67337d02f07e6be80ec0041f2d48debee5a5c6197551ac3d0e21e02b17e674da

Sharing

Copy URL

Twitter E-mail

General

Target

67337d02f07e6be80ec0041f2d48debee5a5c6197551ac3d0e21e02b17e674da
Size

284KB
MD5

192ada8ded31645f8c54e96e793417cb
SHA1

1943528aa0cde75d80cb16242b7d9139a2b37f39
SHA256

67337d02f07e6be80ec0041f2d48debee5a5c6197551ac3d0e21e02b17e674da
SHA512

e67d7b3f6341f2f100a3b302c8f99adeab5463299c6aa7f196e09973e920f6666346b08a455563b65d2cd06537bb4e9b319bc7501df5324308d96ed80d34ca4c
SSDEEP

6144:55kVcVK6vWw0UGcZ0PHVF3Q9J5WgKvhpBaI:ycVKtwicZc169fWvhTaI

Score

N/A

Malware Config

Signatures

Files

67337d02f07e6be80ec0041f2d48debee5a5c6197551ac3d0e21e02b17e674da
.exe windows x86

9332e8f03f54841929e831e36b7e4c54

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

htonl
inet_addr

msi

ord27
ord50
ord62
ord65

clusapi

SetClusterNetworkPriorityOrder
GetClusterNetInterface
ClusterNetworkControl
ClusterRegQueryValue
ClusterEnum
ClusterNetworkCloseEnum
RemoveClusterResourceNode
ClusterRegGetKeySecurity
ClusterResourceTypeControl

olepro32

ord254
ord249

oleaut32

VarDecDiv
VARIANT_UserUnmarshal
VarImp
VarBoolFromUI4
VarCyFromR8
VariantTimeToSystemTime
VarI2FromBool
SafeArraySetRecordInfo
CreateTypeLi
VarBoolFromDate
VarDiv
BSTR_UserMarshal
VarBstrFromCy
LoadTypeLi
VarDecFromBool
VarUI4FromDate
VarCyFromDec

pdh

PdhGetDefaultPerfObjectW
PdhEnumObjectItemsA

comdlg32

GetOpenFileNameA

rasapi32

RasGetEntryDialParamsA
RasGetProjectionInfoA
RasValidateEntryNameW

kernel32

CopyFileW
CallNamedPipeA
CreatePipe
GetConsoleCursorInfo
HeapSize
CreateProcessA
GetSystemInfo
GetPrivateProfileSectionA
BackupWrite
GetTapeParameters
GlobalUnWire
VirtualAlloc
GetModuleHandleW
CreateProcessW
FreeResource
EnumTimeFormatsA
GetTempPathW
GetCurrencyFormatA
CreateDirectoryW
EnumResourceNamesA
GetProfileIntA
GetModuleHandleA
GetStartupInfoA

ole32

CreatePointerMoniker
CoLockObjectExternal
CoFreeUnusedLibraries
IIDFromString
CoLoadLibrary
MonikerCommonPrefixWith
OleCreateDefaultHandler
CoUninitialize
STGMEDIUM_UserMarshal
OleRegGetMiscStatus
OleCreateEmbeddingHelper
CoGetInterfaceAndReleaseStream
CoIsHandlerConnected

user32

SubtractRect
PostQuitMessage
SetSystemCursor
DrawTextA
IsWindow
GetClientRect
BeginPaint
DialogBoxParamA
EnumDesktopsA
CopyIcon
DestroyWindow
DefWindowProcA
EndDialog
CreateWindowExA
LoadIconA
LoadCursorA
GetClipboardOwner
RegisterClassExA
IsChild
DlgDirSelectComboBoxExA
DrawTextExW
DdeFreeDataHandle
ShowWindow
UpdateWindow
SetRect
GetClipCursor
DestroyCursor
OpenWindowStationA
ExitWindowsEx
DialogBoxParamW
SetRectEmpty
LoadStringA
keybd_event
DragDetect
SendMessageW
LoadAcceleratorsA
GetMessageA
TranslateAcceleratorA
OemKeyScan
TranslateMessage
DispatchMessageA
CheckMenuRadioItem

resutils

ResUtilDupParameterBlock
ResUtilFindDwordProperty

nddeapi

ord607

netapi32

NetSessionGetInfo

winmm

midiInStart
midiInGetErrorTextA
waveOutMessage
PlaySoundA
midiOutOpen
waveOutGetDevCapsW
auxGetDevCapsA
midiOutGetErrorTextA

winspool.drv

ClosePrinter
EnumJobsA
EnumFormsW

wininet

FtpDeleteFileA
GopherOpenFileW
InternetAutodialHangup
FindFirstUrlCacheEntryW
RetrieveUrlCacheEntryStreamW
DeleteUrlCacheGroup
FtpOpenFileW
InternetOpenUrlA

gdi32

GetCharWidthFloatW
CreatePenIndirect
GetKerningPairsA
GetROP2
PlayMetaFile
GetEnhMetaFileBits
SetColorSpace
CreatePatternBrush
EnumFontFamiliesW
GetStockObject
GetMetaRgn
EnumICMProfilesA
SetTextCharacterExtra
PolyPolyline

shell32

ExtractIconW
SHFileOperationA
StrChrIW

shlwapi

SHEnumValueA
PathIsUNCServerA
SHRegEnumUSKeyA
SHRegGetBoolUSValueA
StrCmpIW
PathIsPrefixW
SHOpenRegStreamW
PathQuoteSpacesA

setupapi

SetupDiSelectOEMDrv
SetupDiCreateDeviceInfoListExW
SetupDiOpenClassRegKey
SetupGetStringFieldW
SetupPromptForDiskW
SetupDiOpenDeviceInfoW
SetupDiSetClassInstallParamsW

comctl32

PropertySheetA
ImageList_Remove
ImageList_DragLeave
ImageList_DragShowNolock

imagehlp

SymGetSymFromAddr
ImagehlpApiVersion
UnMapAndLoad

advapi32

FindFirstFreeAce
AddAuditAccessAce
MakeSelfRelativeSD
ClearEventLogA
IsTextUnicode
RegQueryValueExW
GetAuditedPermissionsFromAclA
BuildExplicitAccessWithNameW
RegSetValueW
BuildExplicitAccessWithNameA
InitiateSystemShutdownW
GetFileSecurityW
BuildImpersonateExplicitAccessWithNameA
AdjustTokenGroups

imm32

ImmGetIMEFileNameW
ImmSetStatusWindowPos
ImmGetCompositionWindow
ImmCreateContext

msvcrt

_XcptFilter
_exit
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_onexit
__dllonexit
_controlfp
__set_app_type
_except_handler3

rpcrt4

RpcMgmtInqDefaultProtectLevel
I_RpcServerInqTransportType
RpcAsyncInitializeHandle
NdrRpcSmClientAllocate
RpcImpersonateClient
UuidEqual
NdrServerInitializeMarshall
RpcServerUseAllProtseqsIfEx
NdrClientInitialize
RpcEpRegisterNoReplaceW
RpcBindingSetAuthInfoW
RpcBindingInqAuthInfoExA
NdrComplexStructUnmarshall
UuidToStringA
I_RpcFreePipeBuffer
NdrUserMarshalSimpleTypeConvert
NdrRpcSsDefaultFree

Sections

.text
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 552KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9332e8f03f54841929e831e36b7e4c54

Headers

File Characteristics

Imports

wsock32

msi

clusapi

olepro32

oleaut32

pdh

comdlg32

rasapi32

kernel32

ole32

user32

resutils

nddeapi

netapi32

winmm

winspool.drv

wininet

gdi32

shell32

shlwapi

setupapi

comctl32

imagehlp

advapi32

imm32

msvcrt

rpcrt4

Sections

.text Size: 52KB - Virtual size: 50KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 552KB

.rsrc Size: 28KB - Virtual size: 24KB

.text
Size: 52KB - Virtual size: 50KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 552KB

.rsrc
Size: 28KB - Virtual size: 24KB