083aa942388416bb9688b1a0520ab15c910448c75b75d90a7b6f404f2e105a38

Sharing

Copy URL Twitter E-mail

General

Target

083aa942388416bb9688b1a0520ab15c910448c75b75d90a7b6f404f2e105a38
Size

84KB
MD5

9609a58f9322b44f2276e66e2ef40021
SHA1

8c45810df8635cccc550c44399f4987cd81c6712
SHA256

083aa942388416bb9688b1a0520ab15c910448c75b75d90a7b6f404f2e105a38
SHA512

3db7f3eae150bc828e774c99ad33b9a8a40332ac957644b5f0128c3301bf4baf920e7f0187d55b31fd18b710cc9dae09c8745003f5613615fbfbb9289b5c95ec
SSDEEP

1536:l+aBfSU8o+4w4GdB4KIBp7UC3wDsyZupVIus4UP:l+aQLoZGdTIcC3wDsyZupVIulUP

Score

N/A

Malware Config

Signatures

Files

083aa942388416bb9688b1a0520ab15c910448c75b75d90a7b6f404f2e105a38
.exe windows x86

cef4c4cf38a21b7ae4722224738f5507

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

ntdll

strtoul
strlen
labs
ispunct
atoi
towlower
iswlower
isxdigit
iswxdigit
memmove
sprintf
isalnum
strncpy
iswdigit
strcpy
wcsncmp
isalpha
strcspn
isgraph
strtol
qsort
mbstowcs
tolower
wcstoul
toupper
isdigit
_chkstk
strncat

urlmon

HlinkNavigateMoniker
ReleaseBindInfo
CreateAsyncBindCtx
CreateURLMonikerEx
RevokeFormatEnumerator
GetClassURL
RegisterFormatEnumerator
FaultInIEFeature
GetClassFileOrMime
FindMediaTypeClass
CoInternetCreateSecurityManager

mprapi

MprConfigTransportGetInfo
MprAdminServerGetInfo
MprConfigTransportCreate
MprInfoRemoveAll
MprConfigInterfaceTransportAdd
MprAdminMIBEntrySet
MprAdminMIBEntryGet
MprConfigInterfaceCreate
MprAdminConnectionGetInfo
MprConfigInterfaceTransportSetInfo
MprAdminDeviceEnum

msvcrt

vfprintf
wscanf
setbuf
mbtowc
wcstod
perror
putwc
fgetpos
putchar
fgetc
srand
setlocale
getwc
fseek
vprintf
iswalnum
scanf
mblen
strtod
system
getc
tmpfile
fwrite
strcoll
wcscoll
ferror
feof
strxfrm
iswupper
fgets
fgetwc
fputws
vwprintf
exit
fputc
rename

pdh

PdhCalculateCounterFromRawValue
PdhRemoveCounter
PdhGetDataSourceTimeRangeA
PdhGetCounterInfoW
PdhLookupPerfNameByIndexW
PdhGetLogFileSize
PdhMakeCounterPathW
PdhExpandWildCardPathW
PdhReadRawLogRecord
PdhCloseQuery
PdhGetRawCounterValue
PdhGetCounterInfoA

gdi32

SetEnhMetaFileBits

user32

CreateMDIWindowW
DrawTextA
DrawFocusRect
EnableWindow
LoadCursorW
SetPropW
wvsprintfW
EndDialog
IsWindowEnabled
IsCharAlphaW
SendMessageW
GetLastActivePopup
InSendMessageEx
MessageBoxW
RegisterWindowMessageW
GetKeyboardLayoutList
GetProcessWindowStation
EnumDisplayDevicesW
ScreenToClient
LoadStringW
SetWindowTextA
GetClassLongA
AnimateWindow
MessageBeep
SetDlgItemTextW
GetThreadDesktop
GetWindowTextW
FindWindowExA
OpenInputDesktop
RemovePropW
LoadMenuA
TabbedTextOutW

clusapi

ClusterRegSetKeySecurity
SetClusterResourceName
ClusterGroupCloseEnum
ClusterRegCloseKey
ClusterNodeControl
OfflineClusterResource
ClusterEnum
GetClusterResourceTypeKey
GetClusterInformation
RemoveClusterResourceDependency
AddClusterResourceNode
OpenCluster
GetClusterResourceKey
ClusterNetworkEnum
PauseClusterNode
ClusterRegQueryInfoKey
ClusterRegOpenKey

kernel32

GetLogicalDriveStringsW
IsBadHugeReadPtr
GetProcessHeaps
GetBinaryTypeW
AddAtomW
RegisterWaitForSingleObject
SetUnhandledExceptionFilter
CreateFiberEx
IsBadWritePtr
VirtualAllocEx
GetVolumeInformationA
LocalHandle
SetFileApisToANSI
GetComputerNameW
EnumTimeFormatsA
ReadConsoleOutputCharacterW
EnumTimeFormatsW
MoveFileExA
SetFileValidData
GetEnvironmentStringsW
ReadFileEx
PeekNamedPipe
TransmitCommChar
GetThreadTimes
SetProcessWorkingSetSize
SetWaitableTimer
UnhandledExceptionFilter
GetThreadLocale
SetStdHandle
WritePrivateProfileStringW
SetConsoleTitleW
VirtualUnlock
GetEnvironmentStrings
DeleteFileW
CreateRemoteThread
GetCommModemStatus
InterlockedIncrement
LoadLibraryExW
BeginUpdateResourceW
WriteConsoleA
TerminateThread
GetTempFileNameW
GetFirmwareEnvironmentVariableW
FreeUserPhysicalPages
DecodeSystemPointer
SwitchToThread
SetTapeParameters
Module32FirstW
CreateMailslotW
GetThreadSelectorEntry
GlobalCompact
SetCommTimeouts
EnterCriticalSection
GetFileAttributesW
PostQueuedCompletionStatus
SetProcessShutdownParameters
GetEnvironmentVariableW
MoveFileW
RemoveDirectoryW
QueryDosDeviceA
UpdateResourceA
WideCharToMultiByte
GetComputerNameA
FreeEnvironmentStringsW
EnumResourceTypesW
GetNamedPipeHandleStateW
OpenFile
SetThreadLocale
MoveFileWithProgressW
SetFilePointerEx
ReadDirectoryChangesW
OpenProcess
VirtualQuery
GlobalAddAtomA
HeapAlloc
ReadConsoleInputA
GetDiskFreeSpaceExA
CreateFileMappingA
GetDefaultCommConfigA
CreateJobObjectW
IsWow64Process
TerminateJobObject
ExpandEnvironmentStringsA
DisconnectNamedPipe
EnumResourceLanguagesW
CreateDirectoryExA
LoadLibraryW
RequestWakeupLatency
GetStartupInfoW
DeleteTimerQueueTimer
GetConsoleCP
HeapFree
SetFirmwareEnvironmentVariableW
GetConsoleScreenBufferInfo
BuildCommDCBAndTimeoutsW
QueryDosDeviceW
GetAtomNameW
GetACP
FindNextVolumeW
GetPrivateProfileSectionA
GetFirmwareEnvironmentVariableA
GetShortPathNameA
ScrollConsoleScreenBufferW
Thread32First
SetConsoleCursorPosition
FindFirstVolumeW
ExpandEnvironmentStringsW
GetNumberFormatA
WriteProfileSectionA
SetEvent
IsBadStringPtrA
GetSystemDefaultLangID
Module32First
WaitForMultipleObjectsEx
EnumUILanguagesA
WaitCommEvent
GetProcessWorkingSetSize
FillConsoleOutputCharacterA
GetFileAttributesExW
LoadLibraryExA
FindFirstFileExA
CancelIo
GetVolumePathNamesForVolumeNameA
EraseTape
PeekConsoleInputA
GetDriveTypeW
Process32FirstW
DnsHostnameToComputerNameA
GetFileAttributesA
LocalAlloc
GetProcAddress
InterlockedExchange
LockFile
HeapSetInformation
FindNextFileA
GetModuleHandleW
GetLastError
ExitThread
lstrcmpiW
SetCommMask
GetVolumeNameForVolumeMountPointW
AreFileApisANSI
ChangeTimerQueueTimer
FindActCtxSectionStringW
CopyFileExA
DefineDosDeviceA
GlobalFlags
BackupWrite
SetTimerQueueTimer
ConvertThreadToFiber
EncodeSystemPointer
GetSystemTimeAdjustment
CommConfigDialogA
CopyFileW
DeleteVolumeMountPointA
GetProfileIntW
WriteFileGather
ReadConsoleOutputCharacterA
DeleteFiber
CreateDirectoryExW
GetPrivateProfileSectionNamesA
FindNextVolumeA
VirtualProtect
GetExitCodeProcess
SetConsoleTextAttribute
GetCurrentThread
CompareFileTime
OpenJobObjectW
GetConsoleDisplayMode
GlobalFree
GetDiskFreeSpaceA
ResetWriteWatch
DebugBreak
LoadLibraryA
ReleaseMutex
Heap32ListNext
lstrlenW
ResumeThread
BackupRead
GetModuleFileNameA
FillConsoleOutputAttribute
AddAtomA
DeleteVolumeMountPointW
SetConsoleTitleA
DisableThreadLibraryCalls
SuspendThread
GetAtomNameA
GetComputerNameExA
InterlockedPushEntrySList
FormatMessageA
BuildCommDCBW
GetConsoleMode
CreateJobObjectA
QueryPerformanceCounter
FatalAppExitA
SetSystemTime
SetVolumeLabelW
FindActCtxSectionGuid
LocalFlags
CreateTimerQueueTimer
CreateProcessA
MulDiv
SetCommState
GetPrivateProfileStringW
GetWindowsDirectoryA
WaitForDebugEvent
GetNumberOfConsoleInputEvents
GetProfileStringW
CreateFileW
SetFileShortNameA
GetStringTypeW
WriteProfileStringW
IsBadHugeWritePtr
InterlockedFlushSList
QueueUserWorkItem
GetConsoleWindow
SwitchToFiber
FindAtomW
GetDiskFreeSpaceW
SetSystemPowerState
GetSystemPowerStatus
GetTempFileNameA
GetProcessAffinityMask
DeleteCriticalSection
VirtualFree
FindNextVolumeMountPointW
WriteConsoleW
SystemTimeToFileTime
GetPrivateProfileStructW
CreateSemaphoreW
UpdateResourceW
GetMailslotInfo
OutputDebugStringA
VirtualAlloc
WritePrivateProfileStructW
GetUserGeoID
HeapReAlloc
BuildCommDCBAndTimeoutsA
DeviceIoControl
GetNamedPipeHandleStateA
GetTimeZoneInformation
HeapQueryInformation
SetThreadAffinityMask
GetFileTime
TryEnterCriticalSection
AttachConsole
GetSystemRegistryQuota
CreateTapePartition
AddVectoredExceptionHandler
GetProfileStringA
DebugSetProcessKillOnExit
OpenFileMappingA
Process32NextW
ResetEvent
GetFileInformationByHandle
GetConsoleProcessList
GetSystemTimeAsFileTime
GlobalGetAtomNameW
TlsFree
RaiseException
GlobalGetAtomNameA
GlobalLock
SetThreadContext
GetOEMCP
GetCalendarInfoA
TlsAlloc
SetDefaultCommConfigW
Process32Next
FreeLibrary
GetCurrencyFormatW
GetCommTimeouts
GetLargestConsoleWindowSize
GetSystemDefaultUILanguage
ReleaseActCtx
VirtualProtectEx
PeekConsoleInputW
lstrcatW
ReadFileScatter
GetModuleFileNameW
TlsSetValue
ContinueDebugEvent
BackupSeek
Heap32First
GetLocalTime
GetCommMask
WriteConsoleInputW
GetLogicalDrives
DebugBreakProcess
CreateMutexW
FindResourceW
GetCurrentDirectoryW
lstrcpynA
CompareStringW
DeleteTimerQueueEx
GetTapeParameters
DeactivateActCtx
SetConsoleActiveScreenBuffer
SetFileAttributesA
FormatMessageW
GetShortPathNameW
FindFirstVolumeA
WriteProcessMemory
GetProcessHandleCount
MapUserPhysicalPages
GetStringTypeA
VirtualQueryEx
WriteConsoleOutputAttribute
ReadFile
ReadConsoleInputW
CreateDirectoryW
GetLocaleInfoA
UnlockFile
EnumDateFormatsA
QueryDepthSList
CancelTimerQueueTimer
ProcessIdToSessionId
FatalExit
CreateJobSet
FindClose
GetExitCodeThread
Sleep
DefineDosDeviceW
CreateProcessW
GetVolumeNameForVolumeMountPointA
GetDevicePowerState
EnumResourceTypesA
FindResourceA
LocalLock
CompareStringA
FoldStringA
EscapeCommFunction
EnumResourceLanguagesA
RemoveDirectoryA
GlobalUnWire
lstrlenA
FindVolumeMountPointClose
IsValidCodePage
GetProcessTimes
SetConsoleWindowInfo
VerLanguageNameA
LCMapStringA
SetThreadExecutionState
lstrcmpiA
lstrcmpA
EnumCalendarInfoA
GetSystemTime
ConnectNamedPipe
GetSystemDirectoryA
SetTimeZoneInformation
GenerateConsoleCtrlEvent
FindNextFileA
SetCurrentDirectoryA
IsBadStringPtrW
OutputDebugStringW
GetStringTypeExW
GetProfileIntA
GetCompressedFileSizeW
OpenSemaphoreA
MapViewOfFileEx
LocalCompact
GetCommandLineW
InterlockedPopEntrySList
GetPrivateProfileIntW
GetCurrencyFormatA
FileTimeToSystemTime
EnumDateFormatsExW
lstrcmpW
FindFirstFileExW
WritePrivateProfileStringA
FreeEnvironmentStringsA
CreatePipe
EnumResourceNamesW
GetSystemInfo
SetFirmwareEnvironmentVariableA
GetCPInfoExW
ReadConsoleOutputA
EnumUILanguagesW
EnumSystemLanguageGroupsA
GetVolumePathNameW
GetTapeStatus
IsDBCSLeadByte
GetStringTypeExA
LocalFileTimeToFileTime
Thread32Next
SetConsoleCursorInfo
CreateEventW
SetThreadPriorityBoost
ReplaceFileW
FlushViewOfFile
FindAtomA
Toolhelp32ReadProcessMemory
GetWindowsDirectoryW
QueryMemoryResourceNotification
GetOverlappedResult
UnmapViewOfFile

oleaut32

VarR4CmpR8
VarBstrFromR8
VarI4FromR4
VarCyRound
VarCyFromI1
VarCyFromUI2
VarUI4FromBool
VarUI2FromStr

Sections

.text
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sadf112
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mal
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cef4c4cf38a21b7ae4722224738f5507

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

urlmon

mprapi

msvcrt

pdh

gdi32

user32

clusapi

kernel32

oleaut32

Sections

.text Size: 56KB - Virtual size: 56KB

.data Size: 4KB - Virtual size: 8KB

.sadf112 Size: 12KB - Virtual size: 12KB

.mal Size: 4KB - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 952B

.text
Size: 56KB - Virtual size: 56KB

.data
Size: 4KB - Virtual size: 8KB

.sadf112
Size: 12KB - Virtual size: 12KB

.mal
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 952B