b3ea9a4d2c0283e12fac8ded0996251da293b02b9ddb975c311a4ee381528412

Sharing

Copy URL

Twitter E-mail

General

Target

b3ea9a4d2c0283e12fac8ded0996251da293b02b9ddb975c311a4ee381528412
Size

146KB
MD5

8eb97695b5e2dd0e1ede5da50418861d
SHA1

714d76eadcdacd5181439c2f7219419e9ee82ad6
SHA256

b3ea9a4d2c0283e12fac8ded0996251da293b02b9ddb975c311a4ee381528412
SHA512

0070146c748e48780c2c4e549ff6a5f6fcefd6426c8c41cd853c2cca868afc463d5bfd9f84073bc9547550ff283b0c24c603d6aca2d86521881aaf96755d3f83
SSDEEP

3072:XuL4suyftDcmLDLYYJQEIigwkZM7QWtcJWjRzvNNcIdlwC09BJQG:XuL48ftDcmHz7PgDZJkjRzVOqnUMG

Score

N/A

Malware Config

Signatures

Files

b3ea9a4d2c0283e12fac8ded0996251da293b02b9ddb975c311a4ee381528412
.zip
rechnung_11_2014_3280000236_telekom_de_002839300002_11_0000352899_000005.exe
.exe windows x86

ba5a3baf4c2758c3fc0e435746b2287c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ImageList_SetImageCount
InitCommonControls
ImageList_Duplicate
UninitializeFlatSB
DrawStatusText
DrawStatusTextW
ImageList_LoadImageW
InitCommonControlsEx
FlatSB_GetScrollProp
ImageList_Create

dsprop

DllUnregisterServer
ErrMsgParam
BringSheetToForeground
ADsPropGetInitInfo
IsSheetAlreadyUp

dciman32

WinWatchGetClipList
DCICreateOffscreen
DCIEnum
DCIOpenProvider
WinWatchDidStatusChange
DCISetClipList
WinWatchNotify
DCICreatePrimary
DCICreateOverlay
DCISetDestination
DCISetSrcDestClip
WinWatchOpen
DCIDraw
WinWatchClose
GetDCRegionData
GetWindowRegionData
DCIEndAccess
DCIDestroy

gdi32

CloseMetaFile
CreatePen
CreatePenIndirect
STROBJ_bEnumPositionsOnly
DeleteObject
GetStockObject
CreateBrushIndirect
CreateSolidBrush
EqualRgn
SelectObject
GetEUDCTimeStamp
CreatePalette
CreateFontIndirectA

rasser

PortClearStatistics
PortSend
PortSetINetCfg
PortSetInfo
PortConnect
PortEnum
PortGetStatistics
PortClose
PortSetFraming
PortReceive
PortCompressionSetInfo
PortDisconnect
PortTestSignalState
PortGetPortState
PortChangeCallback
PortOpen

winscard

SCardForgetCardTypeW
SCardForgetReaderW
SCardReleaseStartedEvent
SCardReleaseNewReaderEvent
SCardAddReaderToGroupA
SCardLocateCardsW
SCardFreeMemory
SCardForgetReaderGroupA
SCardControl
SCardGetStatusChangeA
SCardCancel
SCardGetCardTypeProviderNameA
SCardGetAttrib
SCardTransmit

oleaut32

VarBoolFromDec
DllUnregisterServer
GetActiveObject
VarCySub
VariantCopy
VarUI2FromCy
VarFormatNumber
VarI4FromUI2
SafeArrayGetVartype
VarUI2FromBool
VarCyCmp
VarCmp
VarCyFromI1
VarUI4FromUI2
VarI1FromDate
VarUI4FromDate
VarXor
VarR4CmpR8

user32

LoadIconA
FindWindowW
GetForegroundWindow
LoadBitmapW
LoadCursorA
LoadAcceleratorsW
GetSystemMetrics
LoadMenuW
LoadBitmapA
FindWindowA
IsChild
GetDesktopWindow
GetSysColorBrush
GetClientRect
GetMenu
LoadMenuA
GetWindowRect
GetDC
GetProcessDefaultLayout
LoadAcceleratorsA
GetWindowTextA
GetWindowTextW
GetSysColor

glu32

gluQuadricNormals
gluTessNormal
gluDisk
gluNurbsSurface
gluTessEndPolygon
gluTessCallback
gluDeleteNurbsRenderer
gluErrorString
gluNurbsCurve
gluNewQuadric
gluScaleImage
gluTessBeginContour
gluBeginTrim
gluQuadricTexture
gluEndSurface
gluBeginCurve

iasnap

DllRegisterServer
DllCanUnloadNow
DllUnregisterServer
DllGetClassObject

kernel32

GetStartupInfoW
CloseHandle
GetProcAddress
GetFileAttributesW
CopyFileA
VirtualAlloc
LoadLibraryA
GetCommandLineA
CreateEventA
AddAtomW

imm32

ImmCreateContext
ImmDisableIME
ImmGetCompositionFontW
ImmSetCompositionFontA
ImmGetIMCCSize
ImmGetOpenStatus
ImmIMPQueryIMEW
ImmGetImeMenuItemsA
ImmGetConversionListA
ImmAssociateContext
ImmIMPGetIMEA
ImmGetConversionListW
ImmGetIMEFileNameA
ImmGetCandidateListCountA
ImmRegisterClient
ImmIsUIMessageW

ole32

HMENU_UserFree
CoUninitialize
OleCreateStaticFromData
SetErrorInfo
CoInitialize
CoTaskMemFree
OleCreateFromDataEx

shlwapi

StrStrIA
StrCSpnW
PathStripToRootA
StrStrA
StrCSpnA
PathGetDriveNumberW
PathFindFileNameA
StrTrimA
PathSkipRootW
PathStripToRootW
PathRemoveExtensionW
PathStripPathW
StrCmpW
PathRemoveBlanksA
PathRemoveExtensionA

Sections

.text
Size: 157KB - Virtual size: 157KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

/14
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ba5a3baf4c2758c3fc0e435746b2287c

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

dsprop

dciman32

gdi32

rasser

winscard

oleaut32

user32

glu32

iasnap

kernel32

imm32

ole32

shlwapi

Sections

.text Size: 157KB - Virtual size: 157KB

/14 Size: 512B - Virtual size: 152B

.data Size: 4KB - Virtual size: 20KB

.reloc Size: 2KB - Virtual size: 1KB

.rsrc Size: 5KB - Virtual size: 5KB

.rdata Size: 5KB - Virtual size: 5KB

.text
Size: 157KB - Virtual size: 157KB

/14
Size: 512B - Virtual size: 152B

.data
Size: 4KB - Virtual size: 20KB

.reloc
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 5KB - Virtual size: 5KB

.rdata
Size: 5KB - Virtual size: 5KB