fce883ce276f2f50ddea6bfdc07cd6c7860ffad68c6a03f7485700088b9e72ff

Sharing

Copy URL Twitter E-mail

General

Target

fce883ce276f2f50ddea6bfdc07cd6c7860ffad68c6a03f7485700088b9e72ff
Size

132KB
MD5

3457a784c0e902866ecac662b2bdd048
SHA1

af57af0581de5f407af4fb636302eb2f84faae07
SHA256

fce883ce276f2f50ddea6bfdc07cd6c7860ffad68c6a03f7485700088b9e72ff
SHA512

92d8f56c900601ab042c44e8c731e613ed3769da4a2aa0d24f10e39ca9080c00403c9ca148843f99b8f77741952590c7368f1fccea07e938ccd9be0638822546
SSDEEP

3072:uPhAvGac2VIaNqqHhOaFsk55WhWod/YMlkn7CxzRArVsK:0WeTa0e5Fsk5gIoJVknOxzRAreK

Score

N/A

Malware Config

Signatures

Files

fce883ce276f2f50ddea6bfdc07cd6c7860ffad68c6a03f7485700088b9e72ff
.exe windows x86

d4950367a6751c6b6ad489467f0bab3d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

nddeapi

ord502
ord612

msi

ord36
ord60
ord25
ord164

comctl32

ord17
ImageList_DragLeave
ImageList_SetDragCursorImage

ole32

CoGetStdMarshalEx
OleGetClipboard
CoLockObjectExternal
StgOpenPropStg
CoCreateInstance
FmtIdToPropStgName
CoAddRefServerProcess
OleGetAutoConvert
MonikerCommonPrefixWith
OleDestroyMenuDescriptor
RegisterDragDrop
StringFromGUID2

setupapi

SetupDecompressOrCopyFileW
SetupGetInfFileListA
SetupDiLoadClassIcon
SetupDiCreateDeviceInterfaceRegKeyW
SetupDiDrawMiniIcon
SetupGetLineTextW
SetupAddToSourceListA
SetupRemoveInstallSectionFromDiskSpaceListA
SetupCloseLog
SetupInstallFromInfSectionA
SetupDiSetSelectedDriverA

gdi32

GetRegionData
EnumEnhMetaFile
SetTextJustification
CreateRectRgnIndirect
CreatePen
GetMetaRgn
ExtTextOutA
CreateDIBSection
GetDIBits
GetClipBox
SetStretchBltMode
FlattenPath
DeleteMetaFile
SetGraphicsMode
EndPage
CreateColorSpaceW
GetTextColor
CreateMetaFileW
StartDocA
SetWorldTransform
UnrealizeObject
GetTextFaceA
ExcludeClipRect
ScaleViewportExtEx

urlmon

CopyStgMedium
MkParseDisplayNameEx

winspool.drv

DeleteFormW
DeletePrinterDriverExW
EnumPrintProcessorDatatypesW
AddPrinterConnectionA
ReadPrinter
EnumPrintProcessorDatatypesA

rasapi32

RasGetEntryPropertiesA

winmm

mmioDescend
midiOutShortMsg
mixerSetControlDetails
mmioInstallIOProcW
mixerGetNumDevs
midiStreamProperty
waveInUnprepareHeader
waveInGetPosition
midiOutClose

mpr

WNetEnumResourceA
WNetOpenEnumA

shell32

SHGetSpecialFolderPathA
StrCmpNIW
SHGetSettings
StrStrIW
StrChrW
ShellExecuteExA

kernel32

GetModuleHandleA
GetStartupInfoA
GetNumberOfConsoleMouseButtons
FlushFileBuffers
EnumTimeFormatsA
FreeResource
GetLongPathNameA
GetCommMask
FindNextChangeNotification
VirtualAlloc
GetPrivateProfileSectionNamesW
DisconnectNamedPipe
CreateEventW
CreateEventA
EscapeCommFunction
GetVersion
GetVersionExW
Heap32ListNext
ClearCommBreak
FindFirstChangeNotificationA
GetExitCodeThread
FindNextFileA
GetCPInfo
GetCommandLineA
GetThreadTimes
CreateIoCompletionPort
GetDriveTypeW

imm32

ImmGetDescriptionW

comdlg32

ChooseFontW
GetOpenFileNameA

resutils

ResUtilSetPropertyTable
ResUtilGetResourceNameDependency

imagehlp

MapDebugInformation
SymSetOptions
ImageGetCertificateData
ImageGetCertificateHeader
ImageNtHeader
ImageRvaToVa

msvcrt

_except_handler3
_onexit
_controlfp
__dllonexit
__set_app_type
__getmainargs
_acmdln
exit
_XcptFilter
_exit
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_initterm

clusapi

GetClusterNetInterfaceState
EvictClusterNode
RegisterClusterNotify
ClusterRegGetKeySecurity
CloseClusterResource
CreateClusterGroup
SetClusterGroupNodeList
DeleteClusterResource

lz32

LZRead

wininet

InternetDial
InternetCombineUrlA
GopherGetAttributeA
HttpSendRequestA
InternetSetStatusCallback
InternetWriteFile
FtpGetFileW
FindNextUrlCacheEntryExW

shlwapi

PathUnmakeSystemFolderW
StrNCatA
PathFindFileNameW
SHDeleteKeyW
SHRegGetBoolUSValueA
PathIsRootA
StrDupW

wsock32

WSAAsyncSelect
recvfrom
inet_ntoa
htonl
getpeername
shutdown

oleaut32

VarBstrFromDisp
DispCallFunc
VarBstrFromBool
SafeArrayDestroyDescriptor
GetRecordInfoFromGuids
SafeArrayGetUBound
VarDateFromUI4
VarCyFromI2
VarBoolFromDate
VarUI4FromCy
VarUI4FromDisp
VarUI2FromDec
VarCyFromDec
BSTR_UserSize
VarDecFromUI4
SafeArrayGetVartype

pdh

PdhComputeCounterStatistics
PdhGetLogFileSize
PdhValidatePathA
PdhConnectMachineW
PdhParseInstanceNameA
PdhLookupPerfIndexByNameA

advapi32

ClearEventLogW
RegSaveKeyW
EnumServicesStatusA
InitializeAcl
RegEnumKeyA
ObjectPrivilegeAuditAlarmA
GetSecurityDescriptorLength
ObjectCloseAuditAlarmA
QueryServiceConfigW
EqualPrefixSid
AccessCheckAndAuditAlarmW
OpenThreadToken
SetEntriesInAclW
IsValidAcl
RegFlushKey
RegSetValueW
RegisterServiceCtrlHandlerA
QueryServiceLockStatusW
ReadEventLogW

rpcrt4

I_RpcReallocPipeBuffer
I_UuidCreate
NdrMesSimpleTypeAlignSize
RpcServerUseProtseqIfExW
NdrXmitOrRepAsUnmarshall
RpcObjectInqType
short_from_ndr_temp
RpcBindingInqAuthInfoA
NdrEncapsulatedUnionUnmarshall
RpcStringBindingParseA
RpcServerRegisterIfEx
RpcSmAllocate
NdrPointerFree
NdrContextHandleSize
NdrGetDcomProtocolVersion
NDRCContextBinding
tree_size_ndr

user32

ChangeDisplaySettingsA
OemKeyScan
DdeCreateStringHandleA
OffsetRect
LoadStringA
GetUserObjectInformationA
GetInputState
CreateAcceleratorTableW
PostThreadMessageA
GetMessagePos
LoadAcceleratorsA
GetMessageA
CreateWindowExA
ShowWindow
UpdateWindow
CreateWindowStationW
MapVirtualKeyA
LoadBitmapW
LoadImageW
PeekMessageA
EndDialog
GetWindowTextLengthA
DefWindowProcA
DestroyWindow
DialogBoxParamA
BeginPaint
GetClientRect
DrawTextA
PostQuitMessage
CreateIconIndirect
ShowCaret
ChildWindowFromPointEx
GetLastActivePopup
TranslateAcceleratorA
EnableScrollBar
ChangeClipboardChain
FindWindowExW
DdeConnect
IMPSetIMEA
ReleaseDC
CharLowerBuffW
TranslateMessage
DispatchMessageA
GetKeyState
GetMenuDefaultItem
DrawEdge
LoadIconA
LoadKeyboardLayoutA
LoadCursorA
RegisterClassExA
GetDlgItem
CreateWindowExW
DdeNameService
DdeAddData

Sections

.text
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 728KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d4950367a6751c6b6ad489467f0bab3d

Headers

File Characteristics

Imports

nddeapi

msi

comctl32

ole32

setupapi

gdi32

urlmon

winspool.drv

rasapi32

winmm

mpr

shell32

kernel32

imm32

comdlg32

resutils

imagehlp

msvcrt

clusapi

lz32

wininet

shlwapi

wsock32

oleaut32

pdh

advapi32

rpcrt4

user32

Sections

.text Size: 60KB - Virtual size: 57KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 728KB

.rsrc Size: 4KB - Virtual size: 1KB

.text
Size: 60KB - Virtual size: 57KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 728KB

.rsrc
Size: 4KB - Virtual size: 1KB