ad9204ffb0c9304e4751ce5da54963e6e907a80f95cc3d28ea1bdb05889fe45e

Sharing

Copy URL

Twitter E-mail

General

Target

ad9204ffb0c9304e4751ce5da54963e6e907a80f95cc3d28ea1bdb05889fe45e
Size

615KB
MD5

a57b57ee82abe41abd34c15d3dab6025
SHA1

47d5d770bb50e4bd85d7303bc99a2126b1d4b207
SHA256

ad9204ffb0c9304e4751ce5da54963e6e907a80f95cc3d28ea1bdb05889fe45e
SHA512

028de5a4cd0587d02ce389109b3bcc02bd35d5e0d42fdcd686dc5b7fe732cd15c92d39e1c61a3cfb3d174d117dfb156b38370f1137990f8126bc6a54d2a176ee
SSDEEP

12288:RgEovyJR0lsbVtzD0Hg1PIn7z7KNcx5rPPucjdwRZXNnZybEk00:yELJGubzD0HjKWx5z2cjSnZ/0

Score

N/A

Malware Config

Signatures

Files

ad9204ffb0c9304e4751ce5da54963e6e907a80f95cc3d28ea1bdb05889fe45e
.exe windows x86

1376c46a814d3479f666cc2bad3c4746

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_APPCONTAINER

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

user32

GetCaretPos
PostMessageA
LoadImageA
SetCursorPos
GetMessageA
GetWindowTextA
DialogBoxParamA
wsprintfA
IsCharLowerA
IsZoomed
DrawIcon
LoadCursorA
GetWindowLongA
DispatchMessageA
CreateWindowExA

kernel32

CopyFileA
PurgeComm
CompareStringA
GetProcessTimes
GetModuleHandleA
CreateMutexA
GetDiskFreeSpaceA
InterlockedDecrement
GetTickCount
GetBinaryTypeA
GetNumberFormatA
InterlockedExchange
CloseHandle
GetProcAddress
GetComputerNameA
GetFullPathNameA
ReadFile
GetTimeFormatA
SetEndOfFile
GetCurrentDirectoryA
GetProcessHeap
CreateSemaphoreA
GetConsoleTitleA

onex

OneXDeInitialize
OneXInitialize
OneXAddTLV
OneXFreeMemory

wtsapi32

WTSEnumerateServersA
WTSQueryUserToken
WTSSendMessageA
WTSCloseServer
WTSWaitSystemEvent
WTSVirtualChannelWrite
WTSVirtualChannelQuery
WTSVirtualChannelClose
WTSSetUserConfigA
WTSSetSessionInformationA
WTSEnumerateSessionsA
WTSRegisterSessionNotification
WTSVirtualChannelOpen
WTSEnumerateProcessesA
WTSUnRegisterSessionNotification

shimeng

SE_IsShimDll
SE_InstallBeforeInit
SE_InstallAfterInit
SE_DllLoaded
SE_ProcessDying

msimg32

AlphaBlend
DllInitialize
TransparentBlt
GradientFill
vSetDdrawflag

shlwapi

UrlIsNoHistoryA
UrlIsOpaqueA
UrlCreateFromPathA
UrlCompareA
PathCommonPrefixA
UrlUnescapeA
UrlHashA
UrlCanonicalizeA
PathCombineA
PathCompactPathA
UrlGetPartA
UrlGetLocationA
UrlEscapeA
UrlIsA

cabinet

FCIAddFile
FCIDestroy
FCIFlushCabinet
FCICreate

Sections

.text
Size: 598KB - Virtual size: 598KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1376c46a814d3479f666cc2bad3c4746

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

onex

wtsapi32

shimeng

msimg32

shlwapi

cabinet

Sections

.text Size: 598KB - Virtual size: 598KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 1024B - Virtual size: 44KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 598KB - Virtual size: 598KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 1024B - Virtual size: 44KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 9KB - Virtual size: 9KB