NetSessionEnum
NetServerGetInfo
NetShareDel

ole32

CoMarshalInterThreadInterfaceInStream
CoGetStandardMarshal
ReadClassStm
StgIsStorageFile
OleNoteObjectVisible
OleConvertOLESTREAMToIStorageEx
SNB_UserUnmarshal
ProgIDFromCLSID
HGLOBAL_UserSize
OleLockRunning
OleRun
CoUnmarshalHresult
OleUninitialize
CoTaskMemFree
OleQueryLinkFromData
CoLockObjectExternal
SNB_UserFree
CoMarshalHresult

comdlg32

GetOpenFileNameA
FindTextA
PrintDlgA

shell32

SHGetFileInfoA
StrChrIA
StrRStrIA
StrChrIW
StrChrA
ShellAboutA
ExtractIconExA
StrCmpNIW
StrStrW
SHBrowseForFolderA

wsock32

WSAAsyncSelect
WSAStartup
__WSAFDIsSet
WSAAsyncGetServByName
WSAAsyncGetHostByAddr
WSAAsyncGetProtoByNumber
WSAAsyncGetHostByName
accept
recv
WSAAsyncGetProtoByName
htons
gethostname
listen
setsockopt
gethostbyname
WSAIsBlocking

kernel32

GetStartupInfoA
GetModuleHandleA
GlobalLock
GetFileAttributesW
VirtualAlloc
FlushInstructionCache
FindFirstFileA
CloseHandle
AddAtomA
GetLocaleInfoA
CreateFileMappingW
GetCommandLineW
CreateNamedPipeW
DebugBreak
GetModuleFileNameW
GetSystemTimeAsFileTime
CreateMailslotA
CreateConsoleScreenBuffer
VerLanguageNameW
FileTimeToLocalFileTime
GetTapeStatus
GetSystemDirectoryW
FindResourceExW
DosDateTimeToFileTime
FatalAppExitA
GetConsoleCursorInfo
BackupWrite
GetSystemTimeAdjustment
HeapSize
BuildCommDCBW
GetVersionExW
CreateDirectoryW
CreateFileMappingA
ExitThread
Module32First
BeginUpdateResourceA
GetProfileIntW
EraseTape
FindFirstFileW
CreateMutexA
GetProfileStringA
GetDefaultCommConfigW
GetFileTime

clusapi

ClusterRegSetKeySecurity
CreateClusterResource
SetClusterNetworkName
OpenClusterNetInterface
CloseClusterResource
CreateClusterResourceType
ClusterNodeControl
ClusterGroupOpenEnum
SetClusterNetworkPriorityOrder
GetClusterNodeState
ClusterRegCloseKey
CloseCluster
GetClusterResourceNetworkName
GetClusterGroupState
ClusterNodeCloseEnum
ClusterRegCreateKey

rasapi32

RasGetEntryPropertiesW
RasHangUpA

urlmon

CopyBindInfo
CoInternetQueryInfo
CreateAsyncBindCtxEx
HlinkNavigateString

rpcrt4

NdrMesSimpleTypeDecode
RpcMgmtInqServerPrincNameW
RpcBindingSetOption
NdrSimpleStructMemorySize
I_RpcBindingIsClientLocal
MesHandleFree
NdrConformantVaryingArrayUnmarshall
NdrFullPointerFree
RpcEpUnregister
RpcBindingInqObject
NdrConformantArrayFree
RpcMgmtEnableIdleCleanup
NdrEncapsulatedUnionMemorySize
NdrEncapsulatedUnionMarshall
double_from_ndr
RpcMgmtEpEltInqNextW
RpcBindingInqOption
RpcServerRegisterIfEx
IUnknown_AddRef_Proxy
NdrVaryingArrayUnmarshall
RpcAsyncAbortCall
RpcAsyncInitializeHandle
RpcSsDisableAllocate
NdrXmitOrRepAsFree
NdrConformantStringMemorySize
NdrNonConformantStringMemorySize
RpcEpRegisterNoReplaceA
MesEncodeFixedBufferHandleCreate
NdrConformantArrayMemorySize
RpcStringBindingParseA
NdrConformantStructFree
NdrServerInitializeUnmarshall
char_array_from_ndr
RpcCancelThread
I_RpcGetCurrentCallHandle
RpcServerUseProtseqIfExA
DceErrorInqTextW
RpcStringBindingParseW
NdrComplexArrayUnmarshall
data_size_ndr
RpcBindingCopy
NdrConformantArrayMarshall

nddeapi

ord609
ord505
ord502

msimg32

GradientFill

user32

CreateWindowExA
ShowWindow
UpdateWindow
DefWindowProcA
DestroyWindow
DialogBoxParamA
BeginPaint
GetClientRect
RegisterClassExA
LoadCursorA
LoadIconA
LoadMenuW
EqualRect
DdeAddData
MapVirtualKeyW
DdeKeepStringHandle
DispatchMessageA
TranslateMessage
TranslateAcceleratorA
LoadAcceleratorsA
GetDC
IMPQueryIMEA
ChangeDisplaySettingsExW
CreateDialogParamW
CreateDesktopA
OpenDesktopW
DdeFreeStringHandle
mouse_event
SetThreadDesktop
TabbedTextOutA
DefDlgProcA
GetKeyState
VkKeyScanExA
DrawTextA
PostQuitMessage
LoadBitmapA
BeginDeferWindowPos
GetCaretBlinkTime
CreateAcceleratorTableA
EndDialog
RedrawWindow
GetCaretPos
DrawFrameControl
GetClipboardFormatNameW
ChangeDisplaySettingsExA
GetClassInfoExA
SetWindowWord
MoveWindow
InflateRect
DdeUninitialize
LoadStringA
GetMenuState
OemKeyScan
IsZoomed
IMPSetIMEA
GetClipboardData
ReuseDDElParam
EndDeferWindowPos
SetUserObjectInformationA
DdeQueryConvInfo
GetWindowModuleFileNameA
CountClipboardFormats
GetClassLongW
CharToOemW
CharPrevA
UnionRect
DrawAnimatedRects
GetMessageA
SendIMEMessageExA
DdeSetUserHandle
GetWindowTextLengthW
GetScrollRange
SetCaretPos
IMPSetIMEW
VkKeyScanA
CallMsgFilterA
SetWindowLongA
SetWindowsHookA
CreateIconFromResourceEx
UnhookWinEvent
DispatchMessageW
UnhookWindowsHook
CloseClipboard
SetWindowPos
EnumPropsExW
CreateMDIWindowA

advapi32

SetAclInformation
LookupSecurityDescriptorPartsW
AllocateAndInitializeSid
GetSecurityDescriptorControl
LookupPrivilegeValueA
EnumServicesStatusW
ObjectDeleteAuditAlarmA
EnumDependentServicesA
QueryServiceConfigA
RegSaveKeyA
ReportEventA
GetUserNameA
DuplicateTokenEx
AbortSystemShutdownA
LsaEnumerateAccountRights
RegReplaceKeyA
AccessCheckAndAuditAlarmW
LogonUserW
LsaEnumerateAccountsWithUserRight
IsValidSid
BuildImpersonateTrusteeW
LookupPrivilegeDisplayNameA
SetThreadToken
LogonUserA
ObjectPrivilegeAuditAlarmW
RegUnLoadKeyA
RegisterEventSourceA
LsaSetInformationPolicy
RegEnumValueW
DestroyPrivateObjectSecurity
GetEffectiveRightsFromAclA
SetPrivateObjectSecurity
PrivilegedServiceAuditAlarmW
ChangeServiceConfig2A
ObjectCloseAuditAlarmW
SetSecurityDescriptorSacl
CreateServiceW

imagehlp

SymGetSymPrev
MakeSureDirectoryPathExists
GetImageUnusedHeaderBytes
StackWalk
BindImageEx
SymGetModuleBase

winmm

waveOutGetPosition
midiInClose
waveInGetNumDevs
mixerGetDevCapsA
mciGetCreatorTask
mixerGetControlDetailsA
midiStreamOpen
mmioAdvance
joyReleaseCapture
midiOutGetErrorTextW
mciGetErrorStringA
waveInStop
midiOutGetErrorTextA
mmioFlush
auxGetVolume
mixerSetControlDetails
mmioRenameA
waveOutOpen
mmioOpenW
mmioOpenA
midiInPrepareHeader
mciGetErrorStringW
mmioInstallIOProcW
waveOutGetPitch

lz32

LZRead

oleacc

GetRoleTextW

setupapi

SetupDiGetSelectedDriverA
SetupDiGetDeviceInstanceIdW
SetupDiSetSelectedDevice
SetupInstallServicesFromInfSectionExA
SetupCreateDiskSpaceListW
SetupTermDefaultQueueCallback
SetupSetDirectoryIdExA
SetupDiInstallDeviceInterfaces
SetupCreateDiskSpaceListA
SetupDefaultQueueCallbackW
SetupRemoveSectionFromDiskSpaceListA
SetupCommitFileQueueA
SetupRemoveFromSourceListA
SetupDiSetClassInstallParamsW
SetupDiEnumDeviceInfo
SetupLogFileA
SetupInitializeFileLogA
SetupDiRemoveDevice
SetupQueryInfFileInformationA
SetupDiClassGuidsFromNameExW
SetupDiEnumDriverInfoW
SetupGetStringFieldA
SetupQuerySourceListA
SetupAddToDiskSpaceListW
SetupDiCreateDeviceInterfaceA
SetupDiAskForOEMDisk
SetupDiDeleteDevRegKey
SetupCancelTemporarySourceList
SetupDiUnremoveDevice
SetupTerminateFileLog
SetupDecompressOrCopyFileA
SetupDuplicateDiskSpaceListA

pdh

PdhBrowseCountersA
PdhUpdateLogA
PdhCollectQueryData

winspool.drv

DeviceCapabilitiesW
AddPrintProcessorA
AddPrinterDriverA
DeletePrintProcessorW
AddMonitorW
ClosePrinter
ConnectToPrinterDlg
EnumPrintProcessorDatatypesA
SetPrinterW
EnumPrinterDataA
SetPortA
GetPrinterDataExA
PrinterProperties
AbortPrinter
GetPrinterDriverA
EnumJobsA
EnumPrintProcessorDatatypesW
GetPrinterDriverW
EnumPrintProcessorsA
DeletePrinterDriverW
AddFormA
GetPrinterW

imm32

ImmSetCompositionFontA
ImmGetContext
ImmGetCompositionStringA
ImmGetCandidateListA
ImmGetRegisterWordStyleW
ImmSetCompositionStringW
ImmEscapeA
ImmAssociateContext

wininet

InternetConnectW
FtpOpenFileW
FindCloseUrlCache
InternetCheckConnectionA
GopherFindFirstFileA
InternetCombineUrlA
FindFirstUrlCacheEntryA
InternetReadFileExW
InternetSetFilePointer
InternetConnectA
FtpPutFileW
SetUrlCacheEntryInfoW
GopherFindFirstFileW
HttpAddRequestHeadersW
InternetUnlockRequestFile
GopherCreateLocatorW
SetUrlCacheEntryInfoA
RetrieveUrlCacheEntryFileW
RetrieveUrlCacheEntryStreamW
InternetSetCookieW
FtpSetCurrentDirectoryW

oleaut32

OleLoadPictureEx
VarI4FromCy
VarDecRound
VarBstrFromDisp
VarR4FromI2
VarI2FromI4
VarI1FromR8
VariantChangeTypeEx
SafeArrayCreateVectorEx
VarI4FromUI1
VarDecFromDate
GetAltMonthNames
SafeArrayCopyData
LoadTypeLibEx
ClearCustData
OleCreatePictureIndirect
VarAdd
VarBstrFromCy
SafeArrayGetDim
CreateTypeLib2
VarR8FromUI1
VarUI2FromCy
VarI2FromUI4
VarAbs
VarUI4FromDate
VarUI2FromStr
CreateStdDispatch
VarCyFromI1
VarUI2FromDisp
BSTR_UserUnmarshal
VectorFromBstr
VarUI1FromDisp
VariantTimeToSystemTime
VarFormatDateTime
SysAllocStringByteLen
VARIANT_UserUnmarshal
VarUI2FromR4
OleCreateFontIndirect
VarFormat
VarDecAdd
VarR8Round
VarFormatNumber
SafeArrayUnlock

msi

ord14
ord54
ord53
ord26
ord63
ord28
ord17
ord75
ord40

shlwapi

SHEnumValueW
PathMakeSystemFolderW
SHRegGetUSValueA
PathUnmakeSystemFolderA
PathSearchAndQualifyA
PathIsUNCServerShareW
StrNCatW
PathIsSameRootW
SHDeleteValueA
PathStripPathA
SHRegQueryInfoUSKeyW
PathUnquoteSpacesW
ChrCmpIW
StrFromTimeIntervalA
ChrCmpIA
PathMakePrettyA
PathRelativePathToW
PathIsSystemFolderW
SHRegDeleteEmptyUSKeyA
PathAppendW
PathIsRelativeW
SHSetValueA

Sections

.text
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 377KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8247adfe8b445e100c186c37fc5c6736

Headers

File Characteristics

Imports

msvcrt

resutils

gdi32

mpr

comctl32

netapi32

ole32

comdlg32

shell32

wsock32

kernel32

clusapi

rasapi32

urlmon

rpcrt4

nddeapi

msimg32

user32

advapi32

imagehlp

winmm

lz32

oleacc

setupapi

pdh

winspool.drv

imm32

wininet

oleaut32

msi

shlwapi

Sections

.text Size: 96KB - Virtual size: 95KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 8KB - Virtual size: 377KB

.rsrc Size: 28KB - Virtual size: 24KB

.text
Size: 96KB - Virtual size: 95KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 8KB - Virtual size: 377KB

.rsrc
Size: 28KB - Virtual size: 24KB