53d669a076616723136d93d74ab3605a39de870238d0cada50d3a7d2eb955435

Sharing

Copy URL

Twitter E-mail

General

Target

53d669a076616723136d93d74ab3605a39de870238d0cada50d3a7d2eb955435
Size

639KB
MD5

d4821ef66a71768ffbcf390cbabcdca0
SHA1

653b0c0c244846a961c6034d02cd97c3fec6458b
SHA256

53d669a076616723136d93d74ab3605a39de870238d0cada50d3a7d2eb955435
SHA512

a8ca5f479c77c6da48a13e71eed8a698368a2da8c12cab8aa8de50a5f24dc0467f5a97aab21f07c1dfbb2548a78bf9c27f9672ab8052fbb33c92ce9cd872132e
SSDEEP

12288:PfVHLSX/d9bIxpyWmfA33EVdawVrdylKNdWGG44yw5WVZaHIrhAlEfx:dwdKyWmfA3UVoaJylKNaHuh

Score

N/A

Malware Config

Signatures

Files

53d669a076616723136d93d74ab3605a39de870238d0cada50d3a7d2eb955435
.dll windows x86

e1cfcb520ea7c8cf0632c6c874c15ddb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

AddAuditAccessAce
SetEntriesInAclW
InitializeSecurityDescriptor
GetServiceKeyNameW
ConvertStringSDToSDRootDomainA
RegisterServiceCtrlHandlerA
PrivilegedServiceAuditAlarmW
SetTraceCallback
ConvertStringSidToSidA
AddAccessDeniedAce
ElfCloseEventLog
RegDeleteKeyW
SystemFunction018
GetExplicitEntriesFromAclW
CryptSignHashW
GetUserNameA
ProcessTrace
CryptDuplicateKey
RegOpenKeyExW
LookupPrivilegeDisplayNameA
OpenBackupEventLogA
LsaOpenPolicy
EqualPrefixSid
LsaSetDomainInformationPolicy
IsValidSecurityDescriptor
SetAclInformation
SystemFunction011
ElfOldestRecord
ConvertStringSidToSidW
GetNumberOfEventLogRecords

iphlpapi

GetIfTable
CreateProxyArpEntry
SetAdapterIpAddress
SetIpForwardEntry
InternalSetIfEntry
GetAdapterIndex
UnenableRouter
CreateIpForwardEntry
InternalGetTcpTable
GetIpAddrTable
GetBestRoute
GetRTTAndHopCount
InternalDeleteIpForwardEntry
InternalSetIpStats
NotifyAddrChange
GetUdpTable
NhGetGuidFromInterfaceName
AllocateAndGetIpAddrTableFromStack
InternalCreateIpNetEntry
DeleteProxyArpEntry
IpReleaseAddress
DeleteIpNetEntry

urlmon

CopyBindInfo
GetClassFileOrMime
CoInternetCompareUrl
RegisterMediaTypeClass
BindAsyncMoniker
FaultInIEFeature
ObtainUserAgentString
URLDownloadToCacheFileA
CoInternetGetSecurityUrl
URLDownloadW
URLOpenBlockingStreamA
HlinkNavigateMoniker
RevokeFormatEnumerator
CoInternetQueryInfo
URLOpenBlockingStreamW
Extract
HlinkGoForward
FindMediaTypeClass
WriteHitLogging
IsLoggingEnabledA
RegisterFormatEnumerator
IsValidURL
SetSoftwareUpdateAdvertisementState
CreateAsyncBindCtxEx

ole32

CoReleaseMarshalData
HPALETTE_UserSize
GetHookInterface
StgOpenStorage
HGLOBAL_UserUnmarshal
DoDragDrop
OleCreateFromFile
HICON_UserFree
CoFreeUnusedLibraries
IsValidInterface
EnableHookObject
StgOpenStorageEx
GetDocumentBitStg
CoQueryClientBlanket
CoInitializeWOW
CoUnmarshalHresult
HMETAFILE_UserFree
CreateDataCache
CoSetProxyBlanket
OleCreate
RevokeDragDrop
STGMEDIUM_UserMarshal
PropSysAllocString
CoSwitchCallContext
GetConvertStg
OleFlushClipboard
CoBuildVersion
OleSetClipboard
CoDisconnectObject
WdtpInterfacePointer_UserMarshal
OleCreateFromFileEx

kernel32

DeleteTimerQueueEx
SetVolumeMountPointA
InterlockedDecrement
LockFileEx
EnumLanguageGroupLocalesA

setupapi

SetupDiGetClassImageListExA
SetupDiGetClassDevsA
CM_Get_DevNode_Status_Ex
SetupQueryFileLogA
CM_Get_Device_Interface_List_SizeA
CM_Test_Range_Available
SetupDiChangeState
SetupDiUnremoveDevice
SetupDiGetClassDescriptionExA
CM_Get_Device_ID_List_Size_ExA
SetupDiGetClassDescriptionExW
SetupDiGetActualSectionToInstallA
SetupCommitFileQueueA
CM_Query_And_Remove_SubTreeA
CM_Get_Version_Ex
CM_Set_HW_Prof_FlagsW
CM_Free_Res_Des_Ex
SetupDiGetDriverInstallParamsW
CM_Get_First_Log_Conf
SetupFindNextLine
SetupDiOpenDeviceInterfaceA
CM_Get_Depth_Ex
SetupDiBuildClassInfoList
SetupQueueDeleteA
SetupDiGetINFClassA
CM_Set_HW_Prof_Flags_ExA
CM_Connect_MachineA
SetupQueueRenameW
SetupGetBackupInformationA
CM_Request_Device_EjectW
SetupRemoveInstallSectionFromDiskSpaceListA

Exports

Exports

@@Land@Finalize
@@Land@Initialize
CPlApplet
_AppletModule1AppletModule
___CPPdebugHook

Sections

.text
Size: 526KB - Virtual size: 525KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 55KB - Virtual size: 687KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e1cfcb520ea7c8cf0632c6c874c15ddb

Headers

File Characteristics

Imports

advapi32

iphlpapi

urlmon

ole32

kernel32

setupapi

Exports

Exports

Sections

.text Size: 526KB - Virtual size: 525KB

.data Size: 55KB - Virtual size: 687KB

.rdata Size: 13KB - Virtual size: 12KB

.rsrc Size: 36KB - Virtual size: 35KB

.reloc Size: 7KB - Virtual size: 8KB

.edata Size: 512B - Virtual size: 4KB

.text
Size: 526KB - Virtual size: 525KB

.data
Size: 55KB - Virtual size: 687KB

.rdata
Size: 13KB - Virtual size: 12KB

.rsrc
Size: 36KB - Virtual size: 35KB

.reloc
Size: 7KB - Virtual size: 8KB

.edata
Size: 512B - Virtual size: 4KB