2ebd18eb390902b65e9c11dfcd4e9212fab39689eff6284fb01eaf436a1e6c92

Sharing

Copy URL

Twitter E-mail

General

Target

2ebd18eb390902b65e9c11dfcd4e9212fab39689eff6284fb01eaf436a1e6c92
Size

146KB
MD5

ac20fe451c7d7ba615b96a57e2820aee
SHA1

ea60eabce53e06cbee1e685f55c7ef0cd0e12b8e
SHA256

2ebd18eb390902b65e9c11dfcd4e9212fab39689eff6284fb01eaf436a1e6c92
SHA512

3a073e8e1b9def42813c166550b85da9b21bbec4dbe9491e22278141d1c4c844612e2930ccd5eb1417e0d87e6ca63b3372b8de36bd342fc3eb134c7301fb63ba
SSDEEP

3072:wcFkb1ZEVeXmM1T2O/9iU1m6djGxQpGxINS9rmHg32lYmlVGGyY:/KEoXmM1T2O/fn9vc80rmA3KYmlVGGyY

Score

N/A

Malware Config

Signatures

Files

2ebd18eb390902b65e9c11dfcd4e9212fab39689eff6284fb01eaf436a1e6c92
.zip
RG928200002_2014_november_00000329320.023042490280.0324980000038-0000006.exe
.exe windows x86

ba5a3baf4c2758c3fc0e435746b2287c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ImageList_SetImageCount
InitCommonControls
ImageList_Duplicate
UninitializeFlatSB
DrawStatusText
DrawStatusTextW
ImageList_LoadImageW
InitCommonControlsEx
FlatSB_GetScrollProp
ImageList_Create

dsprop

DllUnregisterServer
ErrMsgParam
BringSheetToForeground
ADsPropGetInitInfo
IsSheetAlreadyUp

dciman32

WinWatchGetClipList
DCICreateOffscreen
DCIEnum
DCIOpenProvider
WinWatchDidStatusChange
DCISetClipList
WinWatchNotify
DCICreatePrimary
DCICreateOverlay
DCISetDestination
DCISetSrcDestClip
WinWatchOpen
DCIDraw
WinWatchClose
GetDCRegionData
GetWindowRegionData
DCIEndAccess
DCIDestroy

gdi32

CloseMetaFile
CreatePen
CreatePenIndirect
STROBJ_bEnumPositionsOnly
DeleteObject
GetStockObject
CreateBrushIndirect
CreateSolidBrush
EqualRgn
SelectObject
GetEUDCTimeStamp
CreatePalette
CreateFontIndirectA

rasser

PortClearStatistics
PortSend
PortSetINetCfg
PortSetInfo
PortConnect
PortEnum
PortGetStatistics
PortClose
PortSetFraming
PortReceive
PortCompressionSetInfo
PortDisconnect
PortTestSignalState
PortGetPortState
PortChangeCallback
PortOpen

winscard

SCardForgetCardTypeW
SCardForgetReaderW
SCardReleaseStartedEvent
SCardReleaseNewReaderEvent
SCardAddReaderToGroupA
SCardLocateCardsW
SCardFreeMemory
SCardForgetReaderGroupA
SCardControl
SCardGetStatusChangeA
SCardCancel
SCardGetCardTypeProviderNameA
SCardGetAttrib
SCardTransmit

oleaut32

VarBoolFromDec
DllUnregisterServer
GetActiveObject
VarCySub
VariantCopy
VarUI2FromCy
VarFormatNumber
VarI4FromUI2
SafeArrayGetVartype
VarUI2FromBool
VarCyCmp
VarCmp
VarCyFromI1
VarUI4FromUI2
VarI1FromDate
VarUI4FromDate
VarXor
VarR4CmpR8

user32

LoadIconA
FindWindowW
GetForegroundWindow
LoadBitmapW
LoadCursorA
LoadAcceleratorsW
GetSystemMetrics
LoadMenuW
LoadBitmapA
FindWindowA
IsChild
GetDesktopWindow
GetSysColorBrush
GetClientRect
GetMenu
LoadMenuA
GetWindowRect
GetDC
GetProcessDefaultLayout
LoadAcceleratorsA
GetWindowTextA
GetWindowTextW
GetSysColor

glu32

gluQuadricNormals
gluTessNormal
gluDisk
gluNurbsSurface
gluTessEndPolygon
gluTessCallback
gluDeleteNurbsRenderer
gluErrorString
gluNurbsCurve
gluNewQuadric
gluScaleImage
gluTessBeginContour
gluBeginTrim
gluQuadricTexture
gluEndSurface
gluBeginCurve

iasnap

DllRegisterServer
DllCanUnloadNow
DllUnregisterServer
DllGetClassObject

kernel32

GetStartupInfoW
CloseHandle
GetProcAddress
GetFileAttributesW
CopyFileA
VirtualAlloc
LoadLibraryA
GetCommandLineA
CreateEventA
AddAtomW

imm32

ImmCreateContext
ImmDisableIME
ImmGetCompositionFontW
ImmSetCompositionFontA
ImmGetIMCCSize
ImmGetOpenStatus
ImmIMPQueryIMEW
ImmGetImeMenuItemsA
ImmGetConversionListA
ImmAssociateContext
ImmIMPGetIMEA
ImmGetConversionListW
ImmGetIMEFileNameA
ImmGetCandidateListCountA
ImmRegisterClient
ImmIsUIMessageW

ole32

HMENU_UserFree
CoUninitialize
OleCreateStaticFromData
SetErrorInfo
CoInitialize
CoTaskMemFree
OleCreateFromDataEx

shlwapi

StrStrIA
StrCSpnW
PathStripToRootA
StrStrA
StrCSpnA
PathGetDriveNumberW
PathFindFileNameA
StrTrimA
PathSkipRootW
PathStripToRootW
PathRemoveExtensionW
PathStripPathW
StrCmpW
PathRemoveBlanksA
PathRemoveExtensionA

Sections

.text
Size: 157KB - Virtual size: 157KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

/14
Size: 512B - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ba5a3baf4c2758c3fc0e435746b2287c

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

dsprop

dciman32

gdi32

rasser

winscard

oleaut32

user32

glu32

iasnap

kernel32

imm32

ole32

shlwapi

Sections

.text Size: 157KB - Virtual size: 157KB

/14 Size: 512B - Virtual size: 136B

.data Size: 4KB - Virtual size: 16KB

.reloc Size: 2KB - Virtual size: 1KB

.rsrc Size: 5KB - Virtual size: 5KB

.rdata Size: 5KB - Virtual size: 5KB

.text
Size: 157KB - Virtual size: 157KB

/14
Size: 512B - Virtual size: 136B

.data
Size: 4KB - Virtual size: 16KB

.reloc
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 5KB - Virtual size: 5KB

.rdata
Size: 5KB - Virtual size: 5KB